c9f9a98236dd3f62e5ead7cd7b02fae9f6deb581d5a73472c8f47abf725becda

Analysis

max time kernel
0s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71b45014c3efed838bf3c728660d8d9f.html
Size

25KB
MD5

71b45014c3efed838bf3c728660d8d9f
SHA1

2b2ea370e2a0c8c0778c96cdfd812b7c261a23c3
SHA256

c9f9a98236dd3f62e5ead7cd7b02fae9f6deb581d5a73472c8f47abf725becda
SHA512

8cd25172610c710c6a3939a327b995153205dc80470eb09c6b05cf2915fc4ee751dd06f2a6ee1df24dd11e0c55ecf163e463174fae9b35162171876508a3e46f
SSDEEP

384:6ckle+PJ19LR6RcLov4P5GgoTTmyElsjh2VoruXlUYvsMlWyKIwxKk4qXHEr/iAL:1y/PJLLURI5GgofqyVZ5Mk53Er/iAL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8DC03D31-ACA7-11EE-8D93-6A53A263E8F2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3036	iexplore.exe
3036	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1204	3036	iexplore.exe	14
PID 3036 wrote to memory of 1204	3036	iexplore.exe	14
PID 3036 wrote to memory of 1204	3036	iexplore.exe	14
PID 3036 wrote to memory of 1204	3036	iexplore.exe	14

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2
1⤵
PID:1204

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\71b45014c3efed838bf3c728660d8d9f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42968c28392657f85042cbe153f27e7f

SHA1
93a98b5c00066717b29234188eabaca82859c4e6

SHA256
354c8340bf1899be8ced343e59dda3328ddfcc9c1682a4b44f4b18d8c2b9a918

SHA512
26d3048350f064db58f536e566df428e070588c59944e55dedde2c4a44502529c52a0d42538ff2ee53f917dcb59fa0a0d2827a2fffd3fb51838575ce3d617c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bd397cca8aaee0a9944540a679334bf

SHA1
0615ebd3823afad959651ee01623716c950cf62a

SHA256
f7d1dcb8f5339e25698ce76fa5a8dec0204f1f688d5b5754eab4c2fdc4508e12

SHA512
14e92efda4de0f99bb6a0236d053f331c796aea365670cfc7b265de9ac8b5f0dd14fdbbb6653f770ad94520f4692e63b602d796e0b6bfd08dc4f8d793feb1ef0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3426b4de08de32b1108ddb10223fba2

SHA1
637fcb34010c599211e3998355f53361ed3a3edf

SHA256
0689a3566c4481781ff0332e7c5e1459de8b8d538778455d08807509415e69fb

SHA512
86ee42c7f8a6777ec729c5cbb18fdfd93b8e8b55b42d84a7becd5190e2d33af6624ce2cd1e2b5ab8152a235010483ac91a5c7533f4b254b334a687222b9c5d6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d87d1ce59672882fcad5a5afebb28f22

SHA1
25d4a46a1868e839040c134f1ac43e5ec9a4cbcf

SHA256
9bbba2185618848a9e3aa431e55c322b12a948a837bd54dd4fac170506cf2ef2

SHA512
3075b38842aba0f94b43c378b22eb6307d584d2fb1239b8f6ca8a7c74bd533167abeff997575e8bdded5655d18ea61d45690c9a2b51edcbe4c9bf4088260c035

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdb2b4ce7c71815a6addad9c35ed80ae

SHA1
f3252123d0cca469fe1d47f0a551ef9d2788834b

SHA256
dfefdd42b30f1f7d75f15512fc48eed5ad6023f261af60c5138fd085fac67111

SHA512
4fdb4efe7fdb3baca3ff96904242be08d4a91f78062161f159e7885016e773ee162b0cc5d5dba5240deabd21bc2e7750e4639c93d950d23e29fec226090f0434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e123465d722a52e181e456746181b11

SHA1
35875965cb19049c3817a387a12464825a5ee48d

SHA256
93941110cda6f303ee558472e80f647ee4e5902887a52b69799f86efa571f093

SHA512
45ee4044bd64b9efccb017715c6f817fc705208499b91e97b0f5dbe99c79540268596f09582854843d51ae029fe960e3f568ec3f4a0eb491a2b4e1ea69c31597

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bacd731e2d15b91f90faa5f7d7444f70

SHA1
0b300077920075bb541299aa18c4ce50351c0ebb

SHA256
030d23afcf7916a31bd3c488dedb58005e26c133a631329dc4cb5e75c8c63470

SHA512
d70c3c3caf6ac76b100a09f4cf7109209471d462bd5320c5899f2fb120f4592fdb7ae79dc1a844af4531d7eed4d5e6094a1b683e8610e0ba7f2f71cd5053ab29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
765166598cbfa686352e01600e42a7bb

SHA1
d466650bad0ce53179ace112524aaf273cd854a2

SHA256
4e36eca8883cf991b20dcd6e4329490e5a0f16dd99321f2566d514b36e83da16

SHA512
f8cdce4169b69a1b643da3b69991621b1c80dab3526505d4891128874658e4fe3617944e666c6b70e929bbd1ba09005fad67183afe9103d35166328b4480d8f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
327d393150f259b8b412a525e239e722

SHA1
bed8b886942c3666626ae401df17644a8e0169a3

SHA256
329cf50773203026cb48073ed83f625e4053d285fb72afecccd6148811310f5a

SHA512
8f72bf9cb11761a356d87ec6e63ac05c8c497f7876d7b5286f5256da2568eae1666fe3af5fc65914ca89e0e379c97643251fb0a202f69ac9013767e2497d3c18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f993d1e40b63a7ce7efb46d6039bf3c3

SHA1
63495f12ae252d4b0343525893bd51450d57177e

SHA256
ab78ae952b93c377435f47399c938a40c84ba45c8ee65e29b06f2001f8fab6fe

SHA512
54acae7c1d10c676574288cfc7229f39a1897409efd21cef3cb93030ea84429c941cff638da077bf68a3cd6508a8774b371d28aaf5571ab0f6cfb765e5349b99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
961eb166a98d90595ff610ea15077bed

SHA1
74d394de37aa6b7ff936112603c23696b2f1f256

SHA256
3d1a7ff2a33d2e9a439c8884f7ed82e66df305576847f61c0acedb82c3132369

SHA512
a39eef2c68b8947cddd6eb19addefe4c66b3273e5b22fe367643e5b140f407f05f29224ad9c2a2a1dce4fd878102117e2e9880db0ba98801a66367266d212c7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57411ae7f3815c0d072085a742b1ae6b

SHA1
b62cf236cfdaf56e7f4732507e096ba6eee99959

SHA256
0587f6eb50e103030bc88aed8301cef596e4152ca61308a5f14c8e0b20cbdbe6

SHA512
92c071dd4a6e176b73f06c2d5e6578bb530c245dc1c4bdfad8fbdf327993e2c6055b1e228d0d5fbc9f2222c1d99aa768264153ec4792de219e91718ad4f48cd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86bd0b992924bdbc3d1362e44df0af79

SHA1
7ac4d00b0a42fe4549e09cc6f6af76e3aeb991dc

SHA256
89631e31cf2dcf704ef3c8753dfdc4c7ce13d17678bd95aa7e7d7003dc27fd2e

SHA512
254ddf29bb43be652f1f78d44d0e380783eaabbab7b92f7dfece374c07f859a3495c92588fd7498380fd0c511cfeda164eb066fb68869598f0e4703caec451c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
473d89716b18a734a7ee59ce7e68826c

SHA1
e919b75c75807164bb0654d11cbc234b42f0c4d9

SHA256
9e1f6ac57854bd48f928708b08697b96e3d3607fb044afc54bc24810d5037a24

SHA512
dd01d8d56adb94c767b03a1eb31c323c264e3df2825fd54635dde0d6db07d8307a697853b96e7d5f341bb006784662387a87f93caac1ea342302710f216d220f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f713ab9a2e346233e1385fb2aec5f000

SHA1
fd5c3b80eb0a84811785272ca5ddbe144a5c2e49

SHA256
8ab647816cf5205a454074304dfdaa99cf86637178707e38a486b7fd4316dfb0

SHA512
9ee936d828b476c2bfd477953ad64295ee912fa3a99339fb0e76bee4d7a69d79e4d6ef790b13b23d6f203a01aef73950bdf94a4a167c50a9a38787fc16d2fc09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
131ce691937af9b6ff34b885a4748a2f

SHA1
f43c91c9f8525d869782925d2f14685bd0616017

SHA256
1939b63d4ebc719047f11967c9f011cbe5d59d4687b9ed1ce972106ac92d5600

SHA512
2ee5c5adbef000d900aca46ee7f911bcdcca620b228a4e686be609f462dfa3429da8326becf46f9f9c62bc4c2cc285e9b2913feed1380d330016ecfac224704c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9f97a02a15295bdd3e3c5175b521e60

SHA1
cfd12f888265e71ef5af2a2f1adba904ea3e2e0e

SHA256
9777ba220e2342ee42c9d64eb466a304ee405fb40c13e85834fe435cd452fea7

SHA512
e16ea2326dbc3f49d7ea336235c929656c7b30739a8fa41341c0ff6dd59da6f29ced1dda5ebe098af97027da6fd1520a32b0ac22a67b6a8ac239947f58451e94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7027da72dbcba7ae7c9dfc61fb46932

SHA1
94ec3a7801546f4db6c2aa3e93c14aedfc2297b2

SHA256
4468c334259aa7edc9a02cc288943307f0fadd127c704eea54b871e7eda67585

SHA512
4414df4d2da84321324fb391ba199ae727fd9786bff1da746170e3a1a1909ffa90c894e56d59cb7a88eb970d887d9ea3389b2376407274c9a33748bfcdd19add

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a9f986bee75c2c0b05e893393986b2a

SHA1
5656afab240ac10ffc00632861970355850b4448

SHA256
d84aa246f2657c425dfcf6901bb870a0975e20c554a12a803fdd098d36639a60

SHA512
3b9a02e5366e0386d96e542588b00e297c318fc0c7142b9cafe9083846fdd627e05469d856cbb535837d76c4bf50472a3499d8a736b338d12bd19b2d5f15c768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2be609064e49b57b1a3ae0652b4bb666

SHA1
b4156e2dc2890564c5b3c253daeb19dee8d09b90

SHA256
7d788143eb6abec5d37c3fa08b946daa99a3c0c97f187f91ceecbb71c721da45

SHA512
30f4e769acdc3a241cdd247b9ac688fb99532df7f5b14d8777322ecddf4e23b0d21a58df1b4425d34cfd0aa2d30de2a4c1a3940a57ced5db1301a98214a953de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7be6cd02fed897c5ba497d4e0f7233c

SHA1
7b2cbab995d5954d123cb3706e31f22e9235e58a

SHA256
36f5d31bd34126d47ca322967bbd100a9718357b191816daf74e80a6e1733254

SHA512
e3ad7879164fa65d2713d802732bfde340915d86560d793cda958af4288c093dd0183632cba7833440f75f0d6dddb6bf66ed16959bc49ad2c2b929f6e1914b51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3867230f85662f6c621b88d834ddb0ff

SHA1
f2f415c94b6a638122c77596de7ed90456e4368d

SHA256
bb983876ad8fc3ab18e954b26f38749bca010c18fd835acd4d1b7fd53ddc4ba4

SHA512
ef807bfa59240836e9797b70fdccd036c0eea4c101d08bc17b023222768c59a0b0644d3b8747d2abdd52624018b32cf6a7d6dca4cc9c0018122e34cfd739f1c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c98869d41df4535fbe93c4297979a89

SHA1
e2400673e1836e45fcc48fb7bf89e4d0ca02b2ff

SHA256
59fcdb27bedaf60fc084c904ec3bb2b332b12ec547d038c67cff4c872ce77448

SHA512
ae9ec5f9ba577d654e07384551e9ab0170740d7a1cf38c4a1c79bbaa0755215aa9b414f8bce3861590d2c1d42c9efa12c8e2066584040aaa7e251e563f65d25d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1086.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit