69d770b273e0ace58fc22b64db2657d6ab61f2dfa0f9159f96cc1dedd7baa0d0

Analysis

max time kernel
144s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f786824057a7688ffea2d707334f984c.html
Size

432B
MD5

f786824057a7688ffea2d707334f984c
SHA1

a722e6e3bcae0c2ccdfd4c5f022fe41c2cb0dd7c
SHA256

69d770b273e0ace58fc22b64db2657d6ab61f2dfa0f9159f96cc1dedd7baa0d0
SHA512

39027e8b9eb47bc77feb315fca8416abd7ce36929d42fddf1dfc12f57050f2ac5d35212ac30d9670083592c5ee60a5b711b70c05a93fd5f69ed86549fb42ca8a

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ba987b3743da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000c71bf503b4706b239664fd3debeed1188e0e2ddd4b3a1b87cbb62d2c2533d327000000000e8000000002000020000000ca2da75a16eab958bfcb173d1d126c42c17897d4e696b88a1761019ebd9d7e5e2000000026209736216d69974c7f493d8600ec1fcef1620c5b757de02f876db126bd4bf34000000087ab773c71090d7efe36cb200258f7a0863e81baec7919347732c86084dfd9feb925a3bb27991e203ed2658df9abb983379c10496685a5c2b7b7a31883463f1a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000501bfb1245c899d6742729f06215310da1a16c1085a337acd8806fa26a60af3b000000000e8000000002000020000000937a39e0e90657b811d20e8bea6b2a128ad7db42ac390d5571e113093166d16490000000e2290f4721dd16c64c90484cb9cb516817722a0e1898b4dfe422028f175eee9f3109eb64295ef7131ec9ff605fabec82ebfdedb8329450332fd24dbff69ab5a6f9472530754a11f0bf39fbe4816c7a54fc79bd9af141c0847d1b27e7e15204953bf6bde556e9a66e953a805d8047c7706d2ff0b8d49d43e5df10c3d27c46db390e49f732e679c27c9c34c2e6602e2cc940000000571f8af82656cabea25f9b7a10531cf9ddbecd3365a10b653c3a321d88ec59813ccb8ad2a01f32363de151cf0d673ce957fc174f9899bdc31a0cad397c2c8b3b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410992693"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3A74641-AF2A-11EE-8452-CE9B5D0C5DE4} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1576	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1576	iexplore.exe
1576	iexplore.exe
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 2688	1576	iexplore.exe	18
PID 1576 wrote to memory of 2688	1576	iexplore.exe	18
PID 1576 wrote to memory of 2688	1576	iexplore.exe	18
PID 1576 wrote to memory of 2688	1576	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f786824057a7688ffea2d707334f984c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1576 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
129021f222b7348788a2ed90f976ceb5

SHA1
1867bd093d9f41ec3da108fdfa51e801eb43db9e

SHA256
1a332f329c775b953695f17c2ad4e9a64788682a7dd0b009553d022e48ef8ee8

SHA512
f75241eb9f0e9a1752a308fe8849d1d3d5ecc4a8e62b777c8a5465551e82cc158dab39653c083dda2cc9df15251c323fd785c3b07bae017b591f6b271c106b81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3cd9710a9a330ba7e7f2a0a197b9d33

SHA1
ee344b2e6d35758c0901ba7d076890c1ef5bf845

SHA256
9752dd0fa4ebd144b56e85e85c2172ab40c2886ec7526273c9339dcd647fa155

SHA512
f4455ca43942bbd9539a0d38a11b05ef92ad10979c1a31e8e447e47ee8002099677195cc96cf3f8b01ddb8f9f0a1ee5be27ad070a79533db5aff44aef3cbf937

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbae436e0d14d982d36494aac7e5e26c

SHA1
26bcd878a749a5c1c6ad04f12e83ea55334e1109

SHA256
995773e64481cdf2a413cb456813775d24f30bfcf6abf99f2d3d0b5b380f287b

SHA512
fe85ff660af0d8071c8960784fab2943ec7c8303087c46e9a4de429f6d637df28bd625e7aa7f3c00cac946030e5179a8985bbb9f71bf78e82ec3fb8a157c1924

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac5392a002a04449bc3ee98a89129cec

SHA1
39a38d95744400f69ecdf9035451510049989e8e

SHA256
e9ba38516e2ccc0a3451e7246c22e31d2d7991d677a025e50cad5b1ff6ab7650

SHA512
478ecaca4714942bc70832a59ccd20b3e60e827662a142de6d9c1e14a152a38c0f9100fabb8b1c7d1f9728975a1df3f8d77da86d2f55ea6c6eb34d11f16f8e77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3683922f6dcb76a10bc1aa72d0966443

SHA1
a0d0bc44d1cb508125ed4beed5a0a43061444d04

SHA256
3d2a9ef607ed3f0c74bed349aee459ef0e3afcdbe4324f265746e9141e8eacac

SHA512
0e40d44210f711a64218fb82cdbf7aeb1307266480d0fe7bc1f5e8d3299229e3df436fd8079cf47eafc897d5a65382714580fc4bebbb90c24043a1e27cc2eb40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f20f28b9e9543b934ea5650c8c0e40e

SHA1
b82e3b7faebd42b4847e61f9f79ab7cfbb22632e

SHA256
0e972735b9dc95e03be4ea8b8d311046879d526b4583cd3f8ecca35074e7f6f8

SHA512
fc3c4ca3e3e5cd1e0654ef6bb26a0cf4b0d4ee1c08a9f5f77fa7d78a12ffe9511cc3328cf52770c60a18d00bb3f5e8597ee19b62b9285d046f8199b22df31dc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba8f7262a8b397d1b2db9245756980de

SHA1
267574536df03afff23b6830746e0730b1eef0a2

SHA256
a3bb18227a40dc8ee23b0eb26a626dba82878404c443715bc60e200835d1e0de

SHA512
34ac15875fc5f5212d1f387cad28bb2b4521f0910a1798e55ccbcdc3bdc987730023627394aedb715f0dde71aa828ec82b65b9fdfb9c4c92fd635635818e8ef3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72ad165ac85ac4c9fbbf134cbd28e84a

SHA1
130208e21aac506941e79a66caaa69f75d6d36d0

SHA256
c2b69e9f1f9be9f93478c4d8ff621213582d18e48f990318b6146d702005a458

SHA512
2943702815b80e95dd45e7d03e1f299fd0e035346c09b1d048bbd06f973f2a6262316348d82c95b2cedd4fed26a55b847f40ca43b9034e2b5a17835fbba92114

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db7bc7fc71621e7ae763d3c0a6a85335

SHA1
1b967c41bedd133d4ffa18d22477d5ce37d7e4cc

SHA256
3985a43d207cb557f06a9578fa2f06eafb873cdfb17c324aafa5564933c3cca0

SHA512
b710a2f381a62b438f00b0fecbc193a26a6f21722799cc0bd7fb4b38c466a8605e35d8ccef82ab3749b826a3b9d45cee3e5df552fb6053499616990cc4a0facf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18b19ca49295e6144ae85462a67a5959

SHA1
69ba2aa39160e464d5ea5ad291ddc3b3ca98cda0

SHA256
531aa0cd00d68526928c6f2139ccf586ff306f04a86e5e8f0dc42d3bf36bc4cc

SHA512
1e766013ddfab06ead860f26eae334779f46346ff733ac46a63cceaf9ac991ce96665b45dfb3d68309a28f8cb618d233b8a9bb06ca3f32f85c06431c34c14862

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75983a088957161374d4c8443d6aeda1

SHA1
ee42f92632d3cc823480118525ffd0286d7ad95e

SHA256
7994621a92372a20d47f76082ed3fb1aaef76cb643ccdb036c28ffe647ce19f3

SHA512
177b20585eacf42524fd896b68769df904b5e09259154bc53c50833d7ed0ad8a4b5bc4fcc12360c9a7b8b14139a7154b1ce9a17586548f74f34b24060c2a7c1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72f75e045086ff65b97aede1eaf470e5

SHA1
d5cf05e79a09e6ac1e35d8389f5173535b8168d7

SHA256
d4a79454efe6cc972257b7aba764715028bcb4e177a3a1ff7c4a6bfff8628c1a

SHA512
50ed4d67e13660f2bd4a907768e87c6a8bbe034860c4ae01fe7d1de681b1add13c44d1faaedd612b561b46c609607fe0f3111f9f3726dbde86bc99b1fc30a63d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cef08c8e9290c55bea186f51e9c4e59b

SHA1
ee8a3a10db3aae5e247a0fabf33d2c103e13666a

SHA256
62e1aa56b7dff2bde21c779895062e1196c2c4ac1c1cf77e6b738a4f095e2ca1

SHA512
f8aa49b878c734801b78ba32890b24c00b69de9cc7ac9e9611880e6cb2acfcc99548eda9ddabc6768dc0b38dd6630581e18a5c937fc48f97b2cd5a4e5a64f0e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64ba5367ba9a10e436bed81cd6765336

SHA1
08804261f5d2fbfcf3c0b2293e64cb5a251d17dd

SHA256
86a860d16e07756775ecad5d37433c8bb240adc2d70701ea9774b1d9000dfbbe

SHA512
c7d22c93239d1ef23dafdce855153af7e498654bcdff5c6c5f61186becfc5a761e790a79c6a10e5d1a75920d1e9cf042c0311e3a396d2b40e56b73f769c3f4b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7116d712e0f7728542a7fa28b22cf2d1

SHA1
240d1cf208a60fb6a00660aaca0626db839f389b

SHA256
dff1188627b14f67c4b9ee511d8483e9ac76c43290813a0f267ff02f6a65d18c

SHA512
191900c89bf62316f9cb868f732fe96d36b13a0f4ccda596d8466a52c551f97a1d9f809f97a7b546f95417562bc257502104827fc26c05264a7d2464a0dac8f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1683b1fc546b294e1226338f33d0c32c

SHA1
b8a6a9762e194212e2c0960bb24f2e0f27738836

SHA256
27d59b6ba1228a52cd75ec5b0777ce239b9f61a1978a77084df25ad675bcb5db

SHA512
c039f04389470c1913d3bc986e304c9f88fada610c5f3cf2a91f7dd5f5d0e65644c2cbd2c32bb5b6bf9b20f8c94212beb100410029bd95449246b61b2c65bc38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5D6E.tmp

Filesize
49KB

MD5
c44be93f2f70aa9219306acd7ecc4718

SHA1
e71f604ec4a82407d0f1da1c9ad9498c4a087bc6

SHA256
c2bf4eb87e75db6ed44c680ad5062293c1edd4b45a89d971ba62230f46d4e9b1

SHA512
dd603fb6184b48a22808f2261b6aa5f10e090f32b437adb2d1ac105b4ee371547c3d755b4369e3e40ae57f9b741065747e6cc8e70fe922215d732683dad62860

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5DED.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit