31b006be7cb0dd403feeb06855d7440936708b4360d37eb4a1a2c74764a0eae1

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56e55f9b6064c8cee7fc56a0bd1d882a.html
Size

432B
MD5

56e55f9b6064c8cee7fc56a0bd1d882a
SHA1

19e8f2b44c1b0a4ee7b8c8463f465cdce1881656
SHA256

31b006be7cb0dd403feeb06855d7440936708b4360d37eb4a1a2c74764a0eae1
SHA512

16854dfabc2b92510cae2f8a8e396367783cb7fcd7ba05e7393808144dd938118c7e5486871c9ac7e72b2a72dea50171c6d9401af1541d16db394b0dc2dc622a

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409830318"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d03bc7ffa438da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a000000000200000000001066000000010000200000003dc35f5ec40cdde6474de5d84073742a343be0f8564a032967cdf039606d20f6000000000e8000000002000020000000e06073531cce277dd717cab43be96594ca683a71bd2ac6cb48743d920b4d9e6f900000001a7289bf579179fdb24a8b831fbb62fc977047b3b81ef2ff0e9bd181cb2995c433a8c47da2916f2bef0ae246a3e38b0505faac3c603c04e5bd40726ca2ef4078f67394ca88f28de088bed5a75047026960ef3142df8f1a9d1cf6438536d7e931ec217b282f0c4de68230a05b494475e2f73cc1bd92ea3a0444b2bcf6493ce7edc03e73f2e51a210f818c0ee4b4e54c9d400000008ae57f3e14070bc0c28a4731d9fa8247260460729f34ee9a44cac10f35b2a73892296aa3941cdc69f42932762b383fd1f642864547e97bf6134bd3ff8841d6f9	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000032c83b9a6169817dd1c73daa3e702639c0788db0d3b3cb1fdc389be74e93c2e000000000e8000000002000020000000ab62f550af22ed56254c8ec9d614af3419cd02f527235e05b81fd32dcae4768a2000000075dffed0b246195fd5e1b8622cef4fb5bed80194b611780047bb2bba270e6761400000009e1aa6f71bd30d6b0a5fc08245753c13388de5a4681901b2075980550e991cd5263a3a07f91aa3c2fc4bcfa38d0b243062adb9c79fb564dc0a1bc2ad62c980f8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{30A4EFE1-A498-11EE-9610-464D43A133DD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1740	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1740	iexplore.exe
1740	iexplore.exe
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2864	1740	iexplore.exe	28
PID 1740 wrote to memory of 2864	1740	iexplore.exe	28
PID 1740 wrote to memory of 2864	1740	iexplore.exe	28
PID 1740 wrote to memory of 2864	1740	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\56e55f9b6064c8cee7fc56a0bd1d882a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93c77760fdef5fd5f861cadea8deccc8

SHA1
31f54ad639755c996fc403db8ea8d50259a8f9ac

SHA256
c7066532571e7301ab59270ff9b64db3ee12be54e06ee988bf8f7b6e17ac5a8e

SHA512
66a90871d0306f4ecb466101c9494eda9333ffdcc1783920fa910aab00613161aed6923fc90a2c49891603c9e069e4f0d4be0bf140c9566d807ad9f83d88f227

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
284653d2e3dc60387f20c75056663df3

SHA1
86ffbd0004888e390c2536d0e553df19a1d1f4f3

SHA256
2b19e673a60198ea8fcc2ef27fb67b4ad6de342e3e51c188c2eeb9a261e73096

SHA512
38d2f2ad39ccb3cbb74888a256add83cff860e5b22514d3520b88c7523cd09ea944caa54c3bc8947324902d6ea17562b8c57cd54664b0f273b18e7f4d3c2d692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af18abffd1ad42b1cadd9cf07ea0b30e

SHA1
7d63a47675e8cb1fa25ef27d15fa33cdcaaf8949

SHA256
952c9034a472a6350bb5211ee68e322db1422b6c42d8282f3b5f3799677ceaa2

SHA512
b8c450e8bb197c48dc5a78ce3d91c1c6ee0448cb6d5b28024746c72762ed52d0edbe5c12c6efdf3aa370fa3d7e9bda4911d0abf96f2fd933b61bd35efedfe988

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d86035c1bd0d3fe5a69c5ffd63f73d5

SHA1
27baaa4d47d634c11947858c30c9cb18b457262e

SHA256
e4a46cc4965bcf0662623a85c0f2b46ee9002694f3d4398bcb41278848375599

SHA512
0763164fb6a401dc141e7d4268e6576f3478d7e332d2bec3304a19071d3295f4abbcf18d480a866c6274bea4ed7e2724d6c36f480f75739e1661c015e4afb668

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
203c52e5e2e356778223bd516e07d547

SHA1
7e56bd7cf6051546b129629a330cfcf028e860a1

SHA256
a3e54642ea55b4f80e4fb4f3dd854202efd632e21d20983ddb5b9ed193fcd8d1

SHA512
5e427bbbc385d3928454e7fd99fa663f645e31366c202b381fe85234edc006943c4e68baa0101bb1b77e9dbca9e91c74e0ceea9c8cf84e8d706beda281e44df2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad6542bbd8c73e7c22fd272ccce27c84

SHA1
6a9fc7e4347f74c8133ad605f40ae8f5deac2829

SHA256
404801403c2f9a21797b24edd9b31294b551bcbdffd0af8320d3e433d56d9a98

SHA512
ff3e5c951225126823e12e248d35265c2e3677a1b83efe7c55953f97f7c014a223ce1763b0286b17ae1da3edd6fb951c8c1318691a32c1621d0ca92f5ac6c081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46c219e0757eafe90757035523e0b8d0

SHA1
8b52737430ce6bfa095935b066dcff8fc263d038

SHA256
132c7d233cc89de7b6bd4155f94dd922fe38136b9f201e190fe671fe05ba8f35

SHA512
e13be0b7c5eec75801d7051c1f5aad78a578ab6855a771b8242f2cc646c6f56b7285e044699cd653b5f48e52e279a82de77700eb01041e63127dde58506c2feb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbfd3fc87b326eaa167034c0dc978985

SHA1
cde071c97febe4b17983017f40061416e897e65e

SHA256
690e423b940fdf7fe3419758d11524c64fe6fcd2440bf1d6aa760a5515d96d31

SHA512
054c0446ffb9c74ac853b626400948d18949363fc3d98b66182b872a887fee8292315a5afe1e3e684c274cfe58585f888e51caf8920f9b84e2d58e9eed8ef5a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c9667563268b8500c990a927ab26e6e

SHA1
38c2ccb8372aea366a66bf3e5306277f3078270f

SHA256
0436f8e94055c16838c48fe34cd61b23572c28b8234dfa380e8b520a8f1ecef5

SHA512
1e5ad4d7493f0de1a273b49bbc2b37b9ee3ddfd52ad768ed147428f97c4b838c6ac039798bfb0f5962e70ece7f497764193113d730260f1a68b582a4f95c471b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04b6ae452edf01f92012bd5be242a1fa

SHA1
3f17fe61f772ab65d7e3ef0ca99176e2f2add8d5

SHA256
f9addd62b4f871b5fe246c6de33da5e8a4141393cd650446d1af9c487982918d

SHA512
7325c5b7547125dd1db0ebf903727a89b988683bc6678b8226ea76f4fa73c33e325967934e0e06e29b4533c2a2961890264995357cac63e9d7fafae2de3209fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a57653d9d37fdd4424f665b4c11efb2f

SHA1
bdf7c932d7373006e69e89cb4890ee5d6a287b77

SHA256
7f52607c98df893209e2312f6259c7764aea5d24ace48fedd6d1390a8f81700e

SHA512
29b9e630b5ae32c5edda7599ce3ec89ccf7e4dce014c19d6d2390c3c30398e15616b5c2460cb016f46debe004be764d9e632e23079e8d289646fe6ceeb2cb93c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
fdd03339e2f0a80123094e907eea8902

SHA1
16ba52abc2a007bbb10cf52a8843e08aa2567e1d

SHA256
5aa51f82e7a112381531791edec0e4026ba642b42827a919439e53685253c301

SHA512
04a744b7c797c6a5965a6d942203c3fdd936b1caf0597e931cf51c61c27cf6e4995f42fe6346b8bc846c89ce78ef1e0c8105306c205abbadbd37215c713450ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

Filesize
5KB

MD5
0e2193ee74fb7fef88d5d0ff42e3f768

SHA1
b44ff623aa48d9bfad460dc2449203b1bcb32032

SHA256
7d9df49b62b0e484a9faa8d5293a3b75f3a0a9cf5e99cdffa2fb74b8e61c0a94

SHA512
1b5eb2a21928a6430c091dac3dd1b1fb231907ef0a662856719086b6397a1fad2f59a27a141ff2fbee203e8689375b6cc3311dcb4f55f143c86de5ef151b1ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

Filesize
1KB

MD5
c6dc83c740ec4462dfc84b284689014a

SHA1
6e62d67776c5f7b43d4ac374208a709eede8d535

SHA256
d0b751d299a606b6682b4305f1bcf9260b87d769fdc40660b355de92ef99cd39

SHA512
151335cf0726846ede87cf46712c2de9f856600773a9e4ca7fba431173548672ba3dbb500cb912f243b6eeb80e3670ba7824fb76b9aac9a01a24425e139a21b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\favicon[1].png

Filesize
3KB

MD5
a75c230f34b9296e6fdd8b0b855df5d8

SHA1
e0b9e32053d44532fb4e8bb55b54c3211965517b

SHA256
8adba20b1dd9747ec8ac6ed5a26a8dfbfc7ab82213d8051b76ac771c76b87920

SHA512
950b94afc397ac760f38f4c68691bda6b541832e1d23f496e36568def2b9f9dcb6984c6a42ff6b5abef0e19b76c37e40baab22e9dcc9360091b609333029b24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab71F7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7296.tmp

Filesize
103KB

MD5
c1daf02315640c25bbd941b5709cb947

SHA1
2638e4d524d97669f066b33c751923679b3e43fa

SHA256
c630b6d42f8627c1e5b2a25fff0611b164472d4b8ba4e9405410c73129e17dde

SHA512
0790e2ce082320c35eeb13b28e00aeb05baaa72d1c1255ac091f140a3ce599efd46d578f774098ed377f40b2b4de1f048dae3cd13ba83dc5687c3e31a6cd1564

Download Submit