e3491588983fe0e60be7f0ca2311857bc6061b4084dc7581823e3389dd559686

Analysis

max time kernel
23s
max time network
137s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06abd3be851771573ac682280a105270.html
Size

36KB
MD5

06abd3be851771573ac682280a105270
SHA1

c9e5d97cc298d38b072f91df9684a8ad2d6254ab
SHA256

e3491588983fe0e60be7f0ca2311857bc6061b4084dc7581823e3389dd559686
SHA512

06ba8f9372977d985db156f20dc56a053d6eb79991ca82fb07d234afc40db96bb44b3c4e22a2bb73706bc9d7414218bc9c19c3649e2322a2b4a0e0738807cdd3
SSDEEP

768:Zcd9QZBC7mOdMEBpC5I9nC41Dma+46rqeGwlw8wlIbdPd:gQZBCCOdN0IxCiDsrYwlw8wObdPd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60282571-A6A0-11EE-AA09-E6B549E8BD88} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
952	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
952	iexplore.exe
952	iexplore.exe
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 3016	952	iexplore.exe	28
PID 952 wrote to memory of 3016	952	iexplore.exe	28
PID 952 wrote to memory of 3016	952	iexplore.exe	28
PID 952 wrote to memory of 3016	952	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\06abd3be851771573ac682280a105270.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:952
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:952 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
25KB

MD5
d24b2266268c34c906d68d694850e7e9

SHA1
45b71764c4d36a3758c585ea18ac29419a3f5412

SHA256
785ddba8cb838cd870cae1b57d42fe53a33c657ac61078903dfba8e02fec348d

SHA512
30dc47209bfc25c365a77741dc713f7ad56fbada3835ef766f39298d5e17316bab970e8481b15ceafea2a0125137de724dba7fe9f2d4b70e81aaaec0b1eae529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a6eeb09adc0370505da575016aa534c5

SHA1
fb6c93101c1c8a66893de9d0705079183df01360

SHA256
8151088d909a9842354ada9384f15d2540e0d2aef41ee86d382f519b1a052628

SHA512
910476f51ca9a6f1b6ef3cd30ef5c5ef53fcd699794c78e97341820a6b2966c39012381bddb3324bdb7a019a2428cef87920d1e6a7a0e05d5d4458b6792a03fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c851c9b766b1276f337768d3a3d1732

SHA1
8f3c1f3731aa4e8a7ff47f8b8311b35c6f46a7ad

SHA256
331a30be6fda244705fd5e8480ff0721cfc7846cee6a3d52d8b9040ea59f8359

SHA512
60b1f688c9c30eb9e5f68d6b157c7cc1370b14f67e9893c368981e494ede35e2a298a460821e1530d798753ec179f64a0e92129af0bc19006a14066b57ea03e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39a3fd4e728ae09e758d40243a04130e

SHA1
3d1dd1e6f6d1f746c02e25572fab02eab56004c5

SHA256
f0a1dff9e13b9d0d04546b49cf5674bb52d1e5211a4a12187425167648b9ff54

SHA512
aa81ff92be8def31905e6f0abcd4b6e4d356ffe3b305c368210c2f1eb4be87ab8a2893e717d588705e65339ad11db17b2226d04c76fe8ece792b2c1f81763a6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
499a1f468ab7cb87b0c81c447ea4537c

SHA1
dcdd7ae72a15a214de7914760c409885bc4369a1

SHA256
6989e929a9b44d718f158c494f822005bf413cbbfaa78be5a9f15c4bdbf9cec3

SHA512
6b648fac9875e22fa0e04a6e0f43d1734c7c4c31d3c45b76a18d82faed4a437125594619980e2b34cbaab8c6b211657be4cefe0a09da95fcdf53a1109ef74f59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6954dd870f82a6079a99a599a3e5b52

SHA1
64e42d14dec1729f255da416add11af2d2dc2f32

SHA256
cbacb14f72a13f58e1e81a1c3fe668714d73fc77c29170120cb58a902d51f26d

SHA512
9d4f0b5b64b99a8fb6ddb04832013253b00474f23bc812c4cc141cbd1613bd9d0655ea3de1eef9abb822d2bbd4e081b90eb4b0164da41fd58407777e09119778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5965148d4751ea877702c483b05451ac

SHA1
e1cd60c4f4a1bd587bf3f25bdf6110c54b9251da

SHA256
9934fc054175d515de2c06ca5d6ec855d09cf4598397857cc2b6e4432d785da4

SHA512
d74bdeb16234a81c6e9146551a82224cd62c234dda9216fd83ce3e621f518966646bbf81947ce411c1d016dd9d387742d621f43915b4135893d7f1c1cd831aa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07fc7d2e1f4d12cf0ce00541aaa033b7

SHA1
e6c9178d4db89d76cefb7a6b181a67dfe61cc4a2

SHA256
110de4b04b24027201a0085b7f9ca0d4db2e10a0a62711c82f7530e32466854f

SHA512
413ac3b8769f659cd012e4e3c5c803aec920e5744d5ade99a2271f35dcd324d6fe5487ed75538ea2dcd2444adcc6653ddea649cf3a3904667ccc62961ebe1550

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d162b5da62806931508e7da22393e4f4

SHA1
ea7586a82f6c2182e773f523292d0d8cbc9de3fe

SHA256
f240d40db3d3988b7f8e90f03ed160db8b63a825e7eb58d211e2060e4c045460

SHA512
723dfd0bdb83e933d761dde357bc7fac71e81972463bb4296bfdfb4a81152cda113267985f8ac9631186061a3d6e198c79fe17f94315a8bf3551a1f3f90f44c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53b98a7a56854ec631aef109d4195707

SHA1
2a06f487dc2b63e847b6963942d27e5108e18137

SHA256
97ab6c9922bc7c7d766af5c634df4cdb4fdda0ed17c715929927334d424c7b6c

SHA512
b2b958d2875cc6979c3c9c5d314f55eb50f2ff13613f268a6416a41ec9600f79470e7e933f7d35764ca6700100045584de0d0107e773b2517d6ed912e9fbb254

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5743ddd71a1fe52ea649994591d361d4

SHA1
5d99007e1a62f5c29adbcdbe1ea9e23a367f456a

SHA256
314a7a2778f3861482ea61edbe78f3f3c2142c7ff46e72bf975884a7cf982c93

SHA512
952bf0e7ce66fb379e8b93d54ccbd1422f7d58ecd73ff3b839aa07c914bb766baa2107a5b9a0291b960c5bd537b99390adfcb38daf2e914010dd0a8eeb1c02ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8f78930437200e2829f64330e713266

SHA1
fdaf51546edeae38d3d15498f508a04ab7422923

SHA256
c589ebcfa94b6c7d409f41d3d62dc0e4f828b4a53bf30bec77efda9c25e7a5f9

SHA512
812cef731989039629ddb6ae0e1bdc7e13b7e15ff66f9698ab635db2a3bf000a764eecb629f0199c107ed23a0fb85a94d590e9ca56dd1f6c18e422d6af24a0c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b272e44935c4d81ee77cc9dc899fa631

SHA1
a5335bcd3b2cdd085bb59bfd96a8a70dbeb0ae40

SHA256
39fedc01f770c96cb38a0674527502b08bd87dc0a78e324b8b1fc3cff055a0ce

SHA512
b0f29f8afda9f8ac436491e19a57bfbcef180c815a77229c9dcc409781763ab663f043ca18b357b3dfaa466352cc8dc39169bb82c7fac12fde0a263569866f90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
619dd93daa94b3501a51a783290e3fee

SHA1
f3113cb19c024e8b6f34a1e38d5029b7ddef7cf7

SHA256
54edf629f46fc4a45ebad476a674cfd385bc4fee2440623121f45ed1c5abb35a

SHA512
dec599a1613f062e12d2b1fdf1597591a38ebf86001353e02ecfdac6a50e679d736f3e63d131e58fa8de70c7938dc4ac35762c59e2ebe904080b03bbba077ac3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0b5d35b0ab45f2bf8e529b976b09b14

SHA1
e5d5bd24807c698c14c2d134bfa793da1f6fef93

SHA256
6c73830ecfba3811c0a883a298bbe19d9af952be28b80146bcbb25c41a8bc37a

SHA512
244fe9919ddfe35f106a692af5856829aa66d7ea63f42e42ad3695627bc54f15c91178056e71a20e61af3d862e21a7c7fd30420f97f0d30d00823be9c9009b62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fefa1042e9ba3c6c308f6657a82c980b

SHA1
da994be34724e94ba390f262d9bd515b8b43d71a

SHA256
8f420cfc325b97ee9c3edeffaf1d10055bfa0a4295f40826514167d78e2b545a

SHA512
731777f883813d43f477d3aa7feca69862f848bf178fd4f607df62bce4c314d9a244cae2dd3c18d78068a45a160184689e7a828b9f7358347197a46a999211f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa827ffb021afe08d12c14e3e65a3be4

SHA1
d3c8e90905be51d1594578e5e8ec76a58866b5ec

SHA256
706a868fa1d6ddba00b09daf3de207b7f13755f7140ec4a47222e5e19cd2d8e7

SHA512
3f64ec5315928d83150de4b654654c5eac442d27ef09aef330f87b86e18b7d79c703b0d4d9a901098fee2b2b582b36c43c555e6eb26e4b5bb0b2cbda6a72b605

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a857f879139846ef002fcd613b509287

SHA1
e17eeb3ae956fc9865ddf67eb6d276379d1c6e27

SHA256
626855dcfce49350666b178145b36ec45dea0e5dabd5e02a9baa391ec4b860ed

SHA512
d4db25178b8f1e5bafef9b7886ed86b7198dba1ed92c50f5d8d6d0f6287521e0517a7777571e4c03a952a585eb6478ca191795e44ba7343c5635777e2cd7d35b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
376c75ef79048d542a6b1f13095f64bf

SHA1
7d881f0e99c841e868e02bdd06b30e28f30882a7

SHA256
4c49838b18bb44a7ef46c43955eb64690ddac45212414ec03cd023c596cb2f42

SHA512
53d73ce734ed6ede8756991af638b7a05c44d58aa5fd199952be4bc72971570725ff1767b3acf5287d8fd74e5c2f4c5f9888d6ac84283a3f36c26a94abc8ee14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar302A.tmp

Filesize
12KB

MD5
2a2c121d0b0f6850ea6a52999cbe1a8e

SHA1
16bb2e0c3733fe19b722197dd6ad5ad2a44a6824

SHA256
67bb87f5e5efacd1a0d60a5792e00357040b9184f4f374c726b106583af506a5

SHA512
9656eb898d19a9a392754b5171b34a5de64dbb51a966bc1d1f5e16eb68a7378be11e4a9442eb7c526ddbc0596270118fff68e3d6a7577af427806b3fe522c28e

Download Submit