6e4172daecb4c518a1fbd4466bcd8d7a32cd641778d45492dff5e5d419eec91f

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55e081dc4e58237a0a9763486336de12.html
Size

76KB
MD5

55e081dc4e58237a0a9763486336de12
SHA1

68a9463e47855a50e398045b4a9aef0d285cf808
SHA256

6e4172daecb4c518a1fbd4466bcd8d7a32cd641778d45492dff5e5d419eec91f
SHA512

3b21b84131056f0f08ca92592429314a1a703c7efd312c84727ca1b8b0f5769bb820fbd7dfd94310d7cfe98c61915c63d9e866dcd8103bb4026baa1d3618414d
SSDEEP

768:ZnmFobitaW4Q449PIYH46e2csWgOae6VPh5hwLBhNvhNVhshJhW9LKvh1QhGAd99:oFobuaW4Q449PBH9eXjgOac92f68HGIU

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8AD24A31-AC18-11EE-9610-464D43A133DD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000d28871a29805779706dbcfcab5dffa2fd2192833af915c2705b2754f94642b3a000000000e80000000020000200000002a32a10b19d349dae2a64cb30e368540e99e35c3a9c0753ce46f58797afa6f3920000000cce5d1313025ee7d41babff4f7920e12f24156f5c5491396ea225acaf18601a34000000024f7b2329dfefd6ac8f11560b1e86cc4f7cc6dca3dc826e0275ae2397ae753b8fc95c9f43062949eac7407532544913cb386f7e1fa4b26346b083461bd38ce59	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410655075"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02b46602540da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000857c88a68eb2436dc0ad61f13beee754866dad5f0084ed9d7b79c532802fb054000000000e80000000020000200000008797ba8179d20783f284dcb9740dd1b55acce801354a9610762f0656c6401c9e900000006474b722ce88491e39af941706a163bbf865d78152637126328450b9f342232609c433440391d5dfb0605295b54f9821e90472182cb07cb9c32c86e86d297888cca6adba82fda494d39edbbe88b2323530eae022dc744f04289f892577f08abbfef6ed9e2f07a2238ae436ef6703dca478efabd90da5ed75c385b31d1e4369ac57f4f838ce388a8911440c13f19dccdb40000000c96e65a478d6acdea1c7bf763c01f904d105df41b61436ea3a2063b5cfbb5a16f1081596fd9c6cf5ab818e02c22b1c5109011e987ab3a30945bacc378b69e978	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2476	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2476	iexplore.exe
2476	iexplore.exe
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2248	2476	iexplore.exe	15
PID 2476 wrote to memory of 2248	2476	iexplore.exe	15
PID 2476 wrote to memory of 2248	2476	iexplore.exe	15
PID 2476 wrote to memory of 2248	2476	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\55e081dc4e58237a0a9763486336de12.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32e879ea3ce70552048b15fd1ed72795

SHA1
c2d21c597f538370a4682681339f0ff978dcb15e

SHA256
f250238b15719d9d82c7ca1d14dd04fef8ea257000cb469d418166bb42ff688e

SHA512
7e11cbb721ec0c27d5a9d04e53352feb7f60b1c5637d93453fb55bf580d12d551b8c7dd16f09159820a557b465403e9c01f4fc0389192746691142bf6ceeaac4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6e19674498f9713fb6498bb5fb18cdc

SHA1
56cfbbe6339b0644d1de2f6df1cf2dce340f6186

SHA256
862781184fa2ba259e14aa48f1f668fbf7f0940a6322fa71fb3a3898cc0d1dab

SHA512
981fd17f91b8445b4b26f843952d4c5df7abf12ae217b720e3e0c918d0ffed8aed5afd3f3a08fb4818589aadce164306e8740ad707b776797eed845356a93d21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab538F.tmp

Filesize
12KB

MD5
6dd000cb614d2bc545c6df81876ae7ed

SHA1
6c4df8577d651c2cf854dc59eed1bb04b3ecfb75

SHA256
b4c90f1031f6add98d84d12e7871cce9a9f98a08f78285ff91680453f24a7c81

SHA512
d8f9684ccaee6b6623c4edb9b869f5c9b6e81e4f75d0f68c149a0cdac96eb1a0961368b94290a93e4502ce6df000f46560ff4b2c38fae794c6dfd02e1dd389d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar53A2.tmp

Filesize
1KB

MD5
fa527dcd6b5eb05e72fc51570a2a6608

SHA1
3380c5ef74408265fba2f67e790636d0ad0a51cc

SHA256
4dc7a4a6cb3be2c334a27a49df89f18f8f91749fe6aa1cf28d548e0e0c75ce3d

SHA512
05c0e217c433949cab210102a26ca7f6a765515b228b217e25c7409408fc167b5a59a8494e1181284e9ec72849c90288f3a066faa284e29d871097ec76291a5a

Download Submit