0e92321034c682a5cd86a1bceacf87559cf0adaaf95dd5c49109e23404450c50

Analysis

max time kernel
2s
max time network
162s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bb4a5bcc8c09c2d0c834ca4d3d612ac.html
Size

74KB
MD5

6bb4a5bcc8c09c2d0c834ca4d3d612ac
SHA1

ea5c8f35c521c50092ae1bc483f1aa3f63fc9db5
SHA256

0e92321034c682a5cd86a1bceacf87559cf0adaaf95dd5c49109e23404450c50
SHA512

e68b9c75f455b05327744b42b753c39753b530111968bb7d73e338631069b440d213342f0047a0862c00a3b3923ffe055a98852cd0b14217eec0a37dacc950c1
SSDEEP

1536:9TupBk658gg0Qt/e1XZ6K+KIbbod1hPFeRdf7NrBFbbitCBMjkIp:0pBk9gg0pIbbod1hN479mtC2p

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB46DF41-AC8E-11EE-A1FE-F6BE0C79E4FA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2460	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2460	iexplore.exe
2460	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2680	2460	iexplore.exe	28
PID 2460 wrote to memory of 2680	2460	iexplore.exe	28
PID 2460 wrote to memory of 2680	2460	iexplore.exe	28
PID 2460 wrote to memory of 2680	2460	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6bb4a5bcc8c09c2d0c834ca4d3d612ac.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
38bbe3c46b895e2adec6d960ca5ef1b8

SHA1
7bb6b1926a8ed823942ccce5fd98aef1fe221368

SHA256
f1cef941b031f63050e79e86fed5c8cf8bed25404e71d6ca368a4efe5ac240da

SHA512
e926c79dd62f6dfc41a0ce83957b811ed2992fa7c6b48439ccf33253ef5e2addd24efd5115b3d58caaa3008feae678fea32b55ed0fda3a42f53aac00e8f4e2ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51295f81e7946135ba46f46d4c78c917

SHA1
6a30664c055505a0530d034e060dcdcda82d03f4

SHA256
9c031edcc4e5f2c61233b0e3674fc9e4ee9dcc186d91bcbbd62be77f4abe0c37

SHA512
0ae069fc12cc40646fb2c8f8b8f4c5b1ac8bc9e7c0769716a94790bfb5f5de564a1d2a425180febbc888ffcd9cfd48b7d79b11833195e4851134bef920feddbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11b1100fffa058907dc2c4f5a59874be

SHA1
034acac8bce2bdf41c3e2155632eb74e95407d46

SHA256
97510413cce497c247a5c158ad2981186df2035eb39b527b77e63e0a637272f8

SHA512
e38de413ba57629ec1eb015619e4ad7e3cbfc15390fc6040e03e4b7d38ed8051b112b1eeb43bda9ccde5d4d6ba145160622c4f5e928a78d5ec3b1c014daaa864

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
180bde1662302f94966ed56f70ef3f08

SHA1
b142746c928d5948fee1de91133db3f93a92ea89

SHA256
d2df6cfbe9d8ee1f4a776ad070d2b9bb7669db8cadbef2cae6544cf1ce5c5aad

SHA512
397df756b190f291c0a3e514d7f960b24b2c587f2b35c5a59a39c10c83536ebb2480c139237b61199e991b8a69852b2453fafa71896ecd37063909c51d3a63db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a151644b2d4642c5fb46bc140b359f5a

SHA1
e51de9a8b7b6d6d16e49069eef7495f5b89e6462

SHA256
a9772930921bfb31b54289ca6932e21c508e1dfb1124a8f93def54e0e2bd695c

SHA512
c083365346748b426b11a0e523a22faddb975d2adfb08ab69642e94412e538eb66fc24a2a21e3912136d4bca363faa807449375fa5bafde67468e68e5652c680

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f588b3eafc0342d85a967f1686b3770

SHA1
3f39db0996346dcf1b91060a011b977742ecb563

SHA256
bbbbe784d1f2ad3770635007588e74337a6b3725f521545f1f09c9a1b55e30d3

SHA512
af2e5233a7aa094f8a9776bc2d283c50d71f1709f36a05599c99a8edb6bb63e3474b7fdab72bd3104e949e1c83556bd166d6c49b10ff3fed337f8999f3fdaff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9dfecad8cd37865d5bc3e2fc0504691

SHA1
da598fd8d1be3a998ead77a3e8006cc0f1a7f8e6

SHA256
882e016182a5135a3b66e81c627a3b9c08f76c1c4a1739802ffbe708bc2581a7

SHA512
5d9cc84c5ed76b805cf9d5a8f6966b2cc65a0128e97f6c2bcd28814def37d27c8a265df39a4912bbd9f0779181577a9cb7353e2e11e4ce97a228f8d15f15012c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bb256e7b0248ae360e9e45ea648aeb5

SHA1
c8154a6cee73ad533a3abe2795bbf3f24caf9d89

SHA256
402cca5b2f14ea84a5bdc3c3de1861cf3cb6e6cd6e7d5acece037823b74b4b3e

SHA512
f05883391af224b9e597cc452f746195dd42ca2ceb281a336caf727215377f3ac3a7c182a715764a58c0aa5f66023b7ec9a181623530c47cac7fa8a2480ff6bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5952789925f663f2513401af04658554

SHA1
bbe1190b2c14b4ff4d6792c56aa01ee62c1ef13c

SHA256
bad3c59b2f2a44ee22ecddf635d0997f65b5ec9ff88599e9ac6594eb1116e386

SHA512
d9016b8dae707c84ae2366f1fd7e5eaf42634d05ff747bad93b09ee53afe7d258bf423fbf2d607a1d2c36b36f877042e15c3c593a39792d072d1287d9c6da868

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac4a84b13b5a15494e60e29f08686587

SHA1
2453329e655a5c5ca54d3db2559d60bc2c79ea51

SHA256
744435f56a116be7f8e558b652638976304d0dceeeb9bd838288958df6e9cf62

SHA512
ac5c63fe0264464084c225d0c1347f34534e2bcf15d0d0c99fd9701804d45ddb938b962d0dec20bf3ecc493c91766fbc65f85a40445e13e0e6fe5773081494cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ad45e942c29a6e50feed47ecece47d9

SHA1
8f04efc4dd3c5b04810ddd9abef069dfaa06007c

SHA256
906f7c40ce26c57147329da9825ea97708d5f62adc957906c07659f9e49085ea

SHA512
c6e8acacac76eb9e9cbe2fffc328f790c0205ec55a85de5daa1c60ba3e78b70dfd92f2d967996e4fdd96f6638a7f2c7741a886ad24d0fb2edc94c4850c25c9ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d33aa77c76ed3bec3b1235abdc1516c3

SHA1
d3253be6199cdd809e9cf263791d260d4f375b0f

SHA256
1deea8b2bd824142705ddbdfa3898ff1f1d98a6b0520885e2b40ee2631b803ba

SHA512
7523bda82fd9e462d1c461984e9e45cf2966b3090597b66685630c62b333ca051c9ddc1d82dbb8b9e9de11e1dae56f61be11bd561c621efbb2d853ae41d89992

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5ba2d682c0a4fdbb85bf25707c29531

SHA1
e990f225786d8e158e37b84cbf021d5e67380e69

SHA256
d0fcefbb890fe0fa9cc872e270e1313dc2d90757cc9e1406cb2a30c311246f3b

SHA512
800017000fd8b94b44a289812377a2921b93ab03bcd423ad4caf105aeee02159f81fb8fe3ff3108610920641880775a3e4c16be684f038faaf9be0d6786c98fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar88F2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit