72a69d426ee542018ca471887b0e066c5a02f93e00eb86b43ddb314a0aae6ba0

Analysis

max time kernel
62s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61eb1f82c2b4fc18ba839562629d058c.html
Size

15KB
MD5

61eb1f82c2b4fc18ba839562629d058c
SHA1

c1e0c10aa69cee870aa2978ead82f2c543e625ae
SHA256

72a69d426ee542018ca471887b0e066c5a02f93e00eb86b43ddb314a0aae6ba0
SHA512

2fd289afbade35026e342d2375accab4870bb09185653bec473d952df8a369be591b4f704d326e5da25717c6735c543aa48aeb2a3301b2ec19ff1d55b8aec1ed
SSDEEP

192:92ASa2q2Q02R2j6Z2K6n62c6Cu2TIzO2fI292BR52BRN232yc2q2wG1OnPf2w:bSY8bCEzCRqRXG1oPp

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D718E4C1-AC64-11EE-B16C-EE5B2FF970AA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2716	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2716	iexplore.exe
2716	iexplore.exe
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2652	2716	iexplore.exe	28
PID 2716 wrote to memory of 2652	2716	iexplore.exe	28
PID 2716 wrote to memory of 2652	2716	iexplore.exe	28
PID 2716 wrote to memory of 2652	2716	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\61eb1f82c2b4fc18ba839562629d058c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbd2647f009baef63c3412ed39145230

SHA1
c85675c76162cbea269103a8b8f64f98b9e52e4b

SHA256
684b3714fc6129b8a44c6a7ed9bf2c8ad18bce585ee8e3a2651cd71e48248a05

SHA512
8b305d79ecf4e10886bc08dcc465d1473b9a2efc5bfa70c21e84e78565a7a77a5231ae33acb8fe0b598fea10d497abf59a23a937691c1493fe94e24477bf913b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc806619012401d30103a9cfdf761ad3

SHA1
06995e736135c1dde185c91893041358b3b4345b

SHA256
1f53d71d03eaa973747456d2e1433c186b2e5c6eff16e22b86479115cc924084

SHA512
916d1243f81c886936ed30eeb455ff807938d9699fce65a9c26889c218e8c3a1a44836049dfdf60907988f81d711681141c216c844dd667f076a11bc6e5054b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b15e73c3af5e17e5e81d1191456d485f

SHA1
645683ed5f7171b52931b4fdfc2d124bb09b5030

SHA256
8641acafff009924fba80cc0cc8a062b8d583aec9972e4f1bfc7bf910c1830cc

SHA512
0102b19844a89172e04f1e5fdc0783f12d4521757bce8a0653018d00ecd2f06aa2d516bcdce6db4ab674de573ec27fca9a6cc0ad09b638d452d3a01606a710e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf06735ddb39b67105a8b8e9fc2faaf6

SHA1
d7bf33558758697f5445cd1f5b366bdccfd3f47b

SHA256
11fcbdf73041e25a733ce1270b0ca4b52a9438a10932be45e9a58f0d9e38f1b0

SHA512
62e0bc73754527185d2062cf2eab1b1b3019dda8861b9d43b84f6507121471fbe63e758688382376c9609fa98a89ce0d968980f8a744717b4246dec70affda5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64b043a597c61175a0fccd639de7d14e

SHA1
d98dab1e49a04ce7084ef47d22f52784faf99136

SHA256
21b436f47183b082b3470c83c743c47c82fc9b79ea78afe224fc15996c5bd6f2

SHA512
e3f3ad7293e7c46d7c433cfc3209236077aa108f2dec8ed7a938893a9e8511960516dec46aa788ffb63b9a062591628bb9075ad1f01c94b426c3d0017b7c2a50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dc48cfaa0ee3638cd01d8ea15c7a34d

SHA1
4f7eb3888c6e1b2c86162f86a9c132301cf7a654

SHA256
c735f3c31cf54a3a5df4e64904ba8abb7e92f00534a8d92eb7b7da2b0b92d7ce

SHA512
6724d08938417d8938f4dc6c9571300f353e2af34a41da8eb2d9134f33d4c77b03ef94849da5c31957738eb78666ed76bd245d0eb020c417443823c5b9c8c9c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ec47b6b4f25f4be3f2bf447fa2d865c

SHA1
5fe152a5335f422359b20e2a38b524ae25a2afbf

SHA256
bb7a1c5b082fcb437b3c37b05e89b989bcabb41da189adc28256b73d957db842

SHA512
b257d3ebda6c0b777b40f28e1c507995bbbc7680c6623264d1d789447ec3bea4fdc1c5b18a3281dd2d1ec04d3d1543dc8063fdd16d4799eab4c2a83566d8ee0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13fa6b82a42629218fefafa34a1df924

SHA1
373824a4f6ef15e6b8bccb731516b6df9e7b6a9b

SHA256
2b67e4e5330ee86558ba840190273190ff7e50ce1201a362bd48e8b6f9d75b47

SHA512
f47dd3d431b06eeceb0ed93bb189cd5bcefad0e0c02b36f731d99ce0956565e20d91f2340bb7cfdb20cd9a04827fe5f59ad739d4ea3a8f5fc9c21af1b9013161

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b438d80caba3dfa73d67ab0f89356239

SHA1
c81c89235dff43c989a5bc1078d72aee1ffbc731

SHA256
b062da5d03ad6ffdf1fe924f7256077f84331096cdd7ef6285345c1f7842e454

SHA512
8af301cdc63a394825eaefa506cf159bebe43b31fa3f81ee41d6831224c73090e71bb5d8bf05ac8d76d12d5a9412d8507e5cd2e6511860b5b9daf7ec07aaa7d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c2e2fad59c1e74dfc06b6576a254550

SHA1
81eea3fe54b87048c060934d7799c92288cad83d

SHA256
6cd451c89797dd9e4ed6cbc3db26313ce09623929442c21586483f3fd6fb64e2

SHA512
6821fc2ca265fb2fff9bcd8a79cf07980743579a4e00c7e19f7732d05185a1bf296c29d5ce9d223e8f04c7158f1442bca4495c7d02af17edbbf5e597305462c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2ec375bc79a498b7d28f4c26635ce87

SHA1
9100a514667fe09d126b5d77f13e275b12ac3651

SHA256
db16bc3810e1c86d6b7084d25e85342a841c84d8aef38942d4104dbd0c09ebce

SHA512
5f5d034afd043fd8670d04c71c70decdc65fe6f50a2f2d7d7d624f751d75ad2e8bd8d898514b1d585ce125c27feecbd24c20784115da1037435b94782f687a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79d92780a033e0f7550cba28ea22beb4

SHA1
106ee75070eab20bc0e61d4d54f674000758d7ab

SHA256
c2fce6f86277fc677064627c51cf3402432508ee2a6711b95b98491287056b8e

SHA512
dc53ca8b2e7c0385ed98d73679016751bb068fa07cde6afa3bc86ae426adeb1122629b0cd4692616d106985ebb76f4f02f186bee8c0e8993696b21fecea6b094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\dnserrordiagoff[1]

Filesize
1KB

MD5
47f581b112d58eda23ea8b2e08cf0ff0

SHA1
6ec1df5eaec1439573aef0fb96dabfc953305e5b

SHA256
b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

SHA512
187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WEH2YLI\httpErrorPagesScripts[1]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5303.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar53A2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit