e0e99d9157cb261e90a642b4b0ff3fa713bd009637a6321fa15a2a1657210c46

Analysis

max time kernel
64s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55d748742aa7f335b35b175e63ad867d.html
Size

58KB
MD5

55d748742aa7f335b35b175e63ad867d
SHA1

7af4632200cae6f8d226112d5f0a0af720f5f8de
SHA256

e0e99d9157cb261e90a642b4b0ff3fa713bd009637a6321fa15a2a1657210c46
SHA512

41c9212c5bc4dc05cd6562ec324ba5bafc43294b889b627f2cf1b3d4bb3d2bbc1d737c9337d7812b2e33b6c470db5b19b08ec22eaf8299d121716c3baf66215d
SSDEEP

1536:gQZBCCOdZDkUZaiT37//FMze3MgLy17TDJ0IxCKU93+CfWBwFD9VFDetymSIf7fd:gk2/DkUZaiT37//FMze3MgLy17TDJ0Ip

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B42A8C1-A494-11EE-A68A-46FC6C3D459E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2216	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2216	iexplore.exe
2216	iexplore.exe
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1748	2216	iexplore.exe	15
PID 2216 wrote to memory of 1748	2216	iexplore.exe	15
PID 2216 wrote to memory of 1748	2216	iexplore.exe	15
PID 2216 wrote to memory of 1748	2216	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\55d748742aa7f335b35b175e63ad867d.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
429af05e5f395dd26ae7337f971c372b

SHA1
92dec6199de4ee272f1fa15963d3a98e0023e241

SHA256
602d54670ae9ce22c672f75adedd70c52827777f1e072771f428d819ed68a963

SHA512
2d9ee322b58cc1bb09413371b34fa6d92abf231ba286a02d59792920f23c6e5e70d783b6b6bc23b8826c4586f9f008cd31110d00716a0e53b7c45fa4df7dd50a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
927ba908a6884b4f0815214b4fe515e4

SHA1
3133ae379d9e435558c204b5c5f3ede45d756498

SHA256
5917c2d58c57378d58a225c7be82768b9798bfac7a5bf0a910e1d741d72a2085

SHA512
5915e7ca4191ba1b6d46034096f83b32fb57151b17800ecac5c176799964c654caa7f61eb503966a80e7f8b8fb9550b3921be1ef49f28b2236d72140c3e1157c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7edbefa036470e4f323af532a448bb44

SHA1
be25bc23b04b74b56e07fb92bfa0a5e70db8e103

SHA256
c168252d2f32388b038d0174e26e481a084e69da74cb7df37a89dbdfe96ae041

SHA512
9f5e3dd31fe359fbaa4de84dc4b8e38fe300760776540a639b234399e1eb5fe0ada85f942166761e7cfb6be6299b1b780a249d851b553044df2eb7739166eeee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6345e26e995383c2740d4642f4c28eb1

SHA1
c728311e09072dc8055b03c3f355887c43e53ed8

SHA256
4a810e4f3b95a9e84d04926499784557a6b1a36bd517f9fc827178c93667931f

SHA512
05365f3b80c9166288ae11f823403947f0b5a06e25e1d21a9ca0b661aa8854fce3f5aaafa397a5cee643e941a0baf540d80bc328f94a245d1462e8784efc7a13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
087e887ac49a66a3d9a4d31638b03831

SHA1
c4185441772d2993a3ca6e59f25d2bb6a5f4a6f6

SHA256
bbbf2963209f55a4d476eeb5566d9d0fa636e0c5ae2e34338e6333b51b38880e

SHA512
1158a183a19bfbda4a4611ac1a2cecfec3d28779003898ae6ec8b798fb1d57987c2adf3d272349eeeb462a029eab3f98afdefb5cbf379e2dac150228cb08cd8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba849c23e10edbae73296b0977a6da58

SHA1
7151b625cb1988e80eb7ecac0ef8a57320ba5086

SHA256
a8b09135ea7f1908e23ab875b9d52b3728b268fa16e967cd732b6cfee00dc913

SHA512
038259a1167c692d96acc7877d74bad118d04c912a5bd43763f535ab84b7f87dda4c814f500b9f732a43eb9ece4919a2aa6d2585dfd80d805d4995035002e7ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f9a6d98f62d6e711e19bcdea427d8ae

SHA1
041d8f977823df2267fa7ed5b9213b0628ee9fcd

SHA256
54a84671d472a0ba6c64068d05d3fbe16b4625f6c8b69212b7643bd9ede3b068

SHA512
232e12d51f246e90c31afeb4f4f535bb37fd2e0ba67a1611e9c33a091e96e538d9db651f4e6ac5cf6076da00224746970ef9eb3144581e93ba0dd0e102710fdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b937fa08f3d3ebe4764c4497253bdfb

SHA1
c3344957af82ed3153795558ba702331597f904f

SHA256
2f5dd00788defa2b84925420c01b7df0173b14fa349332eadea2648c4b3cae9c

SHA512
a9162f66ef9684f1ec76649f3c7aaf47b8135140815259a3e1169c4b99c876ddcf0000e74d4e45460e051b40c309b95f8ff2aa903f93618aa743b04cc64f6418

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ec4fd822bd6010e7aae7dc893e5c8e7

SHA1
aebf9c83001dcf1e7c2599efee9149f8826c5601

SHA256
c223e15877caad9d3d679e9e51c55d5a9d080c7b598819c012f9621f3d0a87a5

SHA512
9256ff6e949c74c6239caf325400ecc8f83bcce90baefbbf847df6ddc53a492a3910b7ead383b85420c9c3944d7f3be35b3bee63c3153f44c67ffa85d4d9f4eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b51a5859e672c618a830155d963ef2a

SHA1
46a40c4d250956f1ecebed9519ccbf61a32f541e

SHA256
f1b4400b1b2c26ac7152f6abda08a3b3d9e850cd259905f7afae09cce6d2315b

SHA512
a90a71ffaea8b35cbc6dab3bd3c9ce376314163803b1c099c5e473918828121fd3025107825e7c51102640b4b2ea3f8a10ab2915dd59251b7511dfa039c6363b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4b4df1b2636129464a69928ef8754ec

SHA1
2afeda16ae6f6ed67faf576703894b400be53151

SHA256
7bef06084b1e2302b0d249be9cc10a260e14cf3f3576a5d483d34a9b645072cd

SHA512
9ea4f971f84625e7eac51fbb7b8e47b018d37d6dd38ec89dc7fb3c9cd8d26bcc71b72e60021e6008509483c03ffcde03c7cdeea9966bf6fcfb5cc1d57013c81e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7413dbda3668c664bec98d29757c1ca8

SHA1
1719f7b42466685fcbb73b3bf7b67a45c49040dd

SHA256
5205e1773787376dd5122e909bcae39968e3b56eba45ce71969d8612b0e697a1

SHA512
96738c8287844eb15e4b3582090a4ccb2ceab1cdc21e3958b6bc6d041bbcfbed9dbc724b154d19a7977f004137e513742a729df713fa4b6b41066fc6e20c8feb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39fe478dfc46aeb1ed71ea61fd9175d1

SHA1
dda7f0495406138b6503d41cd2fb7647c0307c80

SHA256
da1c86e0fdbfbb9de5a7c7a8dfba10d13b3be97b15fb9ea5c576e380a913ace0

SHA512
79dba33a764d3cefcd3e879a6b53f96ef7a1a48e1454c9eb9b81be80bb75a173b3674947acbd5ecd718fed11793bf0168d05b75e5a352dcb51947135755df05c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
11e94e729bb5cc7d7bbbcc62695b78e0

SHA1
c9bd98163aa42c62742996126967d78f303afcb3

SHA256
6a7aa2394e009363c10b919ebe701f3f7ae466489f7cf58723ca560447478acc

SHA512
d9652c45665c1e8df259390f026ca594371b37eb0451e19551f3be15264351097f20853e5ef5044d7eb13d23b2682b5aaa98f89c30a05427ebb9ad02e4915e89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar408E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit