e65aca9960278818f8edd2184e922c95e4ad0f4180f982663666c38a2adbcdf1

Analysis

max time kernel
142s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79abdb26b1806a69ad32a6ae1d8e7e71.html
Size

32KB
MD5

79abdb26b1806a69ad32a6ae1d8e7e71
SHA1

e7a315e8b397b80e1a73b1c919bb413ad7fe9c59
SHA256

e65aca9960278818f8edd2184e922c95e4ad0f4180f982663666c38a2adbcdf1
SHA512

db9d0f012382d10bb180200453c4fc5c8027b8a870a79f2c2ae04d4be6fd5308dae1aed23a89f16a508f6ff279fb9214caa55f88b90621a3d82601f3d752781b
SSDEEP

384:SEb/TeDmAuV6dkrNmXtMaxT1mV05e50ZRsUIVeVi+BiIiGjeLALIrZxLY7QIo9MY:SEfeDmA05AMaxs05X7ABNNNNNuo

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410729012"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70388296d140da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000ed9ca014dcfcfe000410394429229d79e00d2a6b149f16462267fb3fe4a5687a000000000e80000000020000200000001a96588ea6d153fd1113ecd08cfee1ad628e076ed2c471fbf138a462cf18109e2000000075a7db4718e3579a1fe1eea926d1d680fdbf5c7dd7c1de3bdafdf3b3760e33aa40000000b39abd8c1f19de27a307acd70c66be81064c30fcba3e146566308bbef8dea5032e57dd219e5c413d1eef164462ee254d487f5c4dab3b6cdb0d8bbffeb46d7167	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B9A50FD1-ACC4-11EE-A76C-6E3D54FB2439} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a000000000200000000001066000000010000200000004f03cb8c1c600b9089a1f1d708cb2523dc49b3b56c862ae6d9b6d16ca5abd96e000000000e8000000002000020000000945f146b00f1bae67d8ab149cc36de18c21570904bb68b921ead76e4dcfee52790000000544783f80e229ae1243f7af0f4a793687904f2d528b63573229658682e9e663c5363a4a75edf7111521820e714a639175ceb2fd7f76991f6fb6f74dd7b25fe219f14758cc00d1412b9c7bee5a7f19ca6edd5740e8a4df54002fff8cb0794b4e66127b3bdd356ef1b3b7f3b32691d0fa6111d2751ba2c16f08f9a621529e3eced5ed278d57a7f588cdaee9d8e156e49d340000000b0933d844c43426cc1a8e41f798fed5c7f2724bc9961e489aa41c594676a52878f04edb8fe1b218cbf046e94660d57d2010aad773e17ad741f497f0de5f0bcea	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2108	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2108	iexplore.exe
2108	iexplore.exe
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2448	2108	iexplore.exe	15
PID 2108 wrote to memory of 2448	2108	iexplore.exe	15
PID 2108 wrote to memory of 2448	2108	iexplore.exe	15
PID 2108 wrote to memory of 2448	2108	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79abdb26b1806a69ad32a6ae1d8e7e71.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b282c7c7ecdafb18f82d511c3b4d5ae

SHA1
49add719eaa235c80427566bed99cbce4f3c176f

SHA256
8bda0c2f034bdacb3d54231a6c36cedb94f0f0ea5385ccc62ca28d00daa0e4e2

SHA512
6ee4b6fe8200b706d5bfebe6183cd51d8c8e18030895d63923cfe6df5bb83d77c5aa466befa5af46cbca52e55cb2ef52f8a2199525c5146a3db583ea7f382fe9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12530bd2e23a4580758ccb2fcca3159f

SHA1
1572842bee147f7f6f92f7b6350cfffbdd1bc107

SHA256
b10cb6f827b938851caf54b7b22d175c5896bb475d23d872b6c6f578723098cf

SHA512
25b01efdb83f65ab7d8eaccbfc4c228d027e51d6f8185a8cf9338bfabf26f80cd187d54d5a0752ea75f23ebe7b85464063324ccf3bbeac932f7029c7bdf5ae66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a71ce3943d4228912622de8c6da049d4

SHA1
6bb372ca1ee8024cc3698ea7180424625dc701fe

SHA256
30a79665df532b96a113fc3c58929a95a4cd2688c2a54d12f7677d3ab4be4827

SHA512
241640267ac4aebcd576b4a795a62b98a9fd998d3eaa76a6166be6cada9275b15d5cf8549135c74981c91b8375f480ccd74215fd982c5a08ecbba894d1451187

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8172da70a17caa9c8c3e712ba9e11be4

SHA1
1f3116a703111c8ed5f01daffb7dc2264d6754a5

SHA256
06d6210f8db6d32521606da1a2f2f36b67a5b8320fd7d41d88b719f6337b4331

SHA512
5f84f5ccfa6903d69f845e9f25678be885a8963f2a35d7abe299d3a580bcfe64be5db113c3aa01ea7e08d057ee05fbb861b3c64f8446a4e1b4ebd5c59e2fafd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20d49850c657ef08c0076189ba01fbdc

SHA1
a2ad3a85a449bcc1908cb0bdcef5c34c9646e85c

SHA256
eab6b0ed246d97556e9d3526a1c1da04a7692e09af4cb01bcf4dcb6436722b40

SHA512
24b233ca94452c2bd58ce164266dce15472787860ff0753362c6ac3af6eb49090ef8adb2c1774df5d2d317f6f0b64acd16723cccc6c0de4678ad7cb70c0da9df

Download Submit