e4d4d651f7cd0e33ad80ac002ab82f3c9141e35b55b932f03c2e36f49efbab39

Analysis

max time kernel
24s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a7cde45c4e98b80dcec022cdf18626b.html
Size

20KB
MD5

6a7cde45c4e98b80dcec022cdf18626b
SHA1

acfb4b671980bc259d374e6c5cb16d13ec4d2c72
SHA256

e4d4d651f7cd0e33ad80ac002ab82f3c9141e35b55b932f03c2e36f49efbab39
SHA512

4d7403ed586b96649bcc4585e82231ffe9f50c1d16a0a932b08204a9e5c9fa82fb4a78b1e38bbffa4ed476698d15aa1c167ed30d765be6b875e4359f16402d3a
SSDEEP

384:CfgchhDmxpQT7nZdjRSg2Z8vSWY+/FXlfEIe2V:jchhaEfZmbZVyfMIj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C525D501-AC89-11EE-A586-F2B23B8A8DD7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2296	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2296	iexplore.exe
2296	iexplore.exe
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1632	2296	iexplore.exe	16
PID 2296 wrote to memory of 1632	2296	iexplore.exe	16
PID 2296 wrote to memory of 1632	2296	iexplore.exe	16
PID 2296 wrote to memory of 1632	2296	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6a7cde45c4e98b80dcec022cdf18626b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a9f63f3a58536332ed78be2c0591819

SHA1
0b982cc3076d95c626aa58c90e486bfde3aa9b3a

SHA256
f7dd9a4a7c7e09dafb2ce3cead1f8489e1214ecc9edfcdba7d6496bb2b111761

SHA512
b85e8c151e7a7559edf0569d13fd3a8f04b5f95d7445afa93c7b2e838e2dd1c68bc73862f3d3e34e0f68b301a742498c2518af72636b2bcc18670a5b314e59f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63959d09bafe1ea251eab0ed11644f87

SHA1
236ac6168b07f34236c84c79a0522f08eeec808b

SHA256
d212c7837f8e285976e6887578a42657b1ae9ba269667bffea033e5b7cea5b87

SHA512
ec3c811a750b19c6b3c4d92258cac63c73164754a97741bf66171cb82c7d86b2e94b1454c85332a344eef9a61f55ece3c4bf2d5483cf32d76e0a1ad187994cdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a3da84944d443a9decf851697154bef

SHA1
7e8fcf073fb0a2e87c013bb588add1c2f9c3ba6b

SHA256
f2b6b68d3b1ff9bcf53c01135171f5db20f716755f931d6be4fce5b00842602f

SHA512
ae34dc3339ba058bccae6f550d112dcbe45ed9c996a7d4e6162c9b7bc88d87c92879a24e06030515a013e4bca17aa8c638e5fe2f637f9aaeed17500ed9a15ed4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8d77c147b403d3c95cf166a495a3d50

SHA1
a28a5615a0d56b4dd75aa47dfd5f1e8c97b302fb

SHA256
48727998edb10259be7084b5dca7cd9e0cfabc5601df75177ca5de291f4f0ca1

SHA512
8cf222e22a1ccde0ba624c0997d5090c025edf9ed2b4d80b5297477c5573bd1db31ef28fc57ab0ced9526e74a110da48f86233d6186d3b5c358a2c0240ccb8d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4477f66284840e22ba5f79baccc323f0

SHA1
c28bc85b86413826efbe4f8f198685eb02814e8c

SHA256
fe63ee82d07ca9b08f2a4ce33e9c33806e74c1c7e2a5c7a9d593be234d830d97

SHA512
e171e24ac0d531e7339ae3ff192221718abe5563ffe7f7257d3ac59e0b28c282cbfebdfe0b22c0dfeeb07267cd054d64aa2d1e118c7a5fd5b91bb9ba27246401

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9812bd779fcf9a829e15f606dce6e66

SHA1
3b5a76ce98b6a0007d9b99b5d0cd52dcc652ce52

SHA256
c60378d180cdcbf11a6dc07d95b40a33e826e5f08db4fe0986432dba2001460a

SHA512
8ae2c75f43b8704df910666e2b279f0551cf7e9ffaaa3eab052dc81537df3ffeca559acdcc4e03ac8ea3d66c27d1dc9623710af623d6946a4f1b9ea9afc35917

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7059f23358cc337b00ae110e77ccf753

SHA1
51622c8db2fde1c509374108c7e1b425c8986078

SHA256
541ab7c953db2e8e46ca631d16a196d432016d324a87ce127b0be9229a2c134a

SHA512
5ac96595517ba7daa16af4db93a39cb3ee71a642736df728c1a417fba88755bdccab6479a07de8090fe9eefc3e9f40f69ddaee8fab356d92c5ab8d3f945b8420

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99c37be192d898b787529228acd4ab34

SHA1
bd1e7fc155d21dfe65075ca3edd574cd97a4b3ef

SHA256
d84201af6d588879cb25ab0e87b1ab4d1fc91cd4190d7652ff175099675e9329

SHA512
3fa82265352db1536933a4e65d5989dbabd29f0c1c2df712dab40243fa669b3725e56116e54322da7d971f4d7499a2bbbb85984f04a52db4121b0771b049dd7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
327295d8d7f99de65dc1ab56a36fcae4

SHA1
fcff79dafcc8293faa1a0eb64ae31279d0ba9d36

SHA256
5e000e99ba3fc178e035e6a2dd72ae14dacf9766ed048d9bd948a215c77b93dd

SHA512
801ec918edc37d3d37388fa8e54b40ef4f086e48f6d0a3bf8782789b81610114390a6bdeedc973e16d32e033a748811634d3f93dd3f60d4235b43634df30ff56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
609334e8df07c9be3bbac0ecec9a2823

SHA1
d40ec085fab3a304edf81ef3ac6567a912d7bf51

SHA256
9f50ad7e91d748bade9659f80dfe00a39cebecceaef52c7c04fb4a74e5ed8b8e

SHA512
c4fbbb4d8e74c44bfed3642b4ee7494ad8fec8341f4498343c7486342a2cf2e260f5b182c5f98d7dfd5a7e8e308041a87bc917d6940b3f6a0108b570ef104224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7ebfc4470f880c9dd1a4c20246198c9

SHA1
0c6469fffe104789f0b3c24977dadfae4c7a278f

SHA256
f652a6d21871d5774da30f137aaaa0d8dc1860292e98bab1675995125cbb931e

SHA512
37a13d22e60676358095fcee0e2adc30a9669a1c6b0ff20674e8ebde99f357ef948de758dfc2be0d3f8f370d9dc59ffd0a2391bc0aa54dc78f3132e8fbe954ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b8489f9411c35d4e88bc258a0b0e2b9

SHA1
1c33fdd7d0d8055fca430cbeb59b474db7ba2571

SHA256
a7b05ec51e429ce27f95de12ae6acbf0c19e22b62e1bcb2f2816014b9908a2d9

SHA512
ee75d6050d53c742af2e7f178a1f6be8794761ebf96f4273f8de629b4db0c5358331b28bf10e14dad1d28089b1718723d68259d214443efd3194b08517152a0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b5822caeb5338c90b1d63e0315b0f25

SHA1
76b507b4c9bde34e50828f7913c0d17df0abfad7

SHA256
c4ba189f511b4d561347dfb2ccc28ffd1c634f37789f550662aa969cafa6e91f

SHA512
90553fed0eee945971f182672c0b8a1f2443beb141e45cd28e7b466dbb344b79640a1be956982d79f0ed44317e751002acdb303992c0b977b088fc3a290d0275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a8aeffc4e018900a29495d89a2aaf16

SHA1
03c18611dfc7fbb4b575b9353c8104c9ab68db13

SHA256
d57e7c255c8a250477344f451bbdf6dcb0a46f917e810393c99fa462901988d9

SHA512
d1d8e9bd3df4d99a275cfc7c0f6589344eb1f9b7af63a555b55412b29a0a145328be3e4b97ca384f858e089c15de57fffbea67d93da99fe72766a08176bac3de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5afc2884fad5bdd25776238df7d32171

SHA1
b5597de5b9b5189ef894d21844983c7199f28cdb

SHA256
79e5dd2b0339819257a1d8c83447e94cf5b02204818b375c6da9930d4d93d106

SHA512
393e7e0a64974aa56469fd510401ce4facdd81a7e48c162f4e2718aa9afd08bab958bbe08ad342576ec248afd819f41412744192a40fde34c3afe9dc878d36cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f176a6b886b221d8b63a387059b008d

SHA1
6eb5f4bca1363b5c2feaaad0bf92438179c122cc

SHA256
0a260942eb811abdd3e195edf5caf838509350a82f3aeff096a0e78b39c938f9

SHA512
9f9d889b003a19fa7574ad85aec94ac6c3c72ba2275ab85488792269e553371c803290e625bde9fad5636e336104c8759f32ae93f10af808cf94f2b0b0ea3be7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcb2c89e823d4f05bd40958a9d77b282

SHA1
6098b04fb94c5a26aba0b22372d4214d32de45c7

SHA256
35622c5a0a03cab141fdd672a5366b0f32bafad6bdceef3b01e2e07c6a23e88c

SHA512
b125fe344bb811356cd9bbbe0e67a10ed701c276ec1fdc3587bf4d161a14441b811e152a1b69902a2d68993c3953e13e67a4436fff78cea07dff5d4a5c4edebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
f9f3a91f3fef4f96bea557a1e2f6d692

SHA1
f027ffe9131fdb4a81ce7112e624fb3ca61e1ff5

SHA256
03653f7a14576ff6fbe411e960ae339e65b713e6cf89e110d43e92d75da43ef0

SHA512
95b71d5c7b1a05a5f72ad597d31516c44dc125b0c5e010a096b04f7461029d86e1602768f15e6759aa2c02245d7f77c3cee83979517f93186dd163ace8c91f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\styles__ltr[1].css

Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2740.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar27E0.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit