e5eb85f5d28610cc8529584294cdcd55246f0e989c2d4116ba362417eb6937c2

Analysis

max time kernel
19s
max time network
188s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

68a1e5279520f908fa073f752fa03edb.html
Size

70KB
MD5

68a1e5279520f908fa073f752fa03edb
SHA1

61ecd2d031458f0350030a6d5b680c15b46ad5a3
SHA256

e5eb85f5d28610cc8529584294cdcd55246f0e989c2d4116ba362417eb6937c2
SHA512

47d8379d7270b937be629cf734d445eba2ba7a03b1549430814012b914c96fe66a83e8ad7ec696bd5217e9a799980f3bdc989342be6e44a2a1a7064dc03dc4b8
SSDEEP

1536:gQZBCCOdi0IxCcFzqV0IIjjmNu1+Rr7jVOTbByZSfs5XcxD92qJaMQ4d42l6G33z:gk2o0IxnqV0IIjjmNu1+RrnVOTbByZSV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1D81D531-AC82-11EE-8C00-76B33C18F4CF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2700	iexplore.exe
2700	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2872	2700	iexplore.exe	17
PID 2700 wrote to memory of 2872	2700	iexplore.exe	17
PID 2700 wrote to memory of 2872	2700	iexplore.exe	17
PID 2700 wrote to memory of 2872	2700	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68a1e5279520f908fa073f752fa03edb.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
  2⤵
  PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f940b9588a7ab523a49773057bb1959

SHA1
7f06e4a39ae583d1bc4c10600e2d77164afc0a30

SHA256
944e173e4c037322da789343f631506ed3c9bc74a5754384e1ae697a4faa612c

SHA512
df4f4ec3496e8c30ef6bac18b152781d3e6387d8e6e31f50c7269e52e035b30bacacaba5f89baaae8ff8de9705b6c68fcadc9debeb9418b65b1f545fbae61448

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d63e24cfad27a48051ae2daff4a5d9f1

SHA1
08492af4080542b5bb405a000043353f2e48cac2

SHA256
62ed908431c2aec049e96252f55ee2835bfb97aac7f258ed91e097f461e6456a

SHA512
efb75a3f9c7743ef0fde461feaa59f2a9cbec1fb218753941c6abc850facbcbb2105e9285db50575650f5ee54d9c4eca511f795a2f819847fb4cfe394240fcb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4747a13a6dcf69ced68337d28e21b34e

SHA1
311f5b5e5b76a573ca3c5efeb02cdcb63af51df9

SHA256
f71eda1b2a8f043173d3de9946609a232f2ca96de2aea270281383f8fa49ff98

SHA512
30cc8cf19574eeec2f4c6cac9f0310d3662a3871c8b35d0954f6052b0e01671a47de04208ae0adbc45451434c8ca8618104aef12064668adaebba82c329e6761

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee0d1ef7c6152303be4f535e15ba7cc4

SHA1
9a3e5b3b658a357d7917b05d2effff7754fa479e

SHA256
f1ecd19c9e76a3af6ecc246cde2ea1f8397572367602dcd2daed60ed3db332c8

SHA512
429c58a28c040032806444ef080fcdc4e285daf89fbcbe4d63362c377bf6e788fc86ee5ca52d8128752470d7e92ad0446d8a4a574cc40dfe0f3d3278cd6bf6b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b13bc336a18bd8c8c75ef9ae36c221bd

SHA1
101809160c7f85161277eaa7a20f1f254b662738

SHA256
f9a2381b74579ca081fc90c75e3eee96e7fa19e3d38453ec7695a189afbc5ce0

SHA512
a6c11fac893e6c83e3765a023d9eb91e0f95349cccc7d4f329067f5ca25779182e830afe86672f22ec4a5334f84b7f98e4045920ab1163bde59d728d2c64775d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89181f590ac2d45fa6be40f9a57aa181

SHA1
1c899ca77705e8d71cfddb8018f45617fba61399

SHA256
d46400875b9af6067b81607d3ce64def256677ee90906877623800ff5e05c739

SHA512
4d161eff3f53418a8379a7dfd06c16df48379cfe6075c1d3cabc4384eac248bb15d358535ed6fa3c0c0c6136038357531ea88c7113c76d062bda025cd6af80ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af0118e86719efc233236b99dfc6f697

SHA1
ea81cd5f43a560ca17f8f6eb05142c2de3841a0c

SHA256
f9e72b7db4550b3f44e809e7db36c7e4130e4f725da541a9c712215e3c5ed736

SHA512
3beee81e891e40a24574fb413931625530b1f36b05b87c898b74dc2b8c0ec14c69c157d7b342ecbeea3ae1a4773ea5f7a4fd802819744d39a54968e8dd5ea0ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70192db5ab3db7b7bec4d6461e51e28c

SHA1
0c2007559f86c89fce9c81a9ef750ba100398f83

SHA256
cda5a681e63ea6cf7b3ac68cab518fb88f38710ad9d093c344a12ec12f4ce27c

SHA512
44c62c742172dc9a8fa44508c8ca8553164529ff4578ccf96cb006bf67a56668884281caab1909a22d84d12c3c6b8c75ff3d83fda3f8639161367f32fbd75999

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b9f4f7ef4e6e001cc5bcbe4559a2c65

SHA1
0ed05f0062af848f843ee429dd77292bc16dd7e0

SHA256
45de652f87503d9abdbdd456a0920efa7d885c5aabed75eb2277f439677707e9

SHA512
916bbf20b91b8872b36bd7c4e1e2c06146c1c0041711785be1f9c5a17738cdd76303941171ecdeba61c292722b032f50071addd5a0153c0f0f67f521d83f911d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
563e05ba17b0ccaa78bb872b64f7fee2

SHA1
21f4ac759019724f637e31f6daca69d4a9a5bbe8

SHA256
59c3494c742841d5fb50320a937daf6b827ef1ec360f185e7461660e5c9dffb6

SHA512
3e4e221ad028cf47e0fdf6a71f9157e2afd0c1b81d2410f777b07fc700e50f36f33387f8e946225ca154ceb8b142e179fc360d1bf71f38ff7e181e9b9fa16dc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34210e3d3ad615777cf10372af73195d

SHA1
13dbac4ec792cdc66058603d845f614b8e51efc6

SHA256
81599c65e0908d236fb214954b8299cd3928da1bb3bfed0e862c3f7b046feaca

SHA512
3064e8eb32076e8e1037fb7de39dec7da3a5c9e9572d1c3a268ee77850df1b60b04b57503f034f47e5881b37f49970ad88cd500bd1d8320f59fcee149301861e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6329f68cce4dda4668e035d55d9ccc0

SHA1
09186e63070bd22c89bb80243ab7a57769d5984a

SHA256
12e9171f28e338906737a1cbb96ddb5a8c2532a187e83b3d5e735a90bc74296f

SHA512
f452c8cc5f4ccfbdb7173b523559fe783c3d09cb6469d7afa2c10e1fdf73f567e4f794ba0aef1504e6e7bdba2224f5692b09d11db66c64a24279750ed1ca5df4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64154c4c132b1ed7bed9d2f039123726

SHA1
aafe898a283f20e9acf8e86e1dbd554b7825181f

SHA256
a96eaf879baf4ad8f39e184430264b85ff808feee83868359511d3c80096934d

SHA512
bb8515e418cfbffba3f4cf6fdd5ca09059ad7720def95b836eaf404e8553ab08a07766912999cfe2fb1448a16a7edb26ed4a449d6b340a9499bacc34760a1ade

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8642475c6d587f9ceb034135f13e4ef

SHA1
c666ae97f14d334072b789fb76cbaf8ef2a3a88d

SHA256
cf6f4f3c9254b84ddb1b52a2c8eb94fcabd1b39f2674b8b06a87b02745c9ab4b

SHA512
d8ec54b6e38dbc7e79a8c46e758ad1c5eaa3a186c514e0a17ebbb2a7d92faf8acb187266ac41d34a6b7b18dbaaf44219e641fefae69302c7f2b3cdb477ad439f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3c124a85e62f0a747ad5b80b8af4bdc

SHA1
ed18644bba749ce2583c25e1fb4949fdf004e5f3

SHA256
f8614e1089eab9141ee4e5ace57a6b1a4709b5e41ec9dc2f763ef217612cc9d5

SHA512
8d6bab10c7b61096bbe3230030126df7eb14ecbda2f09071acd66d78c4e4c5f8b15caa22d3cb77e1f51f5b35f1443c08545f1b39167dc8325afce2574e3eea91

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEA61.tmp

Filesize
13KB

MD5
9ab51d83f8380060506657010a5e14e9

SHA1
21dd12812e8cb51672645bbbd94e889d752f3a52

SHA256
01f1156a4fe7dee6a1dc9b7b44c7159d96c327f9ecae907ae9c08d9a01f2235c

SHA512
37155a13abba4bf02d6b3ed29be218ad9c0516625eab4477929e399bdfa19e07a9db60bff2eb787dac8ee708209c96215b95e05adde4754d341252e635056ce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEA73.tmp

Filesize
107KB

MD5
66efe20817b85d0dfe164e8e6c945be6

SHA1
158d92ecfb8ce29f2c6b74f1ae0829dd156337fc

SHA256
d3b6daa2aa5e71c560e84ec7d6ff79d83ae55176d62fdbdc05e4fc10d0bc9717

SHA512
601bfdfea16c4260dfe45faefb746e98eaaf173f3b6b4989de346e11b8a62437c99675d285aaa506f10e7ebace5679715ea11a1703c080d50943dd6fbdd9a8e8

Download Submit