b51c2a6959d48eaf211a4ef1e15c7c68c77e9d073fa5d0ddcbf558b26a34b362

Analysis

max time kernel
120s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 22:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fb807d4ee2697fdbb9c1bbdcbb66ad74.html
Size

968B
MD5

fb807d4ee2697fdbb9c1bbdcbb66ad74
SHA1

91268953d146310969144552bb257edb9bda9811
SHA256

b51c2a6959d48eaf211a4ef1e15c7c68c77e9d073fa5d0ddcbf558b26a34b362
SHA512

f1f7b4b7958549603f6b2b9eeac8f18c13b7ae48c0e9b4541d1e269de54a03cbdc7ca7e75e416d5eb3790fbcf970fe992cd01680917001cd5497f57a8b213ecc

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000006901e2938eaa128929bac20129caabfb2c4e85aae7d19813404cfd0e9789f3f000000000e8000000002000020000000f3a1e9fbb6147bbdcf967d919699282778ee6256ed9057e8db424e182e0122df9000000066d0b7aad7ef039d42d0a365175cc7454722a534d1ecd21f4f40cd60988992b7006387ad8ca2fa538b2005de79a54e411f762835fdd455eb2706aee6c79c6912cf0d0ba4c5e8d877371f7493397645d2bbdb2a48ab4030158e7cb0c7b353da3ff434920484d5e4746a5eee1e8ab6671e45ba62277db4425420b8965fea85243550bd79237b4f972999a73a6be9334a59400000009dd70f4b0653f0e397cabc7cbae9ffd6c4d7d15c968a9f25cc946d7deb85075c96d268fede7c2e976af21c11505a1171a82d415ee90c702afe26fb7654094f44	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410454992"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00621f8e533eda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000a6d05fdc15d4282126a40ba0c221c06836f88df5c9bb4da835a62409a72bf84e000000000e8000000002000020000000ee9ed6c1d809d9f8c529c6d27ff8dd67e3f251741d768bcd7fe35130ac33f5fe20000000358477d88f422bfe662924d21f277000e8d597c4ef0e2d9516c3976ea110afcd40000000130f867eaaaf824fe9ca7d56a90e40063d6fde357c92424d92e2d0f0c327dfed8bd7b7f47f975d556866c6842cb45a2f278a9da86750bfd3b68105225bb27a2c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B90E12E1-AA46-11EE-B9E8-EE9A2FAC8CC3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2164	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2164	iexplore.exe
2164	iexplore.exe
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2088	2164	iexplore.exe	28
PID 2164 wrote to memory of 2088	2164	iexplore.exe	28
PID 2164 wrote to memory of 2088	2164	iexplore.exe	28
PID 2164 wrote to memory of 2088	2164	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fb807d4ee2697fdbb9c1bbdcbb66ad74.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b95edf066c5362b7822ccc59b9dab821

SHA1
6d1529abcdc98ca87ef2f882fef09926562dae31

SHA256
6a3ee364a393ffdd59a96df8f48ab6c0682d429b10ea29fb9ac171bd1321700a

SHA512
425e96cb3e06c87c9b2660ac5948e5b2c510ae554a004d9ccca378e60749936fb49fd585037d7e538726b3cb155a341a7be975615d65f17053f206122384769f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ea500a086cf2deee6e27d8f25d708a6

SHA1
c9c6d2dc5e7ad0a4174de3f11cb1119a214e677c

SHA256
2f0c7ee7510becb7e95ca5ab92b6228f5333d8899a66d82127eed3a14d12a11c

SHA512
4e9de6f4bbe81e552b5ef5ac25d133b831318e597bee125172bf5023a2f732ab64d32deafd6d3da0f35b882155b7ce2c2dd7f31a8a94104e86baea31f5ad3e73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4fccae1e64f3838024be12862d7e3c6

SHA1
18e62249b9e8d563aa01378d152b8c91f6727ba9

SHA256
d1ce3794f5557ea345c8a371db623e1b49d1aa97016622a879919633f729c841

SHA512
d426524f2ac3fcef61aef818fe32fbea91749cfcd2bd5d8041107619c4c193476c7ca6ae7b053129c9203291f355b0d03ea4b470dfa09e1eb0c647d50d0da60e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c76ae95fc8a1c82901ba9ef5bbe9b62

SHA1
27fa398c4b8dbbdfcf3d03992af2f788ae42df6f

SHA256
e60827cac30a3a2859ad86c931f6bad97365676e750ec085a5c08cf94c8ac49b

SHA512
94518c5870944b357760ca496bc3edfd14da62f2182eae3ab2b6245185063d7e0bb219c8b04a8a2b16ffff8389bd7d3617d6ad6f1e57cac7fdce452680c50d18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
163e908224c2e05c4ea764cd288b2d15

SHA1
a82160e8624b5758cfe8e4985bf03856ce8bd6e3

SHA256
4d233c96db81b0caaf95d488cd398f79f5fba771aebe5594879f83cd729136b0

SHA512
14a959cdcba0da184eb0f5b8057d13e9b8943d4cd8f86eb731cda3eb319d15487d69b9cb2cd96cccc813b228a503a569400e9ef75a02db7a0d164d9f161b587b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c76dee92290eee521a80201822a8694c

SHA1
9b04c18ac20cb80c9258f894bc4c7587955367c8

SHA256
921b32f4095247e3d116afec259af7bb6efb12e6f7a8498856d8b31887c9afa1

SHA512
ca79df293ccaa5b823be25783d846d67ecef9267f47b6db1c2e90b6f171161faa3cb8a3a4315b42dcd240d22dd84fcec032c7d0f33409c9ccc79bf81955f8141

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
315a6f87b6a53b705e6b4875b03a6998

SHA1
738fca209c29c50291672081d0ac49c758aacd45

SHA256
cee65df1ee0d0d68073cdb2b107436017c1506ddae776de0ed16665c16213678

SHA512
89385a9cb091acf236b72c13e45843008f412700a292084f52b299e2d6a60c9587372047973fcb48ac3e517f07f08a5789bde8348ffeb4e2292fdb0445b20405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
799120f037e847a708e4a75c736ff3ff

SHA1
5684cc6ce40267d6cf3396f91ccd6aaef367fae7

SHA256
ae75b6efddf276725f82a1505f75311324d79656256ea61308a0a1361506b6b6

SHA512
6fb443284d1b67b47ea9fb70b11df79655065bf1854eaf00cacca9ccf9ae871dd3ece37ec19eb94ca072b6551ed9d52c8197417c079ec1594839942827cbbfba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a6fd0160d6447d2d4fb11cd050ee4a5

SHA1
c4dc5d2d58c58596adce336ae58f7016927fa390

SHA256
87bd93c9d42ac39bedaf95997a9d0f9b241ee8aa21d6c18a9ad2e77bf4a86f55

SHA512
3746dde9a51a2b620c8cc16f80e2df09d6f450bcb497da2199ab6c0905e253be1cf733ceb80c0add8986a47ba0df9ad20b69dfd88cd0a0781af0d16b2180a69f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72c170d9c499b248025ac76c25b81380

SHA1
847959f26486a982376e0d948b76c9d36a32d5bd

SHA256
9cd73a5a30ca8a43dcb37370f1375ac5770496861a245b8ced6d6de097abdbc2

SHA512
0ff13759ae1848ba68e7dc82ae5de5ad487f11e0d2e9f11701b6087a6d6837849acc3f79bfbd298005ad997c83b17fe045151b757e76646c2146d17d647ed37f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6f4b31925e00b662c2b91d3b95fbd3c

SHA1
55afb7bef6e846e901df796914bd3081e4da3420

SHA256
a85b820cba4120eb226d3cb14abd18bc74c6f652b1484b5554497ba807dc533b

SHA512
b8356b5f9aab32b9a2ced9ba1b149c02a3fea8bb59884da9e586be40f7cdc1bba40d2d4d7b8d040bdf46b14443bc63307863cddc3319a4a98ad5b8a1de0cd59f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2516d99188c396e9b2eb09974c6ee90

SHA1
45e3d24d2141ebab42f34e29bd1c4d44802280bd

SHA256
60021177937a6650f333f94b4717a6f17a94f8bd482ceed0eba6c52ffeb75db7

SHA512
4428c22a4ee4c78d94fc0fb9785783c19d9cc628182e2ef6c967815c614c70ac69c1173571a354acb8a18373a1e0d7c7ad553982fe555180fa416651ff79f944

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4701cea4e4a96616bbc81234d7e5228b

SHA1
ca1019a82875738fea3d4e55db77a81b6edff4ce

SHA256
b7956f2efa204bc2c66564221ca3cbb78b9ab65a1c1a284984b04c668c6ba1ff

SHA512
c4d89673896138968f10d33a1a51a51225ba6e960dfa1e64522b3c2e6ee3d094e9342efc43bd8e658caacd5356cdcd1f1af1a64a422f37469ce21e96d3ae732b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
268536ebfa9ae3cd4ba227dc14853e18

SHA1
a110ccec9991fa0e4f7afeb148463f116adaa7ab

SHA256
bb248fbd47ef6ffa107110e64bc7dde74f074a726fa358194b1835d6282d9ef7

SHA512
b41d6f0048fc86080af3ad16d2cec000c24ec82b1b81483d47b3d641d06adc17e02e67d51fdfc6128fbb18547334a867ecf7f82c0ed09c0792e2716b5d42b0b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60c1895827781a54944cfce56a14076d

SHA1
166647b2a351be1ecd0fe1122d35413cfd241952

SHA256
177ea3e3a33f262b2bb276d1b2649dba1bf5474f5bbc847107adbe6c266f292c

SHA512
66e1dc66bdc4ad752fe33cbc3f60cb04f4f5caa42da694e0c18de05a6a51964b36f8d2426ddadd4bad8d3dc1a75bfbd0802ea446576e2b34bddbf4202021f0b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0615ae02367db529157b4c9341cc6e3e

SHA1
2d7a5a748df855996e39014a61e87c989ab8514f

SHA256
58c79426dd0765edd566ae8c9eb3666f217128ed9c427d2a376c23d0b88fefc1

SHA512
1d3534ad3b260bfa693be5bf44b86107aad0f9970f7d528ab4060c25da3632a9992afa567df16f6cd24ebc31d695bbf9bdbdfdacc9c682ed7e6d5db024737dbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b837977323704a86334acf53f11df01

SHA1
06a7f024e4eb3afbccdb976063cab49970b28343

SHA256
e6c400985969dbd62c50782b9ac05c3e4a1d8534e3ebff0a48eaa64fba31d80a

SHA512
4b9eada451b2f8d33b40a59d1452eeb9eca735c1818b687279fdcc281129196b612a92178c01f5a6484c41e26e2481b054a39b0c7f80ca946f8b343769ea8e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB51E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBA50.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit