97975018ee76ea5d1c00e533ca273dbd18cbd2ceb7d72928397d4a670fb95f6f

Analysis

max time kernel
118s
max time network
157s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

047ade4cd9403aecd04d611709abf493.html
Size

3KB
MD5

047ade4cd9403aecd04d611709abf493
SHA1

460efe8233ff97640befbacb2e176f9ab011b1f3
SHA256

97975018ee76ea5d1c00e533ca273dbd18cbd2ceb7d72928397d4a670fb95f6f
SHA512

cb06f3a34aa06b97e761d2a4d43737d38156b8485ffc18bcd17a4075f015d0ec7de3c4aafe493c128d651b29ba40a6c79ed32b0c89fcb86e99d3dca0e8e6c257

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B2FFC7B1-A6B6-11EE-92F6-EEC5CD00071E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0120f8dc33ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000000c14a2c19253eac97bec21e6a5cf981fb269e46eca68c83db6b7ce4f84a9dfe8000000000e8000000002000020000000277468fcd15ac12e4d89715956999c989aa18a86b6cd87042927d3674e399f242000000032439e29b45505cb9b905c57e9277d5f1b7d1545e0cfc77cfc2ec3fc7bdda1ce40000000436013d7142bcafe833cb1c83620fa482736abb1d66a98603f1adfca21ad1b3bee8a2297d93aeb7a09bdcfa8fccb00bb02028ff369e6f53fdef29e3bd6c7aa00	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000ddf7a8fcb946bb7b5c575a77f536118dc6e9f7b5fabef6740e9ad73cac9853e8000000000e800000000200002000000015d4f8704a323e5bc91c951e7c3f0dd4a3dd4b0d1ae3ccfe662b849f1a22b49790000000271a373011eaeac7430b502c6cb6fd74fe28080486300869d473d8c88f9888cf217edffd3f656e0f0f70097a43b5c87d6b8e5f78830106b47730935fdd5951a8bdfdc707b7677b45380096a2fce83431a7093b881108d025657f8301770702e6c8f98f846f16dc16b8e5ed39301e2b62c552c71f4314052692447ab310beda3947341860e2363778578b84f91badb8a140000000cc1ce0595938d0f56a207fcc3fbdaf22d960a7e4263e7829d48571c1322782479181ec855bbe258c352d36776f2f999e829bd12633dba11ed0f947b023db31d3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410063286"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2456	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2456	iexplore.exe
2456	iexplore.exe
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 2852	2456	iexplore.exe	22
PID 2456 wrote to memory of 2852	2456	iexplore.exe	22
PID 2456 wrote to memory of 2852	2456	iexplore.exe	22
PID 2456 wrote to memory of 2852	2456	iexplore.exe	22

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\047ade4cd9403aecd04d611709abf493.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eeff8bba531d2115a5750cbb9521b1d

SHA1
146174c0508e34567f4906ca5da0c6e4b32b4359

SHA256
ebed6d684110f8c83685b87091b0c95d943420623817e0eb66aae2f421bd712c

SHA512
678a807ab3471268dbb1159bd321722885ae4be00c5cc3b981e011420d33b0163407745cd7c2ebb43e2a5d6c17f2e397ecb1e5be926d18ba565b0f3b392b6a73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df410f96e08738e54f5761eec7f4f72e

SHA1
a6318d2cc826e491144562a9a36213a398d77f88

SHA256
ad482a23737e719694287f8625a24f0fbd59d4e90244967ec9890bce1b6a0840

SHA512
7f81576ce428fc10e81360ad22acd5b91e86ed4906905646ffecca4dc1c946ed6468897cba29907aee3948b946f36502e2d78b47c9768d3921aeff3eb12840da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63990ad18042357f9acdcb33da0717c8

SHA1
74555436675fe43bf6882b08031082ddc24d75c6

SHA256
88435e2de998371ce04de2a71d8a14c651f0e655b40282c76184d5b1a752cb49

SHA512
5625eaf304f75280b222d524f14889bc7e2387b2c2ddaccfc5371ba2f5b7501e8160ff0caab127096aa1ab39a0e2d34db2eed797dfbd52fd52984317466beed5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1a81bac5471874fc1a78b16cb609a6a

SHA1
3d29bc596a6317c557521dc503da9cff3fd8262d

SHA256
e7bc7c6299f63b41d27b18c43ae550c86bdc491f5ef88b78037405522c08f702

SHA512
3f948e7ad211faf0f0573a59d1aabe881ab633e81b4799b1cec3196ff3325e9f154867b4a83f0357f48902866ea26c2fbc4c24f7a6fe39ad74531e4d5aefdfcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f73e39edba20621db8b343d7b7452e1a

SHA1
c663c6d5682eed1832e2af0033832fb7cb95540a

SHA256
cfbf7bac7240121f15297f20e62f8e0249739cfe420ad305febe5eb0e19e1024

SHA512
6410bbd7491b8fcc2c49b09099ec33c1d8c7e6acb4597ac53a595081820609d4da28a455d25bd66360f3f570ffae0f95146252b0537420556c2f55d3acdeb26a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32c611357dd76ccedf64ec9cfde7b0ba

SHA1
c61c9576d77677b2dd9bc31cf62842caef2fd5be

SHA256
b9237368501a2c10f65577bd558195cf7626881df97fc15c328430a40529881d

SHA512
9f272b796e6fd6483d9cfbb7ea8de0ee683704fb29365d074ee7ee469792cb29d0f28ac569059d6809646ffc58253e067c7fc5be9273e95fd0aedca85f6c7842

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e887ba68cf6f2e81f87039221a134a95

SHA1
02dacdc9611dd6f0c321250d88ec68063b53c668

SHA256
ab6ebd6bf4f913f41515d2428514c3709d078d92eded2ef9f3512d7a468425e6

SHA512
1dbbc4a1915b69fbec2b179998e4623afe812146e68001c6174fa89570438f20db3a2195af7cac7c1ec649e6ef4d1e9215740a7e0ff4aa0a1d6eda40a60ce998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
574b12b5c8c5e851b08b4b8d1fa80ffc

SHA1
f4374b115e244d3242cc8e8e4c2111940e25b961

SHA256
b676c7a51d9d5adc4c66fe12bb8cc6cbda507dc6094271b6d1c4e9755abe9960

SHA512
7ab03bf75f89f917b07677cda62f4f763a91b11931b42ffd090f3ad60beb5dd8f605993081e19aa1ff58ad0278cd12a5fd2d2773850d3ae879d86a279694252c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e79ca1d8e7424fad3f4c79d0f4aabae

SHA1
b764aca97c90d1f68e3088e0a3e5d6406e77e09e

SHA256
6d8d1e6c3ac6101b50c54e0242620489fbb7196c70cfcc89bdb3bd53d08742a1

SHA512
3680244fd1aba8565a7b46d788f9ce67b1f9cc7c4e7e6094d36a4396cdd56602826d7c41cb33448ebc228fc8027454d4a0335e677fa8e87f981d8f2492d6021d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
651c2abc17f1df87eb70b4c2c43e1cdf

SHA1
1ea4d8767996abd75aa53cf654b2d649f0b1e302

SHA256
f76fc556f4231ed38444b6ab6a8b1c58251863fa72cf691f6d022a7be258a23b

SHA512
e99ad33359d9bce8140f2eaf67c856856c9886c4fe782cf6cf881f10b4e741b1b78f6caaca9ad72f4f00fbab0a10f5654c01f5db4d085a3ed4a5b459b2ea5ce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9f830ef4a95e682c38a138f74dfd6db

SHA1
376e29fffc446a4775fc9b1f45e661ad958fed13

SHA256
883340720cf6bd670e62279fb05c299bb574379f929581435d94fb57b5e51205

SHA512
4370b405255f81d50306d7f6d1205fe513989fcffdbc593f76d27e9aab0d9a717dad7b807b93e82d219a40e717648e88c18c4ca9b066afc0debfcfde381944ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdc2f3de229f75c5b14956ea55695dd0

SHA1
3bca9093ff2d3daeab0d6a3e304939f9bc5739dc

SHA256
997ded3989f0577378823b3981d13b0f850564733d8582c810c3b11cf9c282fe

SHA512
3719271d72175431720f6b596c4d63a4c127466c6857ed5f8697d962625aa404618c2aef501d0505803b01b9cef111f403d11b68ddb6609c0848a5c19647c750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88d96a66f6e2b22ded4c0ada786f725e

SHA1
fddc3c506a6cfc37b4af13398a2001161af3507c

SHA256
c0daf123398db6229b2464495adfba2c77063cf446a1eed22d4144fa3d45a5cc

SHA512
77375191bb4d1bfb02acd6be0b0e5244695b53922d769cd5af4aab14b26fe4ef56ae26984a2cdc6f65c8d71f4660c444dfa85e8de84654d556d70a3d04135be2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a75eea5cd285f55ded95cae67c583d0

SHA1
205b25f7975fd08376ff24a69a145febd5237017

SHA256
2f3d192203dd630895b79c3f5982406e17ac6d707e8514a6732f1d021e5860b8

SHA512
1f54c015ccdaf0edc31ff4dcb532b3697460c8687aa0b936c6d7f995a77a942d0b023bcfdb0756cedbdf5b4d6a8677df53212215d311cc7e727fd233e0b3d07b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b482a6f837a3e09f5e1c40b228d9302

SHA1
b6e78f92fb683df84f3f76cc5c00910c30cf3a05

SHA256
1f79296af46c9498beecff1b4f9732f389a7db1a3d7f0936d17f39781d01a195

SHA512
dee80fde50c45578f26d90a15ceabc755f956d7a9efe1e2b9125a2504452811e669d2262acf8b905a1ec9b856b5b60357866732360daee30cfdacd64e338d93e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc4f2fa879a79708c13d7cbf35cd144f

SHA1
b25e58e0bef06a7eaf4c29f9ad1d449f41a22318

SHA256
6c730c6d7791dadaf142c5d85035d6c310dff7b315094da133fef2456ab061ab

SHA512
43bea2f708422976bbd4db8d85afd57981c7738e534fb272a0938e01485666083f9a5a9ef07ff296d12d812cf9a3f728d9991f5f6281a05f5717cac95ea5525e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDD37.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDF1F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit