c6faf04f1209f47491f534167a79d7006d0ff4d2ce728138d38d70dfc8766ac9

Analysis

max time kernel
0s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ed98937d283c64b1f40d3e823bae755.html
Size

2KB
MD5

4ed98937d283c64b1f40d3e823bae755
SHA1

3d627f4f81d913e9c87da0694eb17c8826bbabfe
SHA256

c6faf04f1209f47491f534167a79d7006d0ff4d2ce728138d38d70dfc8766ac9
SHA512

d3dc658a09a7abce1d4c552245efdc401ac436e8c570f989aaa3803e47a7ba2251625a42a612b880706cad15ba98f68a926c81fcef0ef0943951c96df586c194

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3CC91041-A479-11EE-B0F5-76D8C56D161B} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1924	iexplore.exe
1924	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2208	1924	iexplore.exe	16
PID 1924 wrote to memory of 2208	1924	iexplore.exe	16
PID 1924 wrote to memory of 2208	1924	iexplore.exe	16
PID 1924 wrote to memory of 2208	1924	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4ed98937d283c64b1f40d3e823bae755.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
  2⤵
  PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14644914b99106837196863625cf94b3

SHA1
ac6997ac946a35fa4b5d1246941c38191d89e2ed

SHA256
5ff1340d64bf90e46818aa2d5c5f2c410f0eadb09918f27dfdd1f5b0b0aa937d

SHA512
dfa08b4cc8d65f196672a5318566af47e26b6fc06f268ddc9b65a046e649601bf4881567963a587dfe622428ae565a80cdb99f9b7cdbdab73109290550e1a1ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17309d25e49521702ef0f8574761261e

SHA1
37b6de50f59bdfbc310af4795584c0b064496cce

SHA256
eb1c854411719398bf77964a94f255a59026b7c691d6ea8723e29a74da0df464

SHA512
6da20fe657124ced5f57fac4714133de9b868ea82b1d33771913d221e61c098fce7393b4929e9531741fd6a7b42eecdeeb2a51240e6dedb098240e492f93c01b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37d4a5fdb8d722cd244b2a8ffce7a7b5

SHA1
01fb195b0c45b540bbcfe6048fdcf90eafea2a66

SHA256
94145be07a4f08cd972778193413c2da226d495a887b359eb2a3d41d04b13efe

SHA512
009c55e13245ed446cbd0fa4dab939b8255f1a01b8af84ef22177e992576e5838cacb2e89d0ecdba37c4f9dfd989ebcba07491cd40ec9fd2645f462b607cf243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56c23a51b86d1fe519f0932cd295fd63

SHA1
0e1ebc48633ccc572cf80a4e65badd1e244cc6a5

SHA256
9f66279061b2dc29e71c5afb4dc000c657304e572efed2877e5fd9d04a3ad0d3

SHA512
dc08c1a115936a5bcd091ad62437e6e9a65ae6545c40c9d976475756ed40a3b64d16f195be6afc2690f919acb17a18bd56c3720b79800128a785114a4a65393f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0490cae4e6c5e4d5565f8f6bd6ad97b

SHA1
721dae02623aeb22d4c28d37684c039b9c94a368

SHA256
ef29bd38331dbda586a6050db9529bbbf42d9e385d8768a0a15352757a6d92c9

SHA512
ee5c157e96cc80d6fd10669819c948d0299b4bfd351494c83bb55486ed4e047c243c9c193c4a187965297abfef2d3709ae621dd6d24ea4f00968741ea12b9dd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64a79f6d226981dbd68cc042f009b8ba

SHA1
f165d98d2ed6b93aac2c47e994bd5481d0f81f24

SHA256
b00c025146f378fd2856cef0069b5f326d0770ef72991379e5a891c4af61fd36

SHA512
fea2f6e2bed97c86cc3c0afd06431c0bbfff20a2b1336e0248493d5bd6a3657659770758c0f221e55be8e83e2de2b8921b7cf55b6a91d0cfe297d6b31711c92f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbe6ddc03c5615ae5d243a7239e5ae8a

SHA1
8ffacb870ed1aa4efcdfb0d99c0b3024bc49983e

SHA256
6caff9259553d1ec55d8bd1fef290b9848a3ba04a2ae9abe35caf9e102fa941c

SHA512
ce80b3b0b87e13d5ca4e48be8fc85be6c8db6fe747fe23efda1c9d1331107abdb5bddb53e25827200bd35c1d3f946942523f787fa9064bc1073bfe2844d664f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2ed6ebc3cc55c5ce06f3dbf04601ba6

SHA1
a3d67e0eacee4bab1d0de0208997b6fbd469c518

SHA256
d94812d49ae23c3eb47843c0f98e75deed3672ce2912c2c4a930dc20b9c94456

SHA512
bbe90532214f2a34441777b28139ca2161daceadc873a9fc156ca572e700c7e42fb3f1d749a0062c42c471b2fcb0a7a0ac656006616113af1fc0b1352e5df1ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da61badd501e0c49ded729b177014e33

SHA1
f7229ac09d5a90d91db11212ad24c36cdb9a3be4

SHA256
729c4bccb2379eb4bbbc8329175811db90701cbab6d10ee236fcdb0d9b1be449

SHA512
64c20c364d9a96192c23d321e8a3fe8d2df05a75aeeab31426d9a4b12d8ae06ad0a4585fb5a8bef05d38900649f0bca7c09bef2c5cd6f5366cc0301b4881a544

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07701af0c6138cda9b0faab8e7af4e06

SHA1
1eb6064d6c7c6a1758177024b4aa7aea9d3c394b

SHA256
5282a9692b8911e10225f8faf9a0274ca30dd33d99c3c387ed1c3209413346e2

SHA512
645688342b2ef5a05dd5f34cec4d07f1e25deb16dca5e6b1700f2fd7338eef3fee9b5a866a56d0299091bc74b0a4d98f83ac28c7323fb66416dfa1508bbb7d18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e105f6b6528e0e93a473203382f0d78

SHA1
aa2d5ca1066a17c01c2d1554775115269c083b0f

SHA256
5acc70ca64f709042fec48aeca393a0f50642bdbb68226c05c7d9f4a6daa7399

SHA512
bfeb2cf1163845df71cc8721852dffcd680f396c5bebca55f3bd611695af84370ec747cee52b6e073c93983d89cc3b8b9fb9b92e256a0e5835661e82ac4a6573

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2BB5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C25.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit