87dedb1f54a1e33713b6b5fe117f74eef6feced1a74077331879a487ac20e5eb

Analysis

max time kernel
45s
max time network
131s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ad144137072ea6b70ae6dc6300d10ae.html
Size

3.5MB
MD5

7ad144137072ea6b70ae6dc6300d10ae
SHA1

b24c2e42981300cb0860286ca3c64b20bf840e02
SHA256

87dedb1f54a1e33713b6b5fe117f74eef6feced1a74077331879a487ac20e5eb
SHA512

08182d51873e912e91894e49fc9bec67023f06d2e8f687b1b16402a80f28679fd2d01615c70e42f1fe910736ba995ffa8c7120705593c54c8c289b5d15eb3744
SSDEEP

12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NAr:jvQjte4tT62r

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5C243871-A537-11EE-910D-CE7E212FECBD} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1976	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1976	iexplore.exe
1976	iexplore.exe
2408	IEXPLORE.EXE
2408	IEXPLORE.EXE
2408	IEXPLORE.EXE
2408	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2408	1976	iexplore.exe	17
PID 1976 wrote to memory of 2408	1976	iexplore.exe	17
PID 1976 wrote to memory of 2408	1976	iexplore.exe	17
PID 1976 wrote to memory of 2408	1976	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ad144137072ea6b70ae6dc6300d10ae.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0278ba130c413c3fbcd608372c07a397

SHA1
742b136f6768bd9abe88890395f1fb2891a67874

SHA256
4c63271b3904fc8aae1891e42c62296c45470be1ed872046170b5a7e08ff78a2

SHA512
74f9f4b7e59213bed44ba3e2e8e9d9f6c92fa99f306d48bc1d17a5657cb33512aa538c4007fbace94c6884a1cd98bd0075e8723be571a35d7528e7ddd84ac2fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f30a7d52e84f0f493ea8d4b73f3dac3

SHA1
4ea5381ecc1ff1984907c3973bf16a3c42797935

SHA256
c5e7ebd4ac17e003a0f9e69722b404392678c54baa42d6f1e7e1e7d16993b2eb

SHA512
7ddfdcaf5c98472a9fa38df5c2e927180eec98e949ca56894520ec0e3dcd2f868a2743c50d3443365fea897cc8a56ddbad763a41e6cfc583e542f6f7783666ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac9da59a23f02d21337b6459be8a2fb1

SHA1
e36fa3167cdf5eb07373db113af2d7a3d2478adb

SHA256
f9f40c63d207351d016fabbb5b5ecc10ea8fd8a708157a9bd9db90c4f746329b

SHA512
736858d84b4ba686ff73f3c39857faa81e49ea0ab0fc92bcff6e6a5be504287d8244fc019c458a430bc20d359058157b88fd183742ce92fe72c1aa4c425a2585

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e04e8a9bf1010baaf8541176ef35f561

SHA1
7e0c0d34c7e39b6942d8d2ef81b34442f88c6b0d

SHA256
dfa47af938ad4b18ff3f24a558aac0ec0d78588cd9c2f9bf0709755b50cdce68

SHA512
906cccc1dd7fabb8a00afe0e9759707d533795fdd52fb94e0074182d062d95379edde9db91c3cb9c6c922918d62d6cad97747c4194e27cf0d86c05656730aebd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f1d209c65852306b60ed1d35b725995

SHA1
ef1438e3e58faaebb90b5411fbb1f41e29f56532

SHA256
8b3ad0ccfdc51da484ed506a1a30c3ab26be0697db66379871ab30009c818121

SHA512
d553fe579909dc6943d3b79d08152b04eb1fe7ff44b496b2ea308052762cfe7d1c601046fb9a7c55e927933eebcc7d4c34fb0363fa3b1c1c83e92cae068fbe6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ddf808afd1fd8ae712a5d3a9167298a

SHA1
d60204eca92ab76af30dfe2118e3194cb6b8766d

SHA256
82d323aeb00e63d73e8c11ef92bb480443fbf406a25ad234f351fde028f4db58

SHA512
623df8fa32f93d5487b7ff3d5b71f13efe5d9db710872326b74eef73c6e63c0ca5a508a9c6ee17e6899b4e8d551b4c4b8301acba92fff848f233301ae56adc17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
360580535efa7f4f33c4a4585c2c39e9

SHA1
0660379629d57df8fa01a982fe4838bf277ffb90

SHA256
6611caf5c2eb09fcb295f99d454df8648c79fd5bd222b61a8c3c518cc0daebe1

SHA512
5bbe8a0f6c598fcf92e112ccf1b44511e72755b36eb78f1b82ed9c5dc7b12d9f09577f23697d643947f6bc842b631ef97fe78bbabf787fec9f55b62176495d63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d45162734dfcac78b50bfb66f97607bb

SHA1
11c956afca05da368ebc370d04e0c04fba02dc8a

SHA256
a882e0e3b6a57762d20ebe33e1f94f2f4012eaa50b782555456ffee36282de19

SHA512
ddca4fbab090f9ecf092727ae12c98d2198bee84c25e501db213cf16a34c2f7674723c81ee05a991d9512a333d2f8f42e1189881eb9359af569fd4a888fcdf17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb8f115821beb8ffc376e6f079d5e896

SHA1
f413415fe5c8e8ef408a5b9a8f5f4fcc19d4d130

SHA256
1f7b5603785aa57f5ad009573da5f3bafc9d2a8076a22fda8700928bac38e90c

SHA512
663dc382f172cdb774961bd3db61a64fae3446888b1b420ef63e0b11995cb6e465ae3e2a1c3ce7e609a6bbf53d405a81e399e0e1281695c1bf68fbec9ac6b079

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fabe171e796fb786c5e20a094fab634

SHA1
10b3a0393eff2630b7be695f887905004de793ad

SHA256
99390b357ba3da4ea9d4872934368c34d03eac0569573eea2b0bca379183773f

SHA512
2cca2dfce4cc2bbe4613c1e4203c0243bdb7bcd870bdec6968574a12908fa13cb0b632048fa34e3b151cc08ee6e73dc4d9e6b5edd8e4c3256f59a33edc01c828

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
892095d8589fe56c074c0b8b592aec6b

SHA1
afcb34cc24c0c83b0d95d633af414a09db1f0ee0

SHA256
df585908985fe7eefae51c9f50b4f5395c5f853c484e4d41f3b745c5432f641e

SHA512
b5672787d4c6e8346899a920a2c3922cc1d5ef4c44eb49b177fdcce266406cfafd8f0adb4652449ffb4c9e6140cc2625b919aef935a1ca9522b015a59278b080

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98fe8f9c4e8f4336a37e6cfec329a226

SHA1
93ca7d0a1f7c5b5bef0cc9fa331941bb6ecb5185

SHA256
ddb6eeb6516153cec6169eb5a6e2b9986ee0c3e82f9f2ed233977f06df0e4902

SHA512
6b5736b92504224361fe838ed6b0d9887eb8cebabc4f75da9edb558ee80df30efcaa9bd2c2fedaef6edefb0ba4de4abe71588511f666c023e0b3d0673b3d5d83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e30c7b6d2db7cc91537b7ec0e16d7e37

SHA1
97356955a0384b0412cca4dd64a13656a4cc93a6

SHA256
0c9f73a6c3edb3adf2f6a18cdf223965746984d2972e4d18a0ad49fa4b7edd9a

SHA512
4d48e557bef3c2cab202f6d1bc8c7aa0d3b35c02d8c7e541870962d70282c6e9ef925bbf6f11fb2f48230bafa2149caadc7b9af8b7e4dd7e1d9a7e8d42ee991d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe03c789505613d75d9906e55b594f1c

SHA1
92f75f1711fc3a1427b13e258dbb84f6d57bdf6f

SHA256
40ba9c9497ca22524b7878994def6859c5c9aa17329d8048db4d65fb726e8ca6

SHA512
2876e759f1ed5314ed81dc0ffa74d1b1ea786e756e8d93ec77ceef143d6885404025ed0f227c73b4a6ca485aceca862d51c2b58137a5d1b4f8e536be16be5790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ecbfc33f0827b0af36b375c513ce1a1

SHA1
e642a17f180cdf0827e173c74c93e4a697676841

SHA256
6e1bc5f50545046dec0d695701d5bfbf5336cc5738c3d76fa07d6fc9df5298f7

SHA512
511a9805e1f1402457f557cc3c4566bbf1b6e082570693717fd54f82231b40680b2ba428cc38d62510993d0e504a55e219e652a993b726b658dafb523024e29d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae5b0b6756b9e1338764405f83e9202b

SHA1
d2e6730170c65632a0fcb57f0ca699610b7b100d

SHA256
aa70a499acb25c99716b439eef0c72aea12eaf76c3175a8f93e85bf04b51ce70

SHA512
7ae446e5068e25ecd599f87ee0fb6fd970e0304468dc4f0dbf89cc1f491d049d48ea0c2e3c325a70743d360df7d66a46c2ac1d439b153145d90d6dd40bdf9767

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42ec5ad256c35426055b978d92c6cf72

SHA1
4d22b3d93a09a4c57b314e48f6f62729b6bbd69b

SHA256
93daed2e384c6ad3543dd1faffca390b5adc295b5af74c558665cd9d73f8d765

SHA512
fef7e3ebea6ea9c9ee87fba47bb5659641974a8d954a4ca3188a4b263e7fd388ed927997b1d5bedcda7e981a3ef6fb893321ae22925894ae4cea5c3fe51e6aa6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4177f4de8a64767c815a8e6c2e2f105b

SHA1
88d6a9ae9d9d32d7df0c38796b7d034ce48bd40e

SHA256
19b79afe5501da684284cb3bba98cfb7ef13ae560995b41cd84667f3229a8c97

SHA512
572a5e3e131d376a723db95870bc3e8412a49aa5cc1ffffde3556d3bb25d8eba110fd40e9e547a4132eab2a6d864688a4ff63a4eddf69359bf29572a7f2cf333

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGJGBP5V\beacon.min[1].js

Filesize
19KB

MD5
dd1d068fdb5fe90b6c05a5b3940e088c

SHA1
0d96f9df8772633a9df4c81cf323a4ef8998ba59

SHA256
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

SHA512
7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

Download Submit