87a95fbd0badb4c014b38e2ea1faf44803b00f4d57ed0a802d75c8f5182fc46a

Analysis

max time kernel
66s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

050ea745b206961ba3577ddc24547497.html
Size

3KB
MD5

050ea745b206961ba3577ddc24547497
SHA1

4c867d52bdd00fdce223b54936ead4510165fe88
SHA256

87a95fbd0badb4c014b38e2ea1faf44803b00f4d57ed0a802d75c8f5182fc46a
SHA512

01198e21f7239dc8df171aca789c7835cc9f3d50eff3f8ee70dab16278f9a5b42cedfc2252167308b9ce363bbac39477e5c571de76f8c96982878925f877570e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000846062f66356cb6c5a826f80cb1d41a4e256df281f7609a48251f3d228a8c825000000000e80000000020000200000004f517b44d2da4a9e74f71e7e108462265f61d285883f13399e35b65aadb40eb2200000006fff8e184e01a329403d6b7398b3c261a85f9d11d0739ae5403612d3783023e2400000004d29fc625611aed17ff779b9dd8bab9abef6471591c2619f1e6095f7f164e061bd2a7f8aa84931b70372c46c9b676ed1b3c6aebab35a4179520f9e131418ac66	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000904e9704742d928615989a975a6e357967926713aecfdd2d103598b3d36f4a3b000000000e8000000002000020000000cc0e3348140a965a52d2e8f7a8fc30cf3e56782fae87c27b422bec7ca450027790000000c2cfad07bcda88e06640169c6ddb64bab334c5ecfd7f469c57e74ab899dfcfadb932d0ac5b65857bbee92539cc498d39abba649c291c2a05168bdff43b089547c33b27bbc8fce0f7f7b6a2e6285545f4cf01871972a7e07c4581cf622b3b60a796897c97851bbc9b2143c45af02d2918e06460459f23173074aac91ef9a1bdf3f752795e8f9d9c999991bca03b49e06740000000b5a264273df0ed94c03f30a2bfa340fabe2dcf5e1e1b77771c827a7fd8c611e657f21b7819c4aff561a647617bb64343ebe112660d7ce72ed2e1d0c8dcddbca7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DED99B31-A6C1-11EE-AE81-EAAD54D9E991} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20bf6cbfce3ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2244	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2244	iexplore.exe
2244	iexplore.exe
1080	IEXPLORE.EXE
1080	IEXPLORE.EXE
1080	IEXPLORE.EXE
1080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 1080	2244	iexplore.exe	15
PID 2244 wrote to memory of 1080	2244	iexplore.exe	15
PID 2244 wrote to memory of 1080	2244	iexplore.exe	15
PID 2244 wrote to memory of 1080	2244	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\050ea745b206961ba3577ddc24547497.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
707e2efa8be1a878ca7df587dc9e247c

SHA1
693cc15cb50eed417b3b835e6b93233401f2493a

SHA256
4d61b201154889a21af6b6ee1e375bed86d5ceff892c255141a64b44ff711681

SHA512
8077dd9a9545154216bf70253bae99df8e9658fcd9add5d2766610d1498fd65740b6a4d9c728cf5eb12928fc5ff60f7de7b5367fa42b337bdf60c2c58ad1a478

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31c273863b78bbe6152b4ba453e776b6

SHA1
eb4948d438400fe4d74276d692fe91f1c2b3803e

SHA256
6c705cbebfc67c1bd0698d8c758ee2e7dbd836b6529eb96abc2cebd60699199e

SHA512
e7e600391ed15dc160284f88c4be6c2f5d43315298932a44ab9cdc6c23e40d87c72a26184298c2669c0c837a2903e5db1e795d5ede05f802d1ac61ca56cb2a33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c87ebd98ea8639bd20e71dc2552a934

SHA1
f4ea2e5c80ecefb364dfd3ae4320c99d52812377

SHA256
3f910ac79283bc0b6fc4ac1dcbbe9377e73206e0a7623bcd5418ee01b18904a6

SHA512
4bb5eead5b25afdda735a6f6389f2cf1c91ae2acc75c44b883fcbe0faeec4319f48fcdf8637d9830b8c1a8efaebe63b680b84864cbd00f967b45d1a97188d89d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5881593364b4d2e11f46708023ed72d

SHA1
cc9e11d02bbe271192686b7a8386d70ad23086a7

SHA256
6745bf2bc7555cba9e4771df5ddf88646aebcfb490f001bf36721dbc513774cc

SHA512
49e9095e3870d3de78afb43a1ee78992780e7417f4ba7aa4e04aa94a1292a7dcf105f9bb83b2cbea1eac0870243f77a1981c7a884fd3b6f1b1f251c4f7365542

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
856f922c38bda0ffe8b06d4a61d26bb7

SHA1
10044a36a82d21969f032e29d142543839b73db8

SHA256
763dc7d66fa38e455d19af56ab02112ff0e32269bd232d64f1021affb3cf68f9

SHA512
ee28a8746c2f3644b4ee1cc35d90675690d2dfe15349d4daefe8b213e755c3237070a4bcde886930be579d03683b34000ec684ca797d8e79ec541e1df48edfc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afe8be896a0c11e7e4d5d81f9b2fcdf8

SHA1
df7b6aa54e5f18564aef60055f8c7dd93c154c99

SHA256
edbd0103a55dabe257b2801c6673cc44a222f7d281e713e5a5c1a2ff23795c1b

SHA512
986e1446420c520310642cdf62c41beb32683192b0df2829a968e5c60a7b6d71394888d2f04366d2c0026b87d41d3efecab9778ccb420f1297f2466bb95ea42f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb463a0e37e88107dc2e5831c70234c5

SHA1
887d3c09d0907ec42997d2a33b09ff7b864ccb18

SHA256
30b3d68960f9c66f2da52f331362ac6ed245f7a9f344187b3b08192977634b4c

SHA512
92074bca36f7110ae79ee0197ca3cfb519704ddf1653efab50233f803768194a34cce3b211adfeb94b59715c279142cf016d0c0a2cc02252ae598f32859a1e7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9acc4ddab495db1afdebe83b3e3a6edb

SHA1
6d6e4bafea22eb7849372d99f066e72542b154fa

SHA256
6b7793a38fd5ca6b0ab300c1f1002da5a56ec17e098c36b7b15b6c34ac5c5a42

SHA512
ac919acfa2e59260820a19f9446be9c056228b5eb1c8bae101a2dd95ff1caf58ce55adb5b1066533e621f0e2037e0de1b5a634dba4ae350202ef0e5a29c14f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ae4f61d5bace7492fd42b6418e972d6

SHA1
b6a4d1f780170d3c6fd6630e23c6db561d411e1a

SHA256
ce2489ceeeda3d533d983d8ae79a9d619ef34f1a77bc996cabc2cd19831028ba

SHA512
6e38a2a3ec9af8d3e44e23544ddb808ed80ed6a6946fde3093226dcbf6cd594ad8033da95ff5fc704176a47681c1481b2e21336cf69cbeb89918a1b727ee2375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d32815855794a543cbf4553727998b0

SHA1
3148cbaf59e86cae790a6bcf9fffb8acde699c05

SHA256
84ed3d1b15c83c0f7fd9b53b773790260038a67f21701ff043a1c3a07dc97cc5

SHA512
f34108783149b9d57c5b049617e40793cc46bb231f9738659328765cdba9c2149887afdb825ff5a6b623dc9dd478073a8a7d101d34aa903dde7c6201ad9f4fd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb725cd7b564eaceb89dfa083156ceb0

SHA1
d10caf0df0e15912008bba34df46aae1419aa9d7

SHA256
b6ac6ab355aef5f061b4d175718e9389e4a0633a83c7ce133b131d69d135f7cf

SHA512
53002af01ffffc9ddb3b8833a25efe9d216a458f03287a3480f75718c407f95184bc83abbf74543572fe95d7f06612647700ed009694fd0433f4cc4c70db1df1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea01e8d9793e87e47c024376f89fad6f

SHA1
419c89045b40fd0fb1bac7e9a85d97b46c56156c

SHA256
7e66dca13fde65dacde51a60ad96a820be396e02909674cbe3e835def4ead1b3

SHA512
7db1b4a1e634a351b659ee71c738f8f593da572600c76f764bd7a60c04fd98e305b9999c513786ce87213ecf27186567608ce7671afd317353ebddb4a5f9b732

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdb436e41c4add0dd1c32509121af19d

SHA1
e50f4fb31f690f013560bf6a1804557c857e00f2

SHA256
d49972d655090a05d3116ec27c6d7837c55154f14c31d8c7c27113ec1448c7e5

SHA512
81194ef340fe3ec4889b19f9f65e6dd317f9af46b87f397a09488456d6fbe0ff1b25ff243dd3e50059b03021a4f1eeb60442b9fc10f6f718c2efb55ebe3c3179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24a69ad62803801cd9a2ecc515b8b304

SHA1
cb9c191970037b6636c0a4381c6024f6e44550ee

SHA256
a53d8a0ebed47ffd4cfa1a1b1875d9ebccf6a24517914ece3b73e5cb7cdeb13c

SHA512
651dafd2793797341993cb100125e244176b83e5df1a27c966cdc63cc961ac2babe62d22a7e387f822b979036d430da0246fdf7d2c08a11209cd9cf67424ac64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acbccf038b9d388a2965245e33cba60e

SHA1
ad95854ba8c65c025c21763d141e821cf5674d14

SHA256
618786a2d22e55e35de90111241d75c310775c24a31acf7411c9e6e772eed6a9

SHA512
3dafc06d71e709656d9b3f5169d6d2001146cc7b42419e2a5428c8dd081aa8222f5d011a2801d626d83835e9ce7edf628f3c013af89b08f76dec345fd04f081b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
185fd0b617ff464e0b2b674c8b63647f

SHA1
d458eb4663f1b6e3e2dba60163575aa71d3cc364

SHA256
a79758fc9d4c6ca30a264d2883826b0b56b393703edda30c60a34ecfac56c047

SHA512
54e23f7538b3aba7ac3922c277c2b6b186a8f8d768aa8040fa216860298b2147eaf54cecc454aeb5bcf960eba9bb87aa1823af6c42f8dfa932b0dc6cf798c02b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bc836be39bbe4d4101fd7930eeb06ff

SHA1
ae60d85cbd33e80d11d5d240e533d5d4838de7a3

SHA256
22dd11ba4c5aae7ff485b9716ec6fc03e69073bded16a073fec3540391a096b2

SHA512
e78322da7c30f2ff76750026b851addd0a7dbfab3dbb4c020d6656a4edbc9ab4e3d1361f620df4680c278f9320760c9e9708d78815f3410318da0cd65d5e24cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5AA0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar60AB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit