51ea6c01d64561d657a0dfbce6b2180e4d8673aceffa7e8897d7735f64a65385

Analysis

max time kernel
139s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 22:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fc2303a67b833063e43aae6d470ee2c2.html
Size

14KB
MD5

fc2303a67b833063e43aae6d470ee2c2
SHA1

11f692fcea4f84203fba19839d21eb98677b5938
SHA256

51ea6c01d64561d657a0dfbce6b2180e4d8673aceffa7e8897d7735f64a65385
SHA512

b882ea17ff759b52fca852615a21b44a25ecaff6a8258da835abe397e9bfe0c5f5baadc6fdd03e12b8bd3e127bc03f487c0c7430001081ca10fe3a6361834e74
SSDEEP

384:GaCIj5w6M+fNxe/8sK03zm6TjBOeK8Y3fHAkPWETwUJ/rr4Kuw4MN9o6Kc4:GVewOfnLlszjYXF7Jv94

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd769173341890000000002000000000010660000000100002000000038df8047be02dd4a13c2ef9d9a2203ace39f9e89cc248aa8d0a0aa3067ff2a42000000000e80000000020000200000004db6a59a4a39236ac0650011b9b8f94831727ab97a2e1847e78937c07516965620000000bf013fc59312098b7a1f1bc2fa7794e351aee3b4df31dda0c619cbd1e48531f74000000094a39c3ca9d49415483f3995210f9a8452bfc4915aba981b24e043ef1e82d8e6decdef4e8f60e7d88ed81657e374b37914c8f7ec2fd259d243d25ee683c238f5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3174B61-AA4A-11EE-8723-CA8D9A91D956} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000008ef00c1a4c047a5cea76203747da89ac3dd527f2b2c90cee8c48acbcf480be51000000000e8000000002000020000000a5b5232df1bea57c56b9f2c566b98f2141071c988f7f4ba6096c9edde6848e8190000000d745521ad8111244766f0aba4ea64103aaa2d1b9826ecd9c884c2af8ecb982e6b4971aef3bed971a699c64f0cd83bdc5189584fa5edbe0cfdccae91373e8fa76abad4518e8d5a8c0504cb08e2eb66c97f0d23f2a723838fb807a31388b65a05579ef725b0c7091efefd0bdbc3fb8caeba7adf387b55669c9a7370f86925b356e687a3f1134be8f836e92b24e2d3fc511400000005e8cec9d9da41f0ab1913b50bebcada3e53979a61b66b8e16e5496e38231fddc5e490d5fb1a89da48dd864f3b42fab6abc5500fc00b7b094b1acec3a8fd26c31	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410456808"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d02e99c8573eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2976	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2976	iexplore.exe
2976	iexplore.exe
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2740	2976	iexplore.exe	28
PID 2976 wrote to memory of 2740	2976	iexplore.exe	28
PID 2976 wrote to memory of 2740	2976	iexplore.exe	28
PID 2976 wrote to memory of 2740	2976	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fc2303a67b833063e43aae6d470ee2c2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdd2c00de12c46ba7522484ac948f006

SHA1
0c53b21de98f8b342fbff5307ecf8d619078088e

SHA256
d4dd7ee2759f61eb1eacbe61e9d434cd1bd9202e0d00d96b26e1963291d25069

SHA512
cb85e05b5e0543b060ad04f1bf68bd4d58c308414a6cebb511a65bfd8f2fab8a1326f74f6563712b54c4432660209a3d1f97912dbfd322cd78ad31702810d9b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcef27d5ef20e67b4bb8deb10254954f

SHA1
0674bf6daf4f91c39e2b93d954dcc5b8d02ff3b8

SHA256
56f2a3524d28f6fc65302a1158c53490fc8164b9d84398e4eb2598d1a780a357

SHA512
8f0d9592325ad757a90a5e59a6805d4fdac987f82e57acbdd85dfa7680f875fc25f015116e6c6b860bdfe26cff336ee8b9c5503362befce87048ea9a1efd3054

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d86eee4e3f9f9d95dd87f824ed9e3831

SHA1
9ff015aa0aa8b745a1fcc79298b9e422f82f8da7

SHA256
f92fdc08a17b79d21a069fc23600d6a97fc15944f3a0713f37beb12b767ae90a

SHA512
5c35cfd56278376eccc86598b3e68bb4c1a29555835f77508921ad35275cf97853056154080a291e9989776cf7288b74a8bb2051590b1fded796b5a13aeaed0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dde1f2b13117761ab729effeed0cacd4

SHA1
bbc23aef7b9035cad784c37c4b4f39aa6e37c8cc

SHA256
13b97edccda80c57a6813c169abf23191db99960b4b978acf8b144f5e54d72e8

SHA512
6c855c7986303be68a616c0c1094ebb025e2508ce43cf4306ba60a5c4bc21e819d8699805e01624e96bef61de39ff06113fb8601f7231b1d6b0e0b898ca818c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12182c18ee0a89b6192884b3c398cd2b

SHA1
69926a9ae81b5a0b4e8346e455d4463c37cfcef5

SHA256
2c65e76498e77f6a220151e691e7a59fe3c38fe00302c9eb1271098869cfec9f

SHA512
9e140fb68ece0a61488097bcdf129af913d5e16dede1688d004a7b761bc1fd913926843016cb2a6e889053f76b9f12b4cced47414f6e1d389269038af20058bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
681f4a28709e52240e6dae48fe742a34

SHA1
b8bdf8be0babbf87e6f31656bfeb2097fb4bf4fb

SHA256
5bc4f5f80e3834070dc6f7126c0be18ed5ff0b60bcaf43e70d0d55a662986f77

SHA512
eb5687233ae8a4f891a0042130bd8cf0375f2d9f58e245cacd3c660ae19141886f5cb51def40ec5cab7809c389d6fa3c2463a1e0a206cc5b2fcd16610d27dd1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c966d3755f85f7ce85cdb3b4110ded8

SHA1
b85a4faf4dda9308aa3c8cd29627822b464e1ae5

SHA256
4fef52ba9202cbab6f39ecbd229bcde6e2acbd92cb311c46590259486a10eb39

SHA512
c116c29f34e7f09eebb2e12487aa04a3b1bdfe2d3628f0a930741a3846afb990602529ff8d6c68b428cc4cec4dc9d77553e9a65f5afc1cfadf6fe865b62a3951

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76a54949f32bdfb80cdc9cad28b20f21

SHA1
925ce2f001e068cfe63c01a5a9e5f446d2f7b5aa

SHA256
03f45f0e01dece9757fe7fd7733913699547334b4f79d4ce18fa4d7aea97010d

SHA512
b42c00936010a7e3965b01afcbd4bfe79e0361c1e4ec3110434b4de6d1d590df3cfcc3fba232bfb70a73272e92d5bed28393d5a436a1703292fcb04b7c6a73f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
808c7d752e0a599e5d58282ac20ac8f3

SHA1
6d631859b4e302ab8936c551b6396cd204ee0c5b

SHA256
3188620a0a3d8b7933161ead2efec0e91b5db1a7ef32cb8af6cd92af08fa48f3

SHA512
b421499c444af31c1b2e5defb8e0c67488ba8f8e4fb933de859caf5614d370a7d01f5c1caadb93632234a37d6a5fdc9965994e522f681bc3fb22a0da96c91615

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6028d1c97c1b4004920090366beb6b14

SHA1
7dd9095c576d944214a3a8cd153eebbabd306f40

SHA256
ee2a92472f393f7f3e3c94efdbb570ac5b688a1fd51b3e55d1726236878960e4

SHA512
92d3f11629b69a45e7f29e295b5a5dc7a8e52134bb8ad2de9aaca095d7d7ae899510c8f5d0b4482d3c50bc1658be863fc53bab13b44cadaa4cdfb66d899f09e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46c2da5971eaac2ee53a90bed3b5cf88

SHA1
5ab72531e96d8adfc4a68932121c5cacddb1e683

SHA256
d5e64c98bd19320463f27a2cc07af89d104ff603f57f0fc560618cfa55082d14

SHA512
72f2c53c6612383162c0e2e9f28b331ea7364dcade5f6f71b321880ef946595a1926016d1f06068ce929a1c59abace1dc92772385228bd4383fd703cd77ee68b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
419d4fdad733c8835cdebaf58ad70dab

SHA1
edadc0dbea364002337a6c6e074f345355de77aa

SHA256
6facfc49cfa4a80ef73e1c1fe10bc342d7496ae8e935e5762e296d22731e4dd7

SHA512
b7e33b3ab032f6152dd4280a742465269c3e61b2e02a25d04161df82cbe253437d9f7330cb6a8bb7ea5e73f1d7184d3f99c6938e7ac3d2cc34933fea7273e9c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ca8149b884e0a2dedb6384484ba21b2

SHA1
a58486a24a4500b1c82ba9ced0acd2f26c81c635

SHA256
164e357b219fdf2b6bf4cd7027bcd7efa5b41cb385a8ed6f0b21d1364d977cd1

SHA512
f7c07ca6891826a2c0e21ae61615f0ba9b2bcc19fb25b5cee6d486a6b6dd7a57d929174881e6313342776dd0fec8df6a43fd4e6f232515550e95dd51ca3867da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6aaeb66dbdfa509430bff3a0fe4d9e94

SHA1
b25c0b31648c1f960fffa7e2c5a89ccc040c021c

SHA256
e006c30ea7c6e7ffe481e6f26e91e8a03504a174622679e2160f93913363533d

SHA512
1ea281a64a906bc7c14a9fbee915ede7c82d91db57bd6039ac050414af747ec022e35a931027c3fbbaad122ab35fc42dc1747a49e1d736e30fd551730d0a3778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c14374276e707f927ba82eed219470f8

SHA1
7a34a1d63f6fa1fa9aa3349b51e099c0c0bf652d

SHA256
7054dad595ce54c5a97cadcca08d4b90291b3ced45acb71a0f31f214d5de6c3c

SHA512
301382ecfa9b3db3c690bcbe2c53872d16880a10af7983c9e131c6e1edec143d743c46eb8f8d2d2aaa51e8150580c0a354bde55c6a1d26a5830346ae52d5340f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15addc862897bae133f023a69e96bce4

SHA1
c9e79b1b6258c67ccb264e46b7e0c7d0969ef09b

SHA256
3b6b86c1b62834a1bd1f1613d929d7e415ffaff1e01e6213eba348f384e4b4bf

SHA512
e716139315878de4804270c34baaaef7fccba387b008270e810d59aa0cfccbb2fa12e46a7014d59f4ce9f2fbacf063983543c45e6edaca8be55475b8c3c2664d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff23dbe8d999eca7be39a1246bcb7515

SHA1
59e64fd3627263ec381e6725c99d64d71b6e98f0

SHA256
1ad8abbf0f66b5dcfe75d94836c4c9575711c6df29c1dd4693bc87abcb18a6df

SHA512
5a557e6444981c3b0778a85fd587d82869940194da9e514eadd3cdcf655b9f752b9d18dc043fb2e24ca5e995b4e9363bf1db5abf620f0b915f69f2688a5e7c78

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA288.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA357.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit