e5b38ad2907900d268621721a82c6e47b35e10ff97498f86a37f0eea80aacf46

Analysis

max time kernel
3s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05d330b1092756cae1672ba6c4b28a48.html
Size

979B
MD5

05d330b1092756cae1672ba6c4b28a48
SHA1

0e8ff6400b379890eb7eee4fe1136690742e2b18
SHA256

e5b38ad2907900d268621721a82c6e47b35e10ff97498f86a37f0eea80aacf46
SHA512

30abc9a6a2d57c8fb6ca3415f0b0d48f0c2fbf1c62cc5c669065782a8b995777258d76f16468120a8c663a67654bcd5e80d9887f422501f89e596e29b287126f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FDF21F31-A700-11EE-91D2-EEC5CD00071E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1044	iexplore.exe
1044	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2700	1044	iexplore.exe	21
PID 1044 wrote to memory of 2700	1044	iexplore.exe	21
PID 1044 wrote to memory of 2700	1044	iexplore.exe	21
PID 1044 wrote to memory of 2700	1044	iexplore.exe	21

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\05d330b1092756cae1672ba6c4b28a48.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:275457 /prefetch:2
  2⤵
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb4be29740070ae86c051ef3b526f0d3

SHA1
3b9403c67bc6c5bb1f7c9f56987f1c398e199f8e

SHA256
240afd991dd830fb25479340b3f921d92dd2755fb81509fa064e903ac9c3fe05

SHA512
8aefd3a0add1336c25c32423a99a7422f402a93643db943bffdff68e17bea392a8b32bf819d2ad9f4585393d021f5f18f8f197f88830a2d8ae9e25b948c23ae3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bf1569acb1795949fdbd2b146f21cba

SHA1
63b664fd1b5cec34d458fa35e0830c303d66c0d1

SHA256
8a9f30b6696633459d8dcc25ec11e7a86118c6a5172ff7110f663232e3312813

SHA512
eb00dc81e3ecdfbc01498b83548ca2aa80d47d35fb6cdf3efda94904bfc01f2a58bfd61db1e9b6f23f5400a04b8bb5011cfc1ec6c630fb32541af1df37a82433

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5de572d6927a277a46023ee9c59d9235

SHA1
412c667ed36d565392ecb9b6465200b137ff278f

SHA256
16bc3a4f320242113eba0307228db0ab6197b09e0551398272347e44677d8235

SHA512
edc5dd465404c90be7e877321b413221159be5a836089c45c8efae5e00dfcff22bc9a873702a27b53d7e7ec4673b6e3cb7c4abadc713783476059b62c88e5f07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcbd0fc14c30dd502a4b543718297eab

SHA1
a0f725772521bd138d9a3dc8abcf32e988cbd37c

SHA256
2e986c26bb074a62f7422e931e7dfa5f9aad0f5782547c3f39f82a5d931439c8

SHA512
8da0d68b67736966c4f1c4f9af390f142ad1757a5581ffce34c80203b6ea13b3b9a41c9a2117ddf233969feba9b831727824faab0e3a7eb4cca2e7cc9244f415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f083e9a20ac45d96f20f503b054d9325

SHA1
d6b6f3ae2b712f865a46523401e27ee918f5cf43

SHA256
316d3797a0a34842b32d99c6597c87513d3c39614a44f6b931d7247d868a61cb

SHA512
b6074641400ba153f928c428bbc40cca1115182cc1ef0b14f8fc2a387d92a95ad90bfbe5e4692df9e5aef90133c0fc8d94af8d66567556b4d5bee3f0906c159d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83dc3ab9bc6366b4792027188391334f

SHA1
ec947a2e552fd233ff8c066a7d066fda30a45db5

SHA256
a4f6d8c470141ffa86abdc24c63c333bf0b116497aae26ae50909732869f635c

SHA512
eb7687170a23c2345c65f28dd67d85fb2c3ce622d7b73e81eaba660c5d5e3b3b9dbbb1fba205c25a43f1840ce888c6ada9788be4f9d48305952d90f9c4e5bafa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef5fe5d35a921d84bbdf5e5525d7d08c

SHA1
e0aea4fb9d685f4c0d5983b7b5eb92c2d62b05a0

SHA256
9ce8a7b94e9794f7f52c99cfaef00b29fe9896a326c81fadf713bc63ed091275

SHA512
a007df916a49f2c610df51e7041d6682ddcea18cab1dafebba81f342e58b69a81584f002825902101d3cbb7d154772dfb3d1627a858a90f762da047f8ae4f3ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d1528868a9d4b336223aa64b5ab221d

SHA1
5c997bcfd88285eb9f56e7f8e2df35e4d9e5e7f5

SHA256
c17f0242af773dc7ad1b4cee38b52f9bd6615ad9cb21fd7eed0895417fa47b0d

SHA512
c9df876f5eb1263d8f6bce22ae9237d2fe865478c15c0dd0f3cbb393c2f3c864a0ad581f98763619abb5a172c3c7bda339066e72b15b14c95941615cecb7f9ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ced176b3d3e992c1cc994633c4fc653

SHA1
4319dce22405180022b1e78da22d06c2dff65922

SHA256
f86ed11131246e2dcc5ffd926d057c03dadb1fb3f2fbc5e0e05c3bd563db3dbe

SHA512
0e5c65db63f69db66a0b906c80c417ce76dec36b2549e4d1014d048a4c22911097d3bcd63d8b9eefed5a717085cbfdf6f9d67a62cdd02b918a45ec07da748085

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd110f4ebc2a82591424ece910778955

SHA1
a9873b0e268d063a0ea8f3694e5db15d582f6ba0

SHA256
c52b3651308b4cd0f25fa00af0a4cba1548f4dab0fba360c6fb72f978a90eb37

SHA512
6326c06fde29de0eeaed51376bab5eaf0fe4d9e5b4b9360dd22688d5fce7b34a610f8455836cc71303cfc099be03b594b38c2f6b8027fbb1665cfd67722c20cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbed7ef8c95f070fe65a469cf93cb5a3

SHA1
eeb85eb3d081389b0a1cef597cdc292aff7b76a4

SHA256
dd1e68ace82ae7d3d9f1fda66e87ef31264f586cf16bb75661cd81c28522813f

SHA512
b3003f9e43750eb8417aabd37b949e20aba97cb92d6a8d2090691aa7145f9bf572054a4757a363789ab0d5d2968e6690f8b09407075e152e9560c21a2e8f275a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC19C.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit