9b7eaaa5e524ba890c133a0a3c414fe6d78ec7548aca5f1a8384587b7ab80048

Analysis

max time kernel
118s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69f0ecb5a759a704661b679705cfdcf6.html
Size

3.5MB
MD5

69f0ecb5a759a704661b679705cfdcf6
SHA1

e1893a01fccd1765c5b6642b719a407d4d164153
SHA256

9b7eaaa5e524ba890c133a0a3c414fe6d78ec7548aca5f1a8384587b7ab80048
SHA512

d081e7bd27b04f900f4cd13e369b973f4b266f69e78585b1a33f648d0b82806cf51d02120d057212259e0af4ba204cf163d7a00aa899b9ad77c48254faeefe09
SSDEEP

12288:oLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nfc:ovpjte4tT6Nc

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000086311c32965ee056f058ce86a3028e2ff461d1f9485914dc0118aa20f9715a6c000000000e8000000002000020000000c6a216554617690c7672cade689bcac428dde961a1a2b51bebd5eb7f6e3ff6789000000034c9b22ee818cc17d570b1e3bdade0f5ce6255733ed7c9a446091b5e146d4bfec5023a16108b0564e28d925dfe3f7961b688d1f12b5e9fde49323ee21edac30e7e023b13bcdd35c4bc8f6dad588da1afcde18216ad20962d22bbc24683a3647d3ec0e78733806e72340f3ed00f1df3dbbd16ce921b861f4ebcf54eb8bb295dc875785f8664af34cf7c9165ebae43b935400000000211f00016fe12ca5351f2b4951635e7f24d72539203797a239b4899aac9419a6e43f32f24242ea0ede414429f756ac1f61e914ee9bd5b85b306b4503e5d5729	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c21632fb38da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5659E641-A4EE-11EE-AD90-F6BE0C79E4FA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000026d562c433d183aa07a7d4d84ffc39ca1b4df2fec656637acfb000784c0476a8000000000e8000000002000020000000a0dc0942d5724cccb1ecbc761fe636b006b0761ddc14a204adbc346caef81fbc20000000888611a6e085affbab69a849eb984f229b62d3504b40cf0e4a6212b88393386f40000000d3b696f2e39a7c4e1ca4d8287cd1a87babb7f322ff14948ebe050ffc5ee3e91c13f64c77f3b95e61d5ce4d885eaae567ee524bffecc9dac3aecb66310a8a3e3b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409867278"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2868	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2868	iexplore.exe
2868	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2172	2868	iexplore.exe	15
PID 2868 wrote to memory of 2172	2868	iexplore.exe	15
PID 2868 wrote to memory of 2172	2868	iexplore.exe	15
PID 2868 wrote to memory of 2172	2868	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69f0ecb5a759a704661b679705cfdcf6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b89c2a2dc0b0afbcc63272e00eb675b5

SHA1
08ae5deb5aa5145e9a846512a31f525116e3ccd0

SHA256
ee08d778a6eacfe1093279e1a6a211c2506dd02c15f589ae31fb31a07c032430

SHA512
a74a869dd51e5739057fc54c82bf5569cf3f4fb80c1395a5bca64c2cab32ed5574ab7874ad095aac410524b0986177bdda2d4e5edfdb08c565a0a2ff1770bff2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42e58c06856ba7a15ad2678aa8785169

SHA1
b7f4b391a4e39058611ecdcc4150e4593a5b5a19

SHA256
b8e9d8952932db1a31a327c26f41b433dbf5e719c92ce14a8b6c3cbdbdc588d6

SHA512
05574cca94c20adb04fedc3bdfb5254646fb35304c0b832db1a983fa292015c09f0c14ea7fda4effa4c682e0ca303ff94eccc245edfed25accd4d47d217ea80c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12827d89474ad755d114c140cea7ba5f

SHA1
4008abcbe31233f86f550c20412f9a79282ff205

SHA256
81e8b376314b7a65d311c88958b1f2a887f0b63786dc2fdfef59fb8e4b3da34f

SHA512
f98516b3b6687ee6f58987d2e150ff61bb357776b8833ee2a435be586f6bd702d73af9cb9b2172e80e50535e169d7dd8cc128a2b82906162835e78a712b45f62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72a342d5e9c4fd0bda1e495ab82d12fe

SHA1
7574edb4b5034d91f5769c52ec949b2c7b1be5e0

SHA256
c47aca1edf354c9022501d27bf7c9514c143da1c0137a5ef33ad59700ddd4159

SHA512
577c006701c86ffedb9ee5f29215764ada10b692a9dc973f6d64ca138c9cb24e2b64e89070f74abbc9d237b432366e433a137a3d5f094d8cb046fd4d554ef94f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9b1ec33d5e934ad6e7ac4646d39e118

SHA1
1cbd2bc8d3463b8f9e8921e8547e305696f78a53

SHA256
076855353e5b1114269dcf13bea8467c8373f3620665217c5b2b4811c8fa9169

SHA512
65a2a2ff613aae33444d030af8f11d2913805d301375f0ac34bfb4fdeacc816c9ede35e2e1f1e0e513cb0bc3919e389412b3ac29f5861261b19330ac2ce9a7ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8898ef536f3fa658c16b9f212fc56c61

SHA1
61d562b910b83fb0fffdf64baaaecf856bbf17f8

SHA256
63989e4ed988460786a8be2bd27ac565b70747ea37525517ed5a2638f84e6f54

SHA512
5b69ade0e16e42ce85948b48645661a2911e6eb40cf5d71446a4434d3d068d3f4273def12ed73652bcd8c2eeb89b45cae07dfba52ae960a7f9daa65506073019

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
445df0054130a6a861182936fec865cb

SHA1
8bcfce573cb17c6e1fcf0859287531a90af0bc98

SHA256
67a35ac3df0b06c67afe0aa29ea6a851a727b7c92a37d5893348ee88ea84c829

SHA512
bfeab7352cea57b9bcf0036067aa6b9c02137a928526bd8383576d4df3c790e3066c98a503ce83edb3310304ee80cc9a7b67df25d010536928e835aaa627eb7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ee3cf5368e99ea5c0c3743d3cfb49ba

SHA1
d2300178b158c9e9e3a2e372fe86162746559bcf

SHA256
3ee78fdfcfdd04d24b4b058ad17f20a5f4c1bdfba9cd411bbf96b375d80c0d38

SHA512
931b9db79d09ce98f00f1ed8a413a2bd72617d319129bc5a095da9a3be7e460beab396e8917382db261e5052ace5f13f7ae86679ea74ecd4de6c0e74df1badbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1602.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1605.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit