e1ea68bfd688f160c1f8da6006a375fcd0833c878e52f523feda85852fa7e4a0

Analysis

max time kernel
1s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9ba38ce8759fa1efd12c631bc4803d6.html
Size

12KB
MD5

f9ba38ce8759fa1efd12c631bc4803d6
SHA1

c6cec6bd42f0d79c33cb5e69698c3479074718e3
SHA256

e1ea68bfd688f160c1f8da6006a375fcd0833c878e52f523feda85852fa7e4a0
SHA512

8ef2b07da8cc31122c9fa3b3d6dcbe444b0d1b313dba7346c3c7fdbf1c1efaf3a5d91e714ec64033289bfee4f90a48635378c7ac40a3dc41fe203e1354b378bd
SSDEEP

192:r5N8UBm7wmjoLn62gXV1YmkrJy2gA4sjHV/oJ02d3dGe63RtcQ:r/BCo+vLYmklyz02du9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{86524931-AF31-11EE-AF10-EE5B2FF970AA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2104	iexplore.exe
2104	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2384	2104	iexplore.exe	19
PID 2104 wrote to memory of 2384	2104	iexplore.exe	19
PID 2104 wrote to memory of 2384	2104	iexplore.exe	19
PID 2104 wrote to memory of 2384	2104	iexplore.exe	19

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f9ba38ce8759fa1efd12c631bc4803d6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
  2⤵
  PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f73f9a7618d69916482feb76ad40345a

SHA1
7a3fb335f58686b659f9f02dd85226ee8eb854ba

SHA256
c498f3146afb2466a25b0e06d967877b332bde333d82685017d55707748ddce9

SHA512
aa81d3d71f997236b3a909ce8df0889aff79a7a5c13e6568947105f71d46f1b383356eed57acaad2135d4e66c44ac4204f2bd0f84ce289df4bb89606d63d5f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ad30532d16d71e45abcb572b7975082

SHA1
acca7abe1a45a7f0098ba010de81b9ca5aef66ef

SHA256
9c7841397c39369aa2248a3e8cf91e618b4d4c9c2292c9d54cf85970fff8db6f

SHA512
ca40a74a7207a634a1a166a71aa44d3804b97273cca3c51cfb22caab953d11a1cd0714900e5077662012f5e281c258638d0f81176c2df7fcccf7f290cab09094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
716b9f3718b449bce3098b3bee38c1a5

SHA1
b09738c179341f39b8a936d3f6d49a9485026017

SHA256
322f44f8aad5ea52f6472afa54bd97ea6e4dfa065027b8c7414f450a3ebdb83a

SHA512
950614dc06e46a894449c34e1fc3467bee2e3907c43e3296f33085811c800de15eacd9fa61d471471f661e3ff916d2f93714b5bffe813f8a2b61a2ae20fd42f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24bc8937d2c816f51264f7a68e538e23

SHA1
3751798f862c3632a79dc228120ab125157c0bf5

SHA256
b9d9aa67936eb2239f73c262f408fb0a811cad06a0b10f99399938bf653b9805

SHA512
04a2e4733e3c12514f1947e3890ec00bea9c2db9172738f23461d922c51c2e5ec55233e5536a0631551c19f4336ed8e0c04bc80a1dd3cdea3f2d47b6fcfbc81c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fca03b748c57167b30529cf6e9d704a

SHA1
1d019e7ce0a0ddf08ce7678cac29191c52194e6d

SHA256
75646f75a8327e3cae12d6c96a97289b24a1928ef678f0eecf5a01a0c5c72bc5

SHA512
e5a5f2ac7f9e34fe1cd6d5e1e6475e925415bc3ed3e95be70d48d194b256ae9116daf6caf37153bd7e6d783fcf96063c7bea4c183d6bd971b4a90f4b6402ef93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91869be5f11887b1fb60f1181ca13168

SHA1
107030627fc6485f35eeafae42116dad96b15227

SHA256
7cb023d4a45952c74de3e81dfbefcb00dcd4df0f88d1e289419773c4ea898654

SHA512
175537b53cb224e9abd98285945edfaa9dee80411e97ec99b19bc357ff074c9604c6363eddc5a7f37a50c7ae41dfcb589e5d2f550b625b03fa3342113f938dae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf3bd151c1954bd3dacd75b29cd60c46

SHA1
41b84f61874e96c5a14fa5d490730339b8570e5f

SHA256
bdc8c007b710cf7b3312fe10481c0afbbb5c911cc69d8af946ee7da66aa7a4a5

SHA512
4e443c6fd2e8df312b90b80bc1378e64321dba3c0e3e14c6b348a186d016ab63c16e679042b9c23b39da975acbc7c174f01a33e766168aa3670907ac456f0764

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a01469775e3a0fdf640ca427cdb1ca7

SHA1
8dbee51d859d0cd1b428e87c3c5848e16ad9433c

SHA256
3be9b20ceae3631008c5868b03dd09d21c0c82792268b67e9803e7231a14be41

SHA512
b4ba6128d90543c807dbe1fe957997f27f7192a19919265006d0504ae793c47782428bc87519aa85038299c65f6ad13b8a3136fd468b8eec80fd92f3f5fd57a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fe416f5a5493e87d7af16f95226e02b

SHA1
7ed08dfb7e2098869b44d115b784afdf435d628e

SHA256
37d2abcd6c54d1a9da9322e8219b96dc3038538829e49fe734a6c14362811fbc

SHA512
3944e6dc0dbe2ac15b7057796201f830b0d66b111de7101082ae0d4a31e3d81e4de13309bd67d35983733bd872ea9cb0ad29bcc962a5e5c4b3c7aae5bcc06950

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3a245afd6e7d12cf319b634a04af127

SHA1
af7cfe30b7f28818cf3699d8f0cd31af707ccb3f

SHA256
9b8541d416e3846c1ffe422c5b2346ecf7892cd37922adb238a510698289414c

SHA512
0df436358f32afc7f82c7d670947836f932924299b8bf831332d1382eda579b0e51371944cdb20f920e0be0e9fea0f4465f7a5f3200e939b7b1bf02bd3325ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcbe4e3afb315d60609464ed781be181

SHA1
c5fe9283ca3c162e42d580b9c7329fa89a4ae0d2

SHA256
d3db56499e865655bdd62c176803cba610f8179520c6a090557b9259d7c79e61

SHA512
fd035720540805a03aaaa3c5c41a322275005a68c0f7e71d14bcb8f04a6e9d61402c97375fc7c50ec7539a82c8dfcc75a4d6d926deba9b2708a8f701b88acd7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be95e2178132721e75de8f12d5b04a78

SHA1
7a10cd5ec1ee962844ac9ed7386a5d966f99c54f

SHA256
b60d015b5d7a53d93c05b26088b197b3398df0989d7c5cbac720e972b666d714

SHA512
6d8983009b0c03a9456b704587c021e4fb874898d1a0b960f4e51155b786280feacec98690980379f2346e2eddc839d0c0481037d895b903ae71a8d88845686f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6244c29490ff1f5e6d95b16e96a426f

SHA1
4242fd9c7d58cdfb1bf64f90339037dcf192bb9c

SHA256
2332eba6937a21a48c661097cc9045883450ac69232a56386cfc7c18d728641e

SHA512
bd7409729f6a52c5909f5830369aefe02b43a494d9a77115254ecb7bd4c3feacd3e33d7c2dc0db23be1dce374aec95a71afc63b1e92e08b34aeb04224637c992

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a864994ac2b85177f3a3ee3067d0ce14

SHA1
4798e5af575ee23105b2e603b6692086587310fb

SHA256
b4622df91c37d9e577501590cf92e56394c51f273bba57873a889f4c85821fe3

SHA512
bcbeed928882e1d895504bb9e45c76d29370b6c78a2e5328ecfd8de08ff11360d47ee4b411c575792b53406a76a20d8bfd4878f679fc3361b7b80bde45e5be23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f98feea3c33e610991fd057737a4502d

SHA1
70bb4f385ff0fbed4a39f0ac72dc360c25731c67

SHA256
d75d941ca4f82116691469e85933d95a1eb13098dd97353c2509f351893fff1e

SHA512
de84450c8e6554a8fab03c5f03d901dcef2d572e66fcc346c587dde9038ff3bc7c0349671fede11953f38dccee1b07041b58c4c921090e4936700f136c5de51d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1deab6c5191652e9b52334a3f2d7d3dd

SHA1
382f989dac000e363d2d73af06926399bb0dbcc9

SHA256
2e45c4a2ec54128f68f7a62b3e07e5d6fa754a73969732d678c0079eaf0eeb3d

SHA512
99a9ee2ac68b03152cda4f930fb5f712579f460453497f55a357a71d2634e64f2e351d1e7f1e006b81cc1793ad32c20c9bf977845eb5861063d21a9d9acda10e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b9f32d0ef399d7acb2fbc0afc57231a

SHA1
ed0a14ba4f2c1776825b753adf24f5ec10c81f2f

SHA256
57036d356cfd95f2f64242c155bce70a5ffee260043c3a006fe1b1d1fc5dfb0e

SHA512
fef1f8ac4fc47df737cb25c5b1f7f4b2f6855df626857e0cd08c2e930eb58428f6e6ec2b040157b1154bbfd4311b63e615e80a94685d05ed6b77d3a10259c4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8C5A.tmp

Filesize
50KB

MD5
23857eed04efe91c288c38cd9cf04e71

SHA1
887b91fa2cf1c4e2d5f29df7445675030085b79e

SHA256
78496a57d38b89d18c05ad87b4de4903eaf9601a2f3576827b9d77dbec2c4e63

SHA512
707629458facb65a251beab78f7ad69fd2adf6d9159896227d6a7c01bce1b0f0103d4bd461c2b168b5772e50a920c5768cb059375ed63b4f93bdb2530698d46a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar94E6.tmp

Filesize
55KB

MD5
28a80fbd927096223d0fdb71a9bd5a37

SHA1
3a849cc3b2d199e55431b6a1d0b0e3e9312385b0

SHA256
2fadaafddaab8952e9eda27b48b1ca5c81b4d8a73db2dc34ecf3ceb18b5793ef

SHA512
63eefd7dc1f552f989bc482c5f0993ac7d4c9c4865bbad87bb1ce11b83fbbde65c6cc2a49e35a28f4aade224b8639a8f842e08de6083928726e6516048edca1a

Download Submit