e998f0181db5f006b9e924a85306a174e1bf50a0854dfabe45c54dfbfe76a25e

Analysis

max time kernel
0s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 07:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c460b5c8c60c7369403cb5219772853.html
Size

57KB
MD5

5c460b5c8c60c7369403cb5219772853
SHA1

81aa73243372f0dd2f09690b7077e46777a2f352
SHA256

e998f0181db5f006b9e924a85306a174e1bf50a0854dfabe45c54dfbfe76a25e
SHA512

e7dd1dbb2ec1db7381a64290c5e0139db6e164a4d65a909076185531515c81fa2889f31be98a516615e63c6d789c3d405856c1870786d19e83c51cdd1da577f4
SSDEEP

1536:ijEQvK8OPHdsAeo2vgyHJv0owbd6zKD6CDK2RVroz5wpDK2RVy:ijnOPHdsK2vgyHJutDK2RVroz5wpDK2m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9F92931-AC44-11EE-A00E-42DF7B237CB2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3024	iexplore.exe
3024	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2404	3024	iexplore.exe	16
PID 3024 wrote to memory of 2404	3024	iexplore.exe	16
PID 3024 wrote to memory of 2404	3024	iexplore.exe	16
PID 3024 wrote to memory of 2404	3024	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5c460b5c8c60c7369403cb5219772853.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
335a9386ea665f8ef3cbb68c2127589d

SHA1
eb707195f4f48128aab8f952989cd2d9cd821ccb

SHA256
e15c456f909ace5dcf98bd824642e9ad2e1162309ecac903d4c7244de9ba377d

SHA512
892f5a9928f3068ea44776b185f5e6ca184345b2243de9a7781453a04df8c7034684925b8edd77723c84b2106bb680dfdffa12ba240633b8e7e4cba26472b098

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c46288bf2d6c01f0cda99ac0ab94c08

SHA1
3714da61722d29f7bd2b50e76697da34e1a2ce59

SHA256
520df6e98d1be13818c1aad1163183aa8404488feb8765519bd72c22f2bdd125

SHA512
7ae4849f747b50b16369bb43dff9de6b8e580f9c0afdea776fe83a0d529b7c6e138dddc53998ee24a36845d05ea5ee070400c7cfd53f321d97ffbf586854731a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efe1b274348b56d889d9adfdfdad0d6f

SHA1
c111e8328f48b97a3284dfa0c4ac78c5bf76b7a4

SHA256
d0faaec14a54567131247cc686018f675a65bbc06f65680b1ba8e4a5d2294493

SHA512
b72b67f0dd2cb80eb0807790b00c2face51ec3c30d3167c91008db16313670ed42cde1ac2cc36ec5a29fe1744cbd7656688b1fdfe7646afcadfacc28df1e4629

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
485d3a898f64eb13fcb66dda80ab61bb

SHA1
2b813f7d62673f1c824feca38d691ff04f23de5e

SHA256
7b56fdd65139cda71862c0f37aceb2b03f5b5389102c20e4390781b58e699b01

SHA512
63588854e3016cc2010f8160f5a89ffd64059a3516bcce42de528d2874e2eae1d435ee992df1900dc903770ed5e58c7ef63b2d26ec39e4bf545e0e7911d8f82d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cce9607efd73a8a2fb7f7378448688da

SHA1
10373ecc6edb06f2eb569604d150d90a57a0e067

SHA256
730b02a78f99ea0e54354ea1f637083bf85ea7b0d444caae9f30308a1ecd9408

SHA512
5b2723eb4f9e8863727fe685cb72b31092a2c8d830d945fce41869dd879df7053d50c90fe08111941f3bda01fce0c8fc916a6af94d042f321f5138431711aa18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94d97bf92c02b11866bbce29d3d32b3d

SHA1
769513af17542e4962d85033e125de9731aa1c5d

SHA256
8ec91fb4d0d2d443aeee6ad8e8b01add94c6e23450ca5b13097559c65fd50bea

SHA512
fba4f443aaf74a350221b258de3043ae194215cd3714d36918a5a462904687666ca10f4f20d38d1c9c934fc95ccb9d4e4232b3da7c59839467f6cf03789e778c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
770e12ff38371228767becd2af77ef4e

SHA1
1b0caacc655484388dedaf86839c65b76106c2ce

SHA256
deea9672b55484b31e91e4d6052655114a26067cf0b3eeaf388ae661d140ba85

SHA512
831ec24cb3e268798c0b7b30fb958880e9dea02277ed5332dd0e1ee2f3d9b59461cb46dc40b26ce044b41f531b4b1cbc9dcdeabdd61583454847390b0d85008a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2378c5921f51ff7a296cf382a28a87fb

SHA1
0931644a6885255deccdf82a4b48d769f3faa7c1

SHA256
e312cd53ddb1b314e9bfc7678f67e8067e35f1a669fc328508e29a08633f6865

SHA512
ef9efc280a4a4404945efcbb6cf51011d0f46e6c1eee75c7b5e61a7d5fde2f35aaf2d8948f90be841d2d26b3bf6eb8cfe41f14acc98ebd27c6ab0061e0b87474

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a4572b6f214567fbe8ce3aa62f074f3

SHA1
b865f8a86b586992fbb60fb54c3541f6f86d30e8

SHA256
13ca336a1d9d6202fb2d26b41bc1f989ee1902405c003b436693a53bbedf249b

SHA512
f0dbe46d6953042c6d5707d17830f304b46eb293c5d4e35ebb79922de8f26902aed55ff10c032ae74ab0ab958a763a3b65cc172dbea1c705a97d5b94b8583d88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6957937b25e52d1a2377e9f2309d1e03

SHA1
aed8b687641c332eae7ca35c008633180297c548

SHA256
9bbcac8d108a7b608341f0e27f5536b6304e1154d5995f85996ed1bdc48b426a

SHA512
6962af1b5609a1f4450435a46fd307e95e400e82b407dc403a47a40c6a93d572e06f8f6abc6065036689b2f64442b93b92a9cbfa7bcda46dadd7e9eb997889ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a504943c2ab056fae0cfeb8232be339

SHA1
b1fb0266b4cb8ab6a1ed4492759a90b0dcfaa419

SHA256
d6d9c58ffe685962eda93ba00a4d0c9a7e75dee40d62982fdecbb64818259e2e

SHA512
bcaf2d7913fc4248ecacccc9b48b7ecdbe296d0aa4aea5269eda630a81efe3095554b5e400a9ec3819c3f7afa05ab6b8d7ba063544f4811943e98e599f91d9ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78a2d88dcf38e61ad6b3769a48b1e360

SHA1
173db4ba076aed1654a56c680c84bde3962fa398

SHA256
29e45972ee95afefcfbe1f5c74bb1919253b2cbd1850bdfa439a4abc8d2d9583

SHA512
da58cb213db6ff27f28df6916945727bad893b725f90c9106593e3c70bcc4ae90de73844fe295f4e2de6034c372251d4b9fb0a4f20deed88d17e9078a955c0e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\f[1].txt

Filesize
14KB

MD5
257b1dace6aa1417fe1005f5ccf3ad3c

SHA1
3b59852e7a6aa8ede3ca027c98ad680123494fb1

SHA256
a34de7d9f85d4e04923567e60c80f4799ac34836aa64ad181b3000f426dd984f

SHA512
0929cf95cd5953c01a45496124db4f24ee2b13670916f2658c7ba5e5a93619ac43282c8bd9f40e7b3a4db2532c0e3f28ac14643d4a0c588d4ff1d5d5aed342be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5DCD.tmp

Filesize
42KB

MD5
1980cc186048ee256876a4f8a702f471

SHA1
6ff62aaf65602b9c9451ab7395d6d9ae6c7fcc20

SHA256
636fc57d62e6e5561acb1a914ad5c76d966baca40847c64e2bb2ac0747623e08

SHA512
b329bf8a6a89de73cd4722656411fc507650120ed5592559861a72c4c829110918455998afb1a4eb40f216ec1a9f08f578c528dcc7d87b4e9c11d72efe6dafdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5DCE.tmp

Filesize
81KB

MD5
6f63cccda09ab7ac042b08a532cfb920

SHA1
a0f9fbb468ac546c8c61a2aeafc89d73159b8076

SHA256
af3480a9e5db5c586ca748c5277e099f1794ffc8416a133651aab78052aa854f

SHA512
55c04cd7f8df3897973925316494a09cf4ddbe83d7e3503ed62e44f086798dc67b75b6197f216d89d51e8dedbb4716f44c7a474f133eceb272cde4a5dec1a955

Download Submit