e4a22dd75f0acb50027dd83b0a4af71316724a76127a52552251db2f0db74aef

Analysis

max time kernel
143s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6ccb08deb032bfd635e998f0da29336.html
Size

6KB
MD5

f6ccb08deb032bfd635e998f0da29336
SHA1

b7662f3c2443d07b10bc803dab6dabd2518c7388
SHA256

e4a22dd75f0acb50027dd83b0a4af71316724a76127a52552251db2f0db74aef
SHA512

b20128418c4543b4b66b627f916e6d580dd958ece3e38bb980fb632eaacfe142f6d1ea369a051ac0d8bf6ca2c9850c4f3b1d8db2b73498d955da8e5283bbdd3c
SSDEEP

96:uzVs+ux7mjLLY1k9o84d12ef7CSTUJLcEZ7ru7f:csz7mjAYS/6b76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3E1F4771-AF28-11EE-B9E8-EE9A2FAC8CC3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f66a153543da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410991663"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000e8a6435dddcc2852414e19f0161cda920317444a95a1ce1bffaf845338c89533000000000e80000000020000200000000874d0e5dce7b2d69fef4666c8d0041066d3edaecd381792f060e929ef22874d900000003743c7fd6928063a1646f6db9c39661ce137f4ddbbdcafaf0b6d4af9b0a43bf189028d6d85e85acf72261660a6ae7463ec7bd163d517ee636b616b9e80675f189b71e2a5546ff99e5e5ce8506c83442d62c75a4b6ab06d98f62a368fdec4be33d09bd9150e8882ce1caf30f24a243a98d2a2444058ec69653b82a465859cad3f372ade82ab584a321c5ca48e39b0850c40000000208ecf62c4e8acc6e09741a5df0d889a835c339744c76ce8b91c6ef0812704873adbb8d57a22d4421c8fd2758c8dac36f3803162210e89524a67c8812fe387b9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000bfd0e27d51a500e451ff48c7e2bcf3f8c7ec7fd862f6e589a7f701642c6e338e000000000e8000000002000020000000c35c7404c834a768882fcc8fa1765cd3f0b314c5f3a63199973c4234315179b720000000569fbe9e22f3dc1873e927a8dd760c2f6f7c6c5bc65d4f85191795f861381a704000000059b4c3abd46b08adf7c7227bddd4dfa429de98e1333d1eeed4375ec03655ba267b5c7074085d8dc9d98f591083c2972ecf1c8004c62f73e6843735bb9b9c7b42	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1540	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1540	iexplore.exe
1540	iexplore.exe
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2248	1540	iexplore.exe	28
PID 1540 wrote to memory of 2248	1540	iexplore.exe	28
PID 1540 wrote to memory of 2248	1540	iexplore.exe	28
PID 1540 wrote to memory of 2248	1540	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f6ccb08deb032bfd635e998f0da29336.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1540 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c271d0515e3e9b95a0915d30db2f09b

SHA1
4d75a3b843d20a3b57babc5380410c7fa2519778

SHA256
215404ff0acbcc61115b67b2d4df04372be0ba955bc46f08d72c6b1f558e8503

SHA512
52eaddc6ca738986b4943e1d4cb68eedda23899926f1807c0700b085d1c95f23fbcebe073052c2f33fde530b04b60ed79882feb782dbe648fc471f3bbe7925e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1ef1cf8a48e72f3562da31d207ebce2

SHA1
76090bfc34dbdd10ebd2ace4df0e86b19ad41449

SHA256
30b2770c5018e2ff3fd0beb52e04a78954802062e2c829eb3f1ae1b66c8b515c

SHA512
6e1b4651359d8b57b4e2ef780c78fd6671754dae18266ed9ff0cf3cfb58f037e7eea1c0d96e3e7ac2fa78da1f3761a1db0a306671376cabd1f2c21d4453cef2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
493de78d9db21219600b4e89865d200d

SHA1
b364e03eac2eae9a88445c67e01491dce5a7b1bb

SHA256
e309f0aca28cb71dd3e0ef95149eaf5278d726ba9c026b7e7501041b399d7e3b

SHA512
61774f849eeec6860fd27d0fc67017d3ec71271d41233ab1566eb39e4534db6d015f2ff2ec1b72e6078e18f5d3d912e8611dba63f21551ca3b25712a69898b65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b00a2edf209e585e02cbf6bff735d5ba

SHA1
36dd698e5e355befa2441064f0b935d4f0af0f9b

SHA256
4e0931d62b717e24a0de8732e6c31a6b3bbe34fceaa28e476ec2ed83bc77d684

SHA512
af1a38afa2f15264acc10428e9190610125ecdb7e0032c1473f08948c3e1fb869e64aaf779c516fe7f894ea04c2ba2c65cca93dbcf3c9ed62efb776f4bf8c52f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ab742db0b12485a58bbb3c7b0013719

SHA1
f521d7883bfe0b612ce23934f160e470e77ab497

SHA256
6e057af40a5de91ced12f1a71f9b4ac38040caae7337929c603f473fac897307

SHA512
35b6b812eb6e298f6de45c0502abe58104cbbe2e61b7e48d6220c174b84c6adfb1b999f1a2c26b8df31fa15457f8b9257ec8e6b220059e0bf2b183548d112c47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6362a2146ff98b89fdab3a368e34d1a7

SHA1
afe03ba4e7a0f864a2d30863892bec6276521814

SHA256
c1f4e546dbd13d21e024c5115c494d60658fbdc2d22ce0c4f29e675b9bc7ae42

SHA512
c1c40572ca88a42951b94f8034953a0ad504ad4a1f34b1535a78829e6ed9079e8dbe359271647fd2c883cfaca5e039387c71095411cde28be78629eee6e3ea0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5f049f7c0def79f762ce20fbd231467

SHA1
b5ff9c27c37ae001e0e540cc3b732298c251e996

SHA256
1bc8620381a3e4751c1d97e71eafb2ab2e4b57fbddfd4d8f9febaabf23e6795f

SHA512
9f38660b30269429eefc3aa698dfddb81fa0659c923023c34dea50737e760ce9237e5266bb8a7dcaa209d4c09c6c885b26b6a5b5ff0120db8c99c831e986f755

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c28b965420fd826df324401afbcea540

SHA1
6e22974f64348002ee56a59b44150cd90d2d954e

SHA256
25af00c0d9777bfac7d8cd15ce13392b848e2cd85cbc6e98dfdbc5a6010147e5

SHA512
c6fb4e9e7d6fe51f86a283d8cf177ca1f98172a2f244df9d9d73c7425c0eb0d95990ea5c88f7bf3e96998c39a31561f972d42162df96cd1d8e0bded54e49c6c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33f9a894c6385aab7c41b837275cc763

SHA1
b592c4716ea0e027c5bdd27bf5e30c0bc8ef3fe7

SHA256
4fed25f7e746396fdfbaf83800e8ddfae9387c2db8d1db8c6d95a873c4c67302

SHA512
d7d9acaffa60cae3a82919ffb80c08204b39e302a028fd05a4f63cf5c4a4f4b2de65b2a9039d4428c77dc8bfb47bc94ec6de68eb258f0e58b0a3a89321f28e27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60b22a93a611b69a8b64f9dd2d1718a6

SHA1
e5f5edc0877a9257e9bb3fbf32aca948950b5138

SHA256
21911566cb64164949d72cc50ae2d8371713242e0a4c037480bb30ac1da732fb

SHA512
1ab15884738437dc64e6c5baa57dd6ae28ad2633b0be4f715a53d16e539596d3b3e5f29b8b46d35a34c05fd3f000ba9907fb3eb3e17e18f2f70fdb01ed82ce0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16fe1a479f70380abf4d0aba8131f561

SHA1
bda5825ceb954ad2293bc5559942c283ee957dfb

SHA256
f549427a8034326b48d6a6ab45d210abc55fcec94935af3cbead0a4fc3e877dd

SHA512
baee892e022c803b422ac6de6029328f87b063a32b96fbc39fedfdb9a0327f4613168c8de66bdd81b03ce0b8587e0cb5958e3bf0f23e964a1fc78e708f5cfff0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
634cbd005892ce30d4b2bb33c2908b3b

SHA1
3b890ddebc47dcffe63913c7a91f2bd39e8b0d64

SHA256
9794af4df38719da60ab4c15a8e7780ec96c4ee963395109d1120a09172ab6a5

SHA512
d9b2ff1691ff48f3b00df6a9a67a472765e3b91274312a79caecfe439a5bccf74103c704b9ea60e0c305528a22d684e1dd30a4ab893ee95082d7e028cfdcf982

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7677bb29d31c0e8eb7ca322abfb952a4

SHA1
5dd168ead98f05e0b18ad19e476c2397e79299fe

SHA256
93e23c936b4b4b7bd7ec54e909239e79e5fdf247c8088257232cea53673df453

SHA512
8ece799708ac78e565c78afc86b6ef0bd3ea316ca47276fde069194441d15d03b302d2eaefcbe100f29fe6129ffce2fb504180fa3fe422a63d455b976705b165

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ccbf4ddb2627a015dd5a7a5aa2d57c1f

SHA1
b4ad2d3c1f4346f5f89cea1decb6db5a7babc2f3

SHA256
033fa829ba6b24bbbb8d639a52e1b730703d18d3b1bff62d91df928aa264f471

SHA512
d5a6ba4cb3f72d49b4b6f08a40ea645b716eafe49c2f115d6f9fee35c5cecaf0c10a28b597439c8e3bc5619e4f53d139e80308e3980c396047df2979ee60de2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC1DC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC28A.tmp

Filesize
145KB

MD5
2bbe4bd9cf5651a791f98e10674f54e5

SHA1
465954f456a8b5fe3656ff8843bbf62b82e24414

SHA256
aaf8c458885151d352fba333260e79bf7383d84909f7aa5de9da2116f8a2a267

SHA512
bb3f0dd3b91a59419ef072fba8fa0bd24c2cf9f5f6d4391fd6f494123efad5c048eec8ed1b9f1490b0435228357f7b24cbcc58dd4de6796d99896eb58fea97fe

Download Submit