6dcaf4cb9a01274054b29851f33c37eebd2e2293ba47d5c8815638fcf0269d59

Analysis

max time kernel
1s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0499f277926ab159c44c4b696e296895.html
Size

8KB
MD5

0499f277926ab159c44c4b696e296895
SHA1

b0f55827b66b2c1feac9834795a5fe15bb2c07f1
SHA256

6dcaf4cb9a01274054b29851f33c37eebd2e2293ba47d5c8815638fcf0269d59
SHA512

f7c4126ecf8cc05a393a701047a60bd207e6bde6579cfcbf3ac472f7cec55c959605be299dcf0d4ecda0abdf71ef4f0a9aa604cac8a174ab2624b781fe47c9e3
SSDEEP

192:y12phRr8ZgzQyIYIQPFQw7Qwjm8FUY9Ga9VNdyW7HNtvxYBEYL+6AIQVdbYf5RcF:yopzA2hIYLFtU0EoHP3S5O

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40B77EC1-A6B9-11EE-AEE3-EED0D7A1BF98} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2756	iexplore.exe
2756	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2816	2756	iexplore.exe	18
PID 2756 wrote to memory of 2816	2756	iexplore.exe	18
PID 2756 wrote to memory of 2816	2756	iexplore.exe	18
PID 2756 wrote to memory of 2816	2756	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0499f277926ab159c44c4b696e296895.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c52a6fb486ef1be7bb69284471e0e156

SHA1
23a28883e457b8fa97095d7d9b0a92736e216159

SHA256
6f9f56fc34e0aa15f39a3ba854ee4c1e63deb146e51a5a94c3ad92219e7b0a83

SHA512
c42c6f22256fcca2fde8bb898c77ae6ef7dd81eab654a15af55e8e0b1d95f4ae85d85f1d4b147aa103eb1ac655b76758c16f8080065016e49437ffa32bc0f606

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e98bfb1f054f85375e03c531915beeab

SHA1
f89158c2103c85cc9446a4b3c4b1d8408fd78426

SHA256
f6f259827ec7070a348b71e0decc7978f6662b9cc1a64e23529fb6452a5c0d3a

SHA512
bbc722d09b101871137631c4d638b35511e418fa8c41816bde3b2091dd5bb76bb55cdb6d83dcb7a3b7f06f2603e382f4b6530105b72e789551883d572e73481f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
541d04add40a10f8bee418a940c5df2e

SHA1
02d2ae0c769a4f96813dee2575a64073ab73033b

SHA256
4ff16f4dbfca7076cca850c8d5cc1d6096448a57b83fbc050331aea7e5ea60b3

SHA512
f4e34f047b1089022e917b92e395828f5e985853fbc1b858c68e49fa5c02e266d179b1743232b8c117a0faddab8908415b1f766098270b3ead8596adb4d2484a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52c7a03c0d91af243f399221c7d38989

SHA1
7ec606b59ed47af51b7088eee6cbe90a11926da7

SHA256
6d835779420c65c804016783cbb760db743555166d597ae1ef6a39750a84786c

SHA512
26f2a97cc8f15b95dd828aeda8f147f3a12f600a7941f5983954caa13a10bbb8f3d9d6e2afa44bc041d91c3dc726186b7fdaaf82540f3914d1b7a42076fcda41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dd34e9b6ab2b08d23261b05a71ffcae

SHA1
f47d96ea8e5f39ed1a21f2dd99276b238f19e506

SHA256
e3ffb1d4833b4aff38e6aa88241c1c07563000cd277e5ce83bab05db8b3db472

SHA512
e690110a76b62c32758ddbed3b4655def19d66b2843249cdd6ddcf8ca208e5ef1a3edc21ae34c1d75a78f89568148ed025bae80649d592439b7dc182153bd047

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d92086122d8c2005f17bc1afcddc7f57

SHA1
3ee6be8ae5c2830f1b790c1fe7d36add40aee9b0

SHA256
dbaf9188173dca529476a7c854bf324673c3d87575c244f2be23ada9102a2fc4

SHA512
b6e712c38573c24048453b82fefea682dd5cd28e42298095acd31f43ceff63282bc35c3576ee0bc06524f00ac5fa1bb0b52fb78ddc954a57a1980bb78deb79ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a46da246156aba784fa38ff34425f39

SHA1
4166e50ff3c80a96a3453f1ccaabe8e8bee19e01

SHA256
2f8e744550cd7d824e12384fd7e285eb616206e61398adb58c062ca84425065e

SHA512
80984b951cec762418d70a4584a1b149b598ccc14b796cef4916f3a1e60f139f7302f844a3191371bd4afe9634883de7a73ddf1a8b205504481fc52a8b859013

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc2dadfba68082b28c9d62f69261cd4b

SHA1
5823a1bcdee38fbb2f075f3404ac3083ac1c5f5b

SHA256
ece3c14756d327d2f225d54f61ed06e184acd11940a74571a954444783754d4b

SHA512
4100e94d5ddff18482ce96ec7e8257c2652ec655a78186fdcf45390d88a1044262a50f1ef1b8be506f7fede8cc8959098fd781864702dcc38f59e679edb490d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
045c0e9254da60d6f8446740a8b23797

SHA1
04d085ba0187662e4ecb2e7227f7084214c9343a

SHA256
85b82de73b0eb3f83187ed4edacc215b319b7dd0fe8de07337cba9edef85efa1

SHA512
84dd10444f7a462f4648aa9a24b7ab53ebb08147335ee07db1e38beefb6ce9a406b5b81c21cd8c0805f9eafc943128640a1072e62128ada656019f27606fa29d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e060ffedff57841496a3c8754bb27dd

SHA1
2d2bec25b4f6c6d494aa00040445a7932c3f759d

SHA256
852dc6660fb885089932715427a75298b04b2f53be4c92565f0a4a3496abfdc7

SHA512
dae7a1a51eeaeda320abde9bfcf4fdb47298be37ce07004c735d9f195b24a3f4e9edf5b1f81b494b54ac43a4fecf7944925f4d680e183626aefac3b29bb1da3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3707aee406ab3ba9cd36eb247fa7a01

SHA1
6006838cbe893196cc1ad5692236ba6880b6f288

SHA256
10770f91a5f4cb28e56c805415bde2351e6887946152eea63a6081bb7d147109

SHA512
2f7af8aabeb7fa16cbf36c78565f222b9f989b9f9db53453ed94fdff39069e65eea5c276ab59c9676620189f9659268b0b9648ffba1825296b723ee44e88a7cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fbeda2a02513b896989c5bc61bbad87

SHA1
4d512fea18e9092e77103862c0b6946ae9dc98cf

SHA256
d159f2d2f2966c927e95f1b4af6753a4dcd809c69fe8d7e466a2affb0259d0da

SHA512
d1fed6e631c453033acd2314ff711539cb9f1940198295c9c1e33bd13ce3c714bdc0a63f178a8ac7f5a0eeb7628ddcaaf38ab2a532af7f6194a0c4eb6e80adde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0961681142a2145e750283ce5511b5ba

SHA1
3a4d05086d0c6ece57c292f73b03acb134115a80

SHA256
b96b0ce3abb8fd73517a25c380fc7ec1cc458f01b50830e29d5973f3e0c83ae5

SHA512
26059f940d390fa114c67dca996360674903c558e959101f5c359a70d9cb134a3a4a88f7516066ae04b0356b211f5100c2aa0aa28327d7c80998ad4712122cea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c562e76b7dff14c4d7783b628bb86b97

SHA1
cfb1282608ca013d78e37178205698d46ebc4a8e

SHA256
c0520ad5e1015390e9ab110e1239e6a3427a1edf59c4276bc44ab931c6d8d622

SHA512
e83db3ea9d34541a54e7dd2484bf51f26dd8626f9859346ec6aa9f428e2bb7fec621ea8432a6a8b73c806e2499ba98d99df59b4003d69c29db05dd1f613cbd08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a514c5854c10a85cef41d0bc5cbfc24d

SHA1
24c615dcc1a4406cd16b674dcd716dbf8cdfa703

SHA256
2cc2c753122e7d22fc1bb229edc39c4ae5bf66ae18ea9e9a144588e55780637b

SHA512
09f4bce6654816d0cb3030c916a5644e9ba3249aa57af2ef610ec401535caa68abdf1418b165e5d0bb0d58e1927471901b715a60c963b68004b6848c57f68fe7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
586ac409e21a3c010db62821e0ad67ef

SHA1
7afeecfa4fdc4e24d33b48a07d9f7d2dbcf5813a

SHA256
8a4269c75881bba849c19cd11e8937db5e64fac0d695a9168f3fb3451b7d9066

SHA512
a81e141b5ada7b3d907eec0bd5f263fc9b097eedb09a2510cc3f1e04174990f93128519f59802f8ca45b5d35629e840ef663fe49e70b7d8f0bcb685fae7fc2ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3a8c2dfe5c897bd6fffd090c4c090e6

SHA1
405fb902803abfb3bfac7057d0a558ebeee503f9

SHA256
045e0f64cf299333d20f6e93c98118df4cbada6810d172f8fa131730aa6e2d40

SHA512
3c22633186d064f3fef589e3aa49ad7e40f70e09a269d5d2f875b2b188fa0e89a8bd392063af7a52a689736e1b314ee0f3ad7596f3ea12ea5acbe1a606c931d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37312b2d30312b2d5d235b3bb1e82f8e

SHA1
8d2892225c5b46cb8e3e99aee744e4a076dca011

SHA256
39c1530b0763da8d85da07ad877f9913b60167a90d75b9dc23d641391303e35f

SHA512
51fc0670dd33305548886e6a898d51d5f16c788e3f0c906f04fdb7eeb630af9239ee0b9034f7a2520fa46833e40e931bb38fec24fd9c06b0609b8bc6b8c67e19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d6fe5654347504fe8e09bab87f97f75

SHA1
6f6048eaf4a0fdc528debd7d3e3713042904b83f

SHA256
2aa3241d329ed4af989bba9a73689cb804378d044f518cdadbc4affd4ec2d3a0

SHA512
39716e00ff6b6e5e76084e281185d1599c8d71ab0d5b5e2cc66feba9cde53b8d4456af08358486146a4e71034f23296403733086e965ae62f4351da2a2f07832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc814c54ccd3d6ca8ab8192357eccfd7

SHA1
4fb505696ff79cc4c4d37c0633e9a769029d5705

SHA256
6595de12e7c51301340daedfc21f1f5bded7ddd6c21bfb6dd48b3b1d85945c7e

SHA512
7e32a1fb22b88124da3709a927a1702798dc9bfdb85f63cd275236835cc7d4f629052564be0614adedcaea7f13f079b1f0001a14dbe986dd9086e513f3a6d08c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce72b036b8a2565174c73c64e3064f99

SHA1
2a0d88d100e2285e084820ed2968e6a81ff64e43

SHA256
35d61856df6ee174373b84729b2ab9b8b7cf9d333c7e61bfb03091f5960362d1

SHA512
bb9d81c0b22f17011f1a4f6c9f43861b3c17d8ea3775de3107eeb79042a251127e08e868f05ec6335e88603001015cdd03e7564c30da0e8885a4046debb729a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1EBDLS6\px[1].js

Filesize
346B

MD5
f84f931c0dd37448e03f0dabf4e4ca9f

SHA1
9c2c50edcf576453ccc07bf65668bd23c76e8663

SHA256
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

SHA512
afc3089d932fb030e932bf6414ac05681771051dd51d164f09635ca09cbd8525a52879524b6aa24e972e7766ddf529484cc1ec416de8b61255435a89ba781f8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab87D5.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8896.tmp

Filesize
33KB

MD5
8de7f6be2441b37d5cc7b5be1be2dad4

SHA1
75ba030f6e4ccac123cafd7e04711f9c598b8778

SHA256
827083447569a207ba94529da6d70b7294b0ded6843c3cc3ba5cddaff7b2a614

SHA512
5eb2401637d3be4ea99e07868c77083b9c616a37c9be68c42063d20b4652eb0750423a04dcd977abb65e7a2fda404cbe815837ea15126951ba2173f159965467

Download Submit