8d502436fad21e128697f5aab223a6253cbd66ec8c2ee7bdfab68b1643cb288e

Analysis

max time kernel
142s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 17:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7f295593f2b1371c1330805e6dc236bf.html
Size

31KB
MD5

7f295593f2b1371c1330805e6dc236bf
SHA1

cd80ada22d5af9bf25e0bc89e37bd470d7ab5a60
SHA256

8d502436fad21e128697f5aab223a6253cbd66ec8c2ee7bdfab68b1643cb288e
SHA512

127bb931f7448bae3cb1a937713274ea7c80490365bb2734340b8080dabeb0752536dddb816c9208520c985e149ad72dcad7e67585722b6e765b02f970e3ea90
SSDEEP

384:Bwsz4F6OeQ627H9L78BCBAQP2lkJrZqBjG5zSF7P4IknfRGmvuJMqiow:tz4FB7J78B1qIkhZ6GIknfRGmvDqiow

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c0000000002000000000010660000000100002000000038090bd8a8ae1c3885a99e4403bd2ccf6a2db2311794f8cf32d8691e214afa07000000000e80000000020000200000009cba899d10a3cd36ad3dec4673233cb6b9433ab34db885844fcd869c4a1f0e2590000000c1465474e15e7706e69b49592a4dc9634d77eba891736b70f1ecc0dc07e890ffb37f05f847e0b3fa3b5504236297457ddd9b963f0707e4d0d756541f887898918e62afac66af8d94fb6830cacadd2e4d50e2bb9669268272cca37720743ff873bfc9088a8efbd08eb54020dc061dc2c818c040866a58742736334d9b4e87f70c9f63f137ba7076933251bc40366dd64e4000000050d4c22fb1dc91b69776bd1f724d96cf8ceb156b1ed5cfca38d36f070a21e15e60cd018181d44ed11db709525975d06ef5c5edc6b0e0064f76ddd33ad106adb4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0aed147ea40da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{670F5CD1-ACDD-11EE-AEE3-EED0D7A1BF98} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000b9709fcaec1fcc961c27ce3b055fd1478747eb581608e2cbeb009d42a2cf61ec000000000e8000000002000020000000a869c0a5dc9ad0430438af6d84ffae2271f805892ee2878db4a51dbe811325f6200000002fb37743a7e16c257b3a9956fbfc54f199a2d04bc4622206b1250c8c60fd7f634000000013e105ec5babb81fe80836afa516c6eb4d697ea98cc1b08cd0fafdedd19a276d6952e0f65f32061c7ad899a79ee7b77aa740411499d49a7e04b25e2eca361978	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410739617"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1724	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1724	iexplore.exe
1724	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2836	1724	iexplore.exe	28
PID 1724 wrote to memory of 2836	1724	iexplore.exe	28
PID 1724 wrote to memory of 2836	1724	iexplore.exe	28
PID 1724 wrote to memory of 2836	1724	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7f295593f2b1371c1330805e6dc236bf.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7032c6d5b3208e97c1395c40c57b4a4b

SHA1
93519b530aa496b1382ea7ef7911149e7972a8d4

SHA256
25668d39ac30f6878b2a006c1d0f74f552ca5b28d56162560058f3147ec214ba

SHA512
72a4edfc008243d252ea2659b7dbb88eb01a0b2656e4e0011fb776b4efd0e20137ad80ad67dd700723376608ded1e1cb50797ba5474ecf6c7440008242391c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa945f2100e569ee78cc83e4bfa6619d

SHA1
046893f78f8dc5f2d548249742cc7f9414806011

SHA256
bae5e20c34ae961f02518bc6bd2e8a48c29fc3b487b098bc23c8dc6c5897162e

SHA512
0e64392e3a0cc577b3630c578f4e77ac6b96c66f0cb2099b84c97f3a431bced73708c06e84a6f9ed4b6aedc392da7c532a4eda6781fc9e63d3040150b4415798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7974a88a29bc190b73ab7557297e472

SHA1
d9130d1f55502bf9b2d676a70f884c406225b8dd

SHA256
6897188a54bc7277f49d8e1b9821ad990559a499a77082ae8883a5015200420a

SHA512
c58b212bfd5624c5d0f4bd0044e41e21243cf2e7ebf67be05defc7e2101d43cfdc31eb5990d656abd624a6f9d27098460509b1410c67653d5992f243470ee12b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ccb2b7195f41662c6a179991a1e0ea4

SHA1
afe4d40aee65ddf0073daeff7740a6d8b053142c

SHA256
6a46abecb54fb49e4857084c917efdf24b945145f52df58f465e03070eaf8730

SHA512
b639d6cbe9065152a6a4bfec4ea1ee3e6f0e0b3255575a0eff8f6a05e2452c4b8ffe4a6832a2348a1731109eb1692a890db15618ad2f1282c1210890f966143b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68985097932b4877a1a06f0092881c59

SHA1
259e7ba54e9b5c0e568d6aed64266219fefc8532

SHA256
307a420a0733f085ccb26826490db656f2b8b84bdf5c329766660b63c00ef255

SHA512
ef7757354b52b74f2b5134fb118d7d625c941b44dcba1e1b9c0a8e1e2c7d9d2b9177ebe7bb22ef820b73a162fbff8b07335bb22b1726f08f573abdb3c1b849b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93a9dd20321329ad25076abd0d385dc9

SHA1
0a0b45521b69375edc1b7190682b3f4754d4b219

SHA256
b38c1ff131e5b9427a51ca043ea2c6895e8b3781d91cfd303204d0a0c091396a

SHA512
0277f6d8ec8e6882ce52ebb822f2558060ff4e31fdb30f59255ed4e267e6fb8e0fd74852eb9bc39fa273efe945c877ce19f972ef021cacdfe27f2d2df48b0502

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c1c2388b03aab3afbaf1148d27dad6e

SHA1
127d7cc2b026baa41f9f7b76dd09d0e0aae7bd32

SHA256
fb9574b7c7329ea46f9907bb5d9d4655d36f0912ff2ae7bd2caf7434ef9cb891

SHA512
6d79a2cbfddf8ea35585fc0cc8fed4052fb687afd93f5076109eacb2543dcc0347355e00fd9c6bcad033f3afd65d4b3546392162e73f5c39825c7a9dfc500202

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e46f2c6003db1b23ff556438e595179a

SHA1
77a6aa7bea1a5328c0d7fc06af313a7e52c10dd7

SHA256
64be7db0138a6be15b93ef10220e0e317200489436d08fec6dcdff9e0c0cafbd

SHA512
19931d14cbedd1a7b966054b4ccc405b2bd9e84a35ad232f22c322ce63a4b3d929fa3090a9cc2aa422ae6e7abde8cc05827f2ef8a7a96fed7a1fa9994b72c9cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a175992489a351652c427546e3b52f2

SHA1
d2337ff4fe4eac2fedfd32b479eeaae8414dc14b

SHA256
b5cf1b4eb598bcd2937a2a48a0a0c1509c07f806019f0506d7cebbb362ac6b0c

SHA512
4e6aec913bf624def9e09579f362e015b167ddaede14664fceaf75360b54e9ca7fa05d3700299f37b663181cfbc45cc3d7e0c1fdf0c1af761ffe7985902dcf8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f517be289bc7e1ad8ebd1c181cafef5a

SHA1
42197a95ac50ab94048c5ba85feeeae6efe95752

SHA256
0387a9695e27096f15a00b56e0177790abe7c13b470f1217d530b00e13f93cda

SHA512
49766d1ce63620d2f2d4e52ec642df0e613bd352cdb4d2fb56096bbf3281e55b5c033652d6c45bfbad152eb177495c40d4e4dea0499c5faac80f98b073839ad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
404f6ab6f48ea3eaf6b4a704572db2e7

SHA1
b63142b46127db3e35570b262ee50152a3ca75f9

SHA256
140cfd88812e5c606964868edf484825197c4cf56ef5c35a952d0536c1aeee5f

SHA512
6583d988f6b179e51f8c9d284e6e3fcfdda3111e3f5d24554e39221448ebabaff90c9b0a58e57cee1df3efe25e59fa20fd36bfc9498472149864b67795bb73da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a83231c8b5ba0deecc263b41ad0c9670

SHA1
a690b9dd675b93df2ebe47a9acf607389cdd2cab

SHA256
5191dd3e306435ab5e35a624b2c0baf5098603725ecc0a813f6c5ab358ddd3e8

SHA512
9920917911c4ff7ca81dd108c2b476af466ae90c712506b09fdc09ac16754d567093761d7412655548caee35a8e7659e22ed8ae4b1e115cbacc85e3aa174650e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36c5ce82b636ab250f0e89068d159111

SHA1
38f08af084983062631b3e9e54b2a828ccef0865

SHA256
732528bf9a6f0b2b81d9ef46c38711121e5789eef047c720775c1f7eee85ee6d

SHA512
43ca6998af6a330e0ea2e329a7c12771403bdad1bf6f3d08cb60aec937c1a44cdbdda3d8b77c3d0a46689570e35603f66b19170903c4e46ec04248e5997aaa3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da3bac015decc2fb49d8ed11f2d20e0b

SHA1
5c3bd5c1b03de467280482f189d515890b5d8a7c

SHA256
95d4f77e5883f74cd36bdbd9f103481f84af9cd9f9556d845ab114223f4a7d0c

SHA512
d5543cd176b96601ad255f1eeb52e9ae017f18578ddba1b08c4f13911e3d292bf531fd6606689a062e8902708454e6c2d879d8e9c99324bb840eb8c69abf80f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73b375b6610397dfa76daf9789bc3b69

SHA1
739ef595ddae1c5024b3f208ef3b934bb645a055

SHA256
57424bba47d1989e6b3cedee48d8cb9e521ecfdda962335f9c47bab3d29f0421

SHA512
b5767678670ced161bf03d0ae89332f7f74a8157f0272dd77fdc745570f11f11450bd0b4cf8d5c1ea82898ec2085781ae78528138a659a7c232439fbe894c0d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62ff62d424c60bd90cbbf99dd9997cb9

SHA1
6c878357cb3b6b3767bf164c264ef17728161ba5

SHA256
822fee386cb1a9000e98aad9d0fa4008cf58fa5ac8b3b4b9a98976ae55b84e3c

SHA512
fbdb094b397d9367f57187eb1c3544a7558f1c89ebf79e7024ebad76ab8312c2bd66f91d3128842fe15cc95098f3d1e5d532934568e4e2fe61b54ee84c3dfa8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
466bd7f544eec3481ce0e8a8700c949b

SHA1
dc56b044ce6093d587c66a273f7027e2029ac042

SHA256
a552873f9f5d50bc5bc22439e1e897a2559396c5b8bdd663412d5a90d79eca8c

SHA512
37f48a0995d1e7803719ba138e9f8379c20cef4d22d00bdc5ccf18d83d8328b3cd5eaa75e5d703bd075198c67f2db19ef677b424ba22e9483537809e16efb241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1EBDLS6\e18443a994dd56b2348182909a25925b[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab931D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit