bab8715ed97787d9fc82e0de8ca2e808dd70d6b62a1294f6874e63b719aa6806

Analysis

max time kernel
0s
max time network
5s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51065423c9615651890d213da146c0b6.html
Size

33KB
MD5

51065423c9615651890d213da146c0b6
SHA1

09938c6a8e264ad35778947f6cb31d4f6990cb6c
SHA256

bab8715ed97787d9fc82e0de8ca2e808dd70d6b62a1294f6874e63b719aa6806
SHA512

4d23d0d2e7bc18586f21e03aa06317a850046909524b5f471f7425ad5f8a6a03c648c9d4003eab5a3a8c993e5fec0473af940feedabbcc583295aa2e5aa86ae7
SSDEEP

768:UhVIH8oa3omoly1M6Cy9HtceD6ZWolCkyPB9uAy:UXIHg3boly1/Cybci6oolCkyJg7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7456021-A481-11EE-8DE0-D691EE3F3902} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1680	iexplore.exe
1680	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2284	1680	iexplore.exe	17
PID 1680 wrote to memory of 2284	1680	iexplore.exe	17
PID 1680 wrote to memory of 2284	1680	iexplore.exe	17
PID 1680 wrote to memory of 2284	1680	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\51065423c9615651890d213da146c0b6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
  2⤵
  PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
56KB

MD5
8aa0707e169e1836df58974bfd7b67a3

SHA1
65816ee0ef9c96b733fce237cd5273eb66c4923d

SHA256
500ae0b27ebc6dec60dc0e46d6bc58f2114daf1d2bdc7d465d6b7842a85804c1

SHA512
a43d5d99f6b8cad64025f47a9911ae3e8c74d2e0c8f975db46da75b263e06edf73fd8f7e243367760369e6b4e64a197d317295c900590e1d9f25cccabd0f8c9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
00dfcede93e66b869f9983f1dad60261

SHA1
e5d6162dd717e0b8b1b8390e5ece02c9cd7ac02b

SHA256
fb7f68aa89364143d5d56d8dd0b6f47c84f7b8337ff89b7644dcb4ffdea928cf

SHA512
8dbd41420290ce018a9f1359b6ead95b1408489ddddcf94c5b5f6fb2fcb81f52a7d1457e900c10efb7b92af5fcc06b6cae308444b79dee1421ddc4a890884f94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ba68b504b5450d17b929e66c71a7c076

SHA1
5d4807b570086a260e50a5bd099868bd37aa4c93

SHA256
9489eafeadd55e7e6cad4c303be6519b7c9d3cc0467033bf5066f1434707fc5e

SHA512
b375c921eae1284e9c7af6358a741784dd6427ffc5a20e66e2fe903531176b9c124ce3140fe7bb955f82f85a2306ca4d70a181cc77cccdd0a5fdae3981adbe44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1540403dc16e63f731d9a1d8a96e4bd

SHA1
04431a20a729e51df282db4dabe7527fed3b1ab0

SHA256
a77974e81134610027a79dc91ec4a366bbd19764f1949c7c17ae2b78a12a3b36

SHA512
ba66e8f3252ef0493b2b92dfe0a20e1be7754e30c6900547450d085404bd389bb7fcb8c6e754a946187a029d8f911fa478c4dc88d24068261cb6322f14f26073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fcc73c6ffe7fb8655cf3f937be0376c

SHA1
1e2bd9e24036c8efe227a4cb9c54261b8030ea7e

SHA256
d22d6b8b35cdd7798d43d9302bb472978d2375cfcafecfe21b3c7acfb77b3c52

SHA512
ca478934619042d1a9287edf5bd512d34bf01f5a64452a2507a201f20dbbc6b417c52356b6df7208a8123db989b39ee1e73967eaa7d0207cbff818e8dca0a4a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5eb069f4c8dd2ccefa78e42b08f19f93

SHA1
f038ee2eced480b9f63274d7d8010ca5f86bab94

SHA256
b4fc683e4504024fdaba7d542ce9100d17ea3cffd2464898675e8fcdc200bc5e

SHA512
1789065556861d02c325418f21db3b3539022306ddd28371c2b5ab59c613e1137460cac566fca5093168b143f61eb784ca9349845332758dceeae3c2fe4836e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7f3a2e3f454770146f26378836cd6b9f

SHA1
5cb3af1c5956d0dbc7a01717795d197b0960dbbd

SHA256
0e0abe9229091a2d4d8a3eec49f9d53d138e6da56e9eda18b25521c10e7fa956

SHA512
322829643b52ca72b660434503ee0bf80be5db35cdb33697b93d997c1d685381aadbb0494417ccce2e744fe38255cc8ccbccd0bc4757ec2fb0e3f6b079efd3d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
1KB

MD5
7125f45e2b64561340f80f2df51ebda9

SHA1
82f3193a53474a5d83b4ba627d61ec0197cfccfa

SHA256
31054f95f3353639a6564567278cb431718fbe3c9bbf1df6a015ce5b0626c31b

SHA512
becfa9c67a6b9dee5f30aaf8b4a8699b2ff4af652e86fa80e55136f7844863bcde12249f8531ac8aca085538d568ee96d15223c8d332ad2edd9dc8902c1a6a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPPVDN5A\cb=gapi[1].js

Filesize
1KB

MD5
275578d250b3005253a6bfa9c4dbd929

SHA1
c56260cd670566195108f6a83036ca885192e250

SHA256
0800e11c8d4f187eb9ae698d6c5a00c845689bb4c4b310c869ca5203b181a7e4

SHA512
b491bdbca1bbd527969321e49ff07570a90ed7154e22a3786b74817b5f9b11f359bbda127676ee69c975e5da73cbd34f699d6e921e1bfb45d1f9628e76b9b4dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1193.tmp

Filesize
32KB

MD5
8e94d97756da7eeecbb1676ba6c929db

SHA1
8cd1bb1e72718599e6479342da9f9de6dc06119c

SHA256
aaa91b1dbafb697621beafa8e4d53e9741fcf8dc454ef95aefdeb537718763d9

SHA512
238d54f7c345d15be5cf0125c4efe2afb1399569cf828412fd63657c4944aa1ac79d6c497a2b854d1a99127dd24f8564b7cdf31cb9c6aff0675cc4a162109659

Download Submit