e5354f159dec7c587dc527e645df03ebdb2e69d7504abd53b175b33d941b6ecd

Analysis

max time kernel
151s
max time network
186s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7679bfe14731c12c3c70fdea178aa017.html
Size

42KB
MD5

7679bfe14731c12c3c70fdea178aa017
SHA1

97e8e3b18f06004c9fe2cb104418e2eedce1c3a8
SHA256

e5354f159dec7c587dc527e645df03ebdb2e69d7504abd53b175b33d941b6ecd
SHA512

8735f869bd9151c9c09a6e4c379d971a05df1026a4d30fed3db9ec3b65510ed69f2a7172e9f012a37cf53ce065c78af0a57ea3c41f0891fdc327eaa27ec1ab1f
SSDEEP

768:Zcd9QZBC7mOdMAgpC5I9nC4aX8ojrrAe8wBwow4ll3Pd:gQZBCCOdA0IxCLX8orMe8wBwowWl3Pd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EFF45841-ACB8-11EE-BF73-CEEF1DCBEAFA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000009fe0eaf1f08c82f939f64428784f4fe253fa19a3c799e83d413f5bf16e7f10c5000000000e800000000200002000000028647b5a9e79d00b0c99c131ce3859d5067ea676cecef3fea765dc701236d5d620000000fbb4a0204f780f51e74fbe183695c1ee18b13150cc42b8394735980d1009f4bc40000000a26f52f2d3f51c903eb5a97837cc181d2d53fde8a2953297ecf6816bd89eaa7e0e5f0e7e2efeb0a9e0093bf457e50fc56d41153efcce5150ca9f85fdd1e7c63e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 703bd1f0c540da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410723965"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000cd0f0cbf09eb0e18eba32d400fbf424a868a7b78164620b10530cf06cb927682000000000e80000000020000200000009b2b65642bb129fbe4947c2a6eba8e5158ca17c9e7bde881e6c78936eff0d972900000002ed500ff8b266920f914cd1a210da6060c267ef5323a6a6e4eb10f927e12151b7b9615ce2e83c69445130f45865ace04ee5d6483612b3410bc6c7be08c0a1eccc2de8a474688b17382283a05500b5400f3fcdf259b12ba872ece88977b4de3465076316093b690f02209d8419ccc8a044f96f3833119ed2e31be7923c03fdb046419377991de40cf1b847cff39d725b8400000001bddb7664195f8914f5b377d9a379e28d20bd2d8a79f22eba1cca0cd325bca859047e11603bad93620a765dc8124fd86511dc2847d2e31386e28f5abe56ccabf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2228	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2228	iexplore.exe
2228	iexplore.exe
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1280	2228	iexplore.exe	28
PID 2228 wrote to memory of 1280	2228	iexplore.exe	28
PID 2228 wrote to memory of 1280	2228	iexplore.exe	28
PID 2228 wrote to memory of 1280	2228	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7679bfe14731c12c3c70fdea178aa017.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0656335dcad70fa35fafbcace358a0be

SHA1
e319a4ad00f1f5b6926bddd279ff6c9bfedc95bd

SHA256
75ee56aaa777d13b96cef8c63c717607ebca3bd46feb19628d88d7228a78720c

SHA512
8865f04f098afa0617ca51e018a25438f7363cbbd781a095df95a5cde1aa815f587c3a4f86a93eb093b762b94623ef548a5c39b275339b2d9cd1e924adeba2a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dbac4de37c16b81ff26f8b74dbdcd86

SHA1
fdf668b3d5c6de3252bbe5d159030644ce629449

SHA256
d9e34a79d59657b22a704ec111050b2c8c3d7dde3e2a51a0508f7b7243fe438c

SHA512
e031e186b8d5acfbba39d1f1be88893ce9bf8f774b5a904e6879898520c561e227a409dc85692593ad73abdf7891c540396dcafed4e2203c4ece57ab3e152dc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1aedc04b18f846aa076df3a1ca7de40e

SHA1
08de1fe8995b8acba40414e60f34e90974bd7c5e

SHA256
6149d342840fd95708e10a575bbadc3c6c8bb0a9497dcbc10a055d689737fece

SHA512
18c0e8c2f28e0dc428bb91be4ca3b582e4524558e02c183630fd17c838db9bec4f803dff9dc8662939defbf68d548676664fe5f882f2086d87eb73fefb7c075a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30d1711cb43d3dce67f905960fbca92b

SHA1
208a49c72ae5e6be0e28ceeec1b77cd5a1b6e06e

SHA256
389ba642eb6006462604a29f149e732ac262eaa32e6440aef4ec7b9aeb38915a

SHA512
b90bed107e7f71bfd7be96b3b6448a9bc15e55c54d5e8e2c8c480e63dbc9ea4e27a6e3f36a56df1b051efa4068dc149c8870cdad3139127fc9bf9989fd052fd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04e0ac8718573e0e82112f1889bf93e8

SHA1
8df7411bc072aad33682b87767c3e9085e3591c6

SHA256
005e069c0323fd5bc898aa4b8758051fe1cf240d216ccbcfd723457f949af9aa

SHA512
a7de60a0fded2212866693972046415778ae2cb818676d8d80e9241d9068de0dec7bb3a85748ff72b1e2199ec494a69dd80252571f1752d94391ad95510ee3bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd77036880ad387955c1958f380006a5

SHA1
0b5e4d947946ceb629dd2b2bf95957b01c4bc36e

SHA256
d04fb91758df35c75baf93213101a523f2e1261b7b37f1299a4a6201ac93716f

SHA512
6e9fc6785a0e1be908d88555e696e3c28fc8a4edce81cbb590248ed2bcf18a7065644bc56ece265a7b687e6e1874e214c73112cc8ec07f8ce4ac5defc0749036

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a825076f35588f72076067f09cc64d96

SHA1
ae27a0de28a60c45b2967c0d13f935757786f3a7

SHA256
0f4dd353efcdd46327981c024dadc9f115f1e945e92f0d5dd9624acc543f6180

SHA512
3aa6349be4c4417ca2c8d0fe837be4d78e4b08e7926abe1062dcd9f45aee403ff60a50e659d08f5a698158c523ea37421c8146b216acdc72c4d5ef5ca57dd896

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89c5b2e309d087f3625dfb6bcb311488

SHA1
1f73f6f5ae52259a64fa63807494036adc2e2df1

SHA256
37526e91daffc7041068196e26d33180e2f9e33534357bc2c047dffba6af3208

SHA512
fec177e62b801f3036ef0a1d024d592315894efe50b947061a6b01e375f9e0073f6c0cd8529bb07e8a37e841098397f3d431c334c240242330b076cd94ce9aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a430b344930f99d595367ed8d8ad4224

SHA1
f9362dcbff91ed74f269362c4859af29ad0920d1

SHA256
cc0dbf9b658f6b9880cc11120d1f917f4384913a03e12a93393ec3f27afc268c

SHA512
2e8885f1e0cee46166c560368690135fb67708504a2980134acfccb24d21cf40d38bccbb180c757728cb7f5efd23553e51f51d96a6e9788f6a7b7ceaca2dc39f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d3bc7763ec2b5fce7b70755e963842c

SHA1
0214ba57ce09d405f2954d47d284b1ee35a0b386

SHA256
357e5fe8f71fb08f40959633338230a8820099f52ac14282b4fd0637bebd7e57

SHA512
6dde7dc5d7abc78a42a3ce2cdc921568afd7c1962f392e4f4c2508ebb460460e19e3895013ecb291af0c25a933599313eab805301f3fa290206d6bbaa2b19b86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dfee07c2fb9525da1204a869b768477

SHA1
e6743f4522c8573150666da6cb7e1644a8744084

SHA256
aee35f20fd94f01031f4586693673b2b3c9e592a9ecf2aa2d9c368c35274a4b8

SHA512
97b6a5aed0279f681c89c2d82172a984d3f110f79ea0ad415fad3e9c6101d4922ad019d2c0c1699b98c13a959046510103679202bc33edb57b23a52f22e3eb5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a395b1abb9701792ea43e1998f13b35b

SHA1
2214c8412bcbd1b84abd7a36e79661ac67becb52

SHA256
d7c4afadbd31eae148c4ac2f1edda64abc527b47873a8dc587d87bbec9cb91aa

SHA512
fbca8115c96316da56c7dcb1396ec6470b0e3cb44fbcece9bce91cd4e010a4e1c222f28d9d25df9d81cc251392996ec34425893de5636c1377457bf04c7255e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
707009f37735d9f2eead47bf98c7f21e

SHA1
cf5c56fa1f53423edae0576dd12b9fca42fde116

SHA256
7a619a04195d5eb434154d55ec472ab42130f6ef4f6804f3d1b21baa54a1c70c

SHA512
098ec0ebc4fb3fa8ca138f4a4bc8794463297d709f72705e0a5fafc7e7bce7fcbecd98fbf733f4d3fe854c8a11c6a5bac4e901340eb426e77fe6b65f4e8efc13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a847ab4a5a4a1c76012a18903070dc17

SHA1
0b98c17f31d3b7e899c43f9d3844eb1cd3a5e99f

SHA256
824e1a4239abb4cc0eb81780f9db50a3c9d332f87ec59c8e68d05680794ca6e3

SHA512
65594b2522c348663c292a4458bc25e5d90ec66f3fc523e96e014776623d7c2fa6936f26dbbc775936aef9a815760d0e3e0f5cbe3e71196b951984090162c72e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e54e12db4c3f4db20884f31af1c6590c

SHA1
2232310dfe54c68256dc16e9d03d96bd7104a07a

SHA256
eba9b527d006ddd9628b0caf582c393df65756b17ed0eaa2f65079cb7feeba2a

SHA512
6fe5c2773a5398bb9359126fac537219b97f7f8e99de45abb727210059c9e3750beb28d90abea0ff2f2cfe3df96130a1500aa278a0e19605a5839ec867c8f26f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43fc73e52cbcf2e16001162a22e42acc

SHA1
0f76b08aebc093e46acc89a190d62af2d9812c13

SHA256
32a52cf08d8af7d16d466e84077f0799c5d43642a8e97edfd5581bfb5c21bf9f

SHA512
d40b18f991efadc77b92b1b8d71668f8b13b545ee6efdfb52d0992da32f9cad78dd2b842032c90359cd3d768afb06731bc2d3ee864c8d8f6fa2acd42136a6d27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5DC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar28AB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit