5a5de333f336decc9253f5225c93cd5e922b6d0ef39a4729c93beead10a2411b

Analysis

max time kernel
23s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6934705db14fb355d53ce060c3402713.html
Size

760KB
MD5

6934705db14fb355d53ce060c3402713
SHA1

9a699615ebd0ce5b679939b4bffa73be06097818
SHA256

5a5de333f336decc9253f5225c93cd5e922b6d0ef39a4729c93beead10a2411b
SHA512

bfec892134d7f57a99871ff17a88fc7a30be153c6af19da302997b826d800667868cf7e5460e059eff488c2c5e764c24bcc00aadd724645bc601585af5f361c5
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nt:jvpjte4tT6X

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4AB56601-A4EB-11EE-B0F5-76D8C56D161B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1052	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1052	iexplore.exe
1052	iexplore.exe
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 2184	1052	iexplore.exe	16
PID 1052 wrote to memory of 2184	1052	iexplore.exe	16
PID 1052 wrote to memory of 2184	1052	iexplore.exe	16
PID 1052 wrote to memory of 2184	1052	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6934705db14fb355d53ce060c3402713.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1052 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bbe0afc684f9813f49e530fe40248cc

SHA1
f8283af75d59ce565e4167fdc06f429e32555ec5

SHA256
47f17b34fb1f3e3a90cac237d6f59dd0c0364b8ccc0e8852e158fc91509275a1

SHA512
dfcb6127f1a0553442f733d84278256687f46db503109b571f91f31d30155820ad587445eae967e56fc7ffb40f834155cb1dac898f6aa17a304fada731c6a772

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
835b2063409b08b7b961e5d08fc0fb3d

SHA1
e159f3f3981c084c101a1c94f23a36fb3e4f576f

SHA256
1fca68dcb0509c647ce3ed01737a01c6ce982899fc9e268e1c565148a2acc3f5

SHA512
de605e5da70ac264d63f3edea51e76731965574a54e05515e25f0ddc424d70346747632cfd6441701974be0c612cad9251d3b8e7a67728106a664163931f2931

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74359e322f01b2fc1a9ec0f41453d995

SHA1
cdde8a847eeb11a48b4743cfb011cc139ace6cb1

SHA256
9d6dd955fb8f6788789482bd252bd8916d52b15f2fff5bb8542f98ef34f510ef

SHA512
bef4aeb6b299e036b196e77f955a5f7d5fd400eabfa9622ad6ddb33aab4b487c90038680e81ca4e81449267bfa7d4d02ebaf572aadececd52767f3173217c67d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58c018d4616a901603d6242fca49a3a6

SHA1
73d3692f250edddf1e63c601936adf30c9915534

SHA256
ef7866dccb12574baa0359695964706387033f7066e955df5597181bbc2a91df

SHA512
9a15febb746ac3dace4632cfa45a2e1d831a2bd1b6737b14f2bf46bb2ed4506085e9bb9944521f80fb3a9f00d2858489a598bfa7389b789d8e4a13cdd3244e29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b95b3ca5847670488eb7ddf4fe273204

SHA1
3c15c3f56839e4d5192f3fa2692f86ee67b3d2fd

SHA256
96bffe27510d1147dfcec3a51baaccfb81e11e62c852c43ef00c3a6d3aff51ce

SHA512
2a4536733ee11fecfe9beaac02be2340a87d650cf53aa727596794589afed71f3268fc877bb35f47626bf64c1fa689696f632e4391505f17de910134153e2c56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0722a81c9ebd27cf8379e19304d1ff1b

SHA1
24c7be1d61a85be70a4e5e65f2c9bbfd80d04e4d

SHA256
c04a3dc692e53b36a24a8a85323884192ab82400b9ca7e68b8e7bbf302e6f0c6

SHA512
50ef398650e516a421017c4fce9e154bb0ce6ec74dde29320f006dfae1becbd1608b900e69f67e83710b7a366c34431bd07d0aba40706c4da8b0bf7d484f84d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
121f0175fe0c6ea1d358b2e0516ec789

SHA1
5d230b429295c2c9a54b57331cd752a42caa2862

SHA256
eabe55fcd16e0a11efc5d6b56a595f05c464dd5efb731b97afcb740ddce8e2f9

SHA512
51e84ca6bb51b1f5ccfbda546c91ddf8063a50e6068aa631b41e82b0cb2da9f773029090eff5c3ee751389adf6ea8bb53838265b35abc878c3aa5bc720c3ad38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99ba5ad6c043b46c88746290b8c97f69

SHA1
ad5e34a73361fb8dee76eff6519c8fe11de7a9b5

SHA256
f0a8e70aee3b6a2bfd1e856b6161168625814ad43f686a8826e7d3ca138d240f

SHA512
fb58fd957f7aad84be87bb6160be43b100a96d4761d65334d851a23b072412f708b61ac55eaf8d7588a04982af5ca8332d946deccaf3af5d38b694e2fc52736f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0dc8293e2d0dfbb5620ebb5c30b3e326

SHA1
0533f9e3c780a2f46d823976f870c116cdf756d5

SHA256
48d22819bb1e16bcefaafc5573db262ad3199b1cf22da9064c04272063aa2229

SHA512
116764486712c9c184dbf18469e453441ee594a35ffd36abdd6e05c3a25d0d8982c79c3a1fba5758d2d78300c48cbf9b82db449df517133021fb41f4ab6e2dec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a808f1634574cb1c9e5652f0d7e4eb6

SHA1
4908d133e85cb0106299c028dbf43748025e40cb

SHA256
a481f6b1f36798913c92ce71a4ee45c0498ecdb16e488a8f377fa707f63f8dd8

SHA512
e9eedcb1cccda8f84ece4647b9acb864bca50e1d76c3ea3826d417b6fcc053296ee3ae2c5a35dc811803670c6c1be863565f2e82cac62bb1aac187e5d3f1adf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0cd8d1bafea579295d8729a5b8c5611

SHA1
34fa095e8ff4cf35be77d01592835bd7f6df396c

SHA256
cd0c723ee18f946c71f5f14e0df0b1e8279eb0b9095d8bea8969a8888e3ad01d

SHA512
94d4d84d30cc5343a3c1b0f86bf209d67b955442b1741b6b5631502704712a89794ad4379ec55d8d10d18df50caec4971e219f4717c524d3794a7dbd060cf0b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7628ec6a9c9a0c9f795bde72c3e11311

SHA1
4d9e9f924821ff2eaaaf4687e15ef82d9e40b30a

SHA256
08dc3efed91bcb6144d9c0db84a4819e7189eb56cebc653a22cad726812e32f0

SHA512
9d1cc5c0f79050c9adc70e806cc74ca7f03705f3c6bad5012c770ff6ac33e1d7ab8864d75cff311cf9e3879d6c8b9efa97afb6c8a6be598cf659d72430821248

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6b9ef9985838f41cfe57cbb02aa8797

SHA1
a124f6dd471fbb8c8ad6bab7cec158a795753ceb

SHA256
8849a8d5512231c5f407ca0930d7d9e8507dc9f84c168276f2edff90162a769e

SHA512
e83e0afd179df214d295f9a33721f214dcba24505a87bc9ff8f8d80b353f16542e63cde318c4f02f0cc2e0733e335c96bed578e078704a2a2156670ce0c06814

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
588de9f63e48e131a4fd7512a8b5e466

SHA1
daf1f5f70d8408cfc62793c64f2d90a1b786bc7d

SHA256
b1a1b1033f9eb703f58a89fe24083388db072d9843b0437f55b9f2086cec6bc1

SHA512
481469ad6568822ecf95a0ebb9e40fe95949eee39d3846a578835eba45eab405543ebc046b488fc28aefcc079cedd3c52c003a3987b001dde4ce9834c26f214c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1a2a3203813697f4fdb7e24ce4f9bca

SHA1
64f5c1b733e4120f8d31a91d5444202fb62b8167

SHA256
1d9a68e5f61a55d87d7c937ebce1b0193e32eabc7d913a733471bfdafd1aaf18

SHA512
3c205dab077f399520a494d5dd00716fd57fb3135fe7cabd29a712236f8c3736d6cdd727c4aca5c69badf81dc866398154ef11a839f6205c99730e97c2d42f73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2677c409d964bd9fb51fac900caa0893

SHA1
caea87ba168d4e8a207849037e1c428631952fb6

SHA256
eb33ad2bb51f02bdb9a41f7026401931b1de965e9b24c484c40787c5cf382573

SHA512
7bb5830685daddf34151b195e6471fdc3f78a114e6c2d2fe4ebd93f78e41b15f9b7806431d66866f399a7fe24086d98b0e08739c5de7d0795008886bc0232d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73e6b0aca922ae8fd9afa1db7c3585d1

SHA1
8e9b0610bfdbd4b4680871d987b676ab9d7fd774

SHA256
517d3a7466ab4b3e200265af6004151cef3115fd67547b49094eb71ca121f871

SHA512
ae5287975840c1625125a670499628259810288cc12a09e52635be36de54dd8d38d58e38d7e7693b5674b4532b5339037ed23de0e8b9d55481cc2749378ad06b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42bcdb3a8496d6c853b567babbc88770

SHA1
6029f84c89c323ec3aabf5691f74e9ea736986cc

SHA256
419db55fbaabb810fa056ed8287e6471cb436dcafad43a4f273ae10a9101a40c

SHA512
e0802509e5282009d986f1dd359cfd75cb939ab25a8d3a6c3606758c4a3a69df0ad6049dca0439912dedc6e241b449872ffc4a8e28a72394a34b748e50866365

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ae2f4e93440061790dd21273d36e7e3

SHA1
4883065d0281a7bc4c78204193a9c5e3d5f437a2

SHA256
ac3c3341b27f9b5fcd431ecb6fba42f774986151d79df9b8f0771df329c9e450

SHA512
079ee264ea616bd46e57d8f9c93f75cf7e69039f2627dbe45192a8abfe75aa68f801a09af2e5977dcb110220a674262ddf9a304c427e86e16f942042d41778ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f76e5f54b340799362b2c39e36b7f37

SHA1
c44c1f737ac868fe07d818c88bb2ed445ee01e9d

SHA256
a8185f1e7b7770d38b4b9d414262cdf4c05e9eac4234215344e12b9ad74d88e6

SHA512
810ff4e8e9f78c263ee074b495cf7d0cfa41d25f2b355f2d5fab1daf68002a304a774ff88870c8239d6cb9abaac2fea6fe4bc740960234a06e3bb94987e8e4ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d38c519849d53aa2da18be23cfee19a9

SHA1
f4b82f39eb0915ffc109baa3f17033e1b9ca0596

SHA256
002b53a15bb0ac16939504241ede9764fe123af41e490a0528320c0b1c67ff38

SHA512
7b6d1830a63b1bf75e5fac2e81a802b9ce19f83d4410d518afd5d6e420426ecde79d859bbb061160f829418462f7450b9bdea214fdefd4c9999d82f67622022f

Download Submit