5988cab0747b8beef702cda94f00ea9a4fff920700a041752ad405c54ac2c609

Analysis

max time kernel
138s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05f8b432b7437a25cea953c156abc53c.html
Size

212KB
MD5

05f8b432b7437a25cea953c156abc53c
SHA1

610ec9482454f2b8d743e259fe49bf182a33da1f
SHA256

5988cab0747b8beef702cda94f00ea9a4fff920700a041752ad405c54ac2c609
SHA512

1fbb2f9fc79b4a5c47e0efcb85348eeb46a5f383124993d3d37ad62057c878ac1382c7d8e0788ff50251198438275627dbe273b9df33f9da615c0af0253a64d6
SSDEEP

3072:7RB31yZ73H1WqoZuaTWuoAph4ADq3cXXt8KNI3mFw3MLGG9lE/sMBRhFTKoD:KwiKHt8KNIAM

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000005e5ce2695f725767e8478073fbcbadf88fa16313a8025d3ff0a7b6f5ea1d3331000000000e800000000200002000000000dcd5310ddfaaa6f0e466088b2f0a03b8fd69013f2954b733e23230b15ceb03200000007874fd69f74078e9cb1bba8c3c7761139c060f9879ae314e7cdfeed6f4a387e4400000000e2ce0ce36453a94d035d85e1b988b11feac608d13d4dfdfabff7bd6792bf0333cdb94179b4ccd150283d5c088ddfbedb8d492a1def95b7e3fb962330d78e2d0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000e5a7a36e28790f1a0831befa6cfcfdc7c0e6614f814120a94d907adcbce79f86000000000e80000000020000200000001adaf339630c3d0521399ce7df1d4cb4c89b772d917e0cca8119422693f97c8590000000e890bc7d8ff9a63dea7b0ecd6e34b451e9ccbc544a68a95ee96494b8869cc4f3d4c82b56bde390dfd7082bac2b639ba21904a75623fa132362b0fb0302e0430ff5e72d7def0b2a37965805e78872ecbfd5d349788e056b3415a1045d7417475dccd7920153dcdbdd32d1c32100ea6c0b2dae4599793fe5db8efe204efefb6aad4fd97c65fa81c79288896b3ed4f5a0fe40000000d832f749ee3309797c60e776756c40b5772780d6227b975b9923cf8ed0b2985dc17b53204845111200537db69df47563c6cae4c58bc71abd56400c92a8b954c4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0c7c5b1123bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410097276"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D870AC91-A705-11EE-BE5F-46FAA8558A22} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1708	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1708	iexplore.exe
1708	iexplore.exe
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2244	1708	iexplore.exe	14
PID 1708 wrote to memory of 2244	1708	iexplore.exe	14
PID 1708 wrote to memory of 2244	1708	iexplore.exe	14
PID 1708 wrote to memory of 2244	1708	iexplore.exe	14

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\05f8b432b7437a25cea953c156abc53c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_1AE11409F57BC5D68541053A9AA94231

Filesize
471B

MD5
5410753f0e0a3778c653358d8b2b9caa

SHA1
d286548b66672bf9a61d6b7028ad4280c498ad7c

SHA256
8f1ed7c9155cbba93b68dcd0aedad90423f1f42cd64db059b7e2da795a1f9c22

SHA512
b1dd5e9cd4a0fd11b4742b0e3ead22615c94fd123741a57fca73262d3c9a74c131161fde2e1c5970d9624ca889eb8f458ad5073975d60684e901d060d79ecdbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_C7CF4FA7BCF717E50C9341D69112D7D7

Filesize
472B

MD5
215f53e8e4f8397db259f0f38567cac6

SHA1
6d142cfbdbdf4b52ffc19911a786f9517e77dc11

SHA256
e0e7d49099717ce46a914574b3c20de267d0516123ea6e94a73b950841988dc8

SHA512
c3a6401b8a333f1d85751297ee986cd7739788b5e380e653bff68c8121a41f91a18f4d966c9faa7600fa04b094738ac17c0d243dbe8ea6a04e4d3a120d834ca5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_1AE11409F57BC5D68541053A9AA94231

Filesize
406B

MD5
0d08e22065a54c04f83c13bbbb5e924a

SHA1
8d04426e6d4c2758b5bf614c605d80984b604a8a

SHA256
da0bd9529748f01adad479613664ce07a714541c749effde835732606bda3fbb

SHA512
f881b06d6e7042dc7934a35dfe20b747a6341d8ed5f285939c9e1320b4fcd42700167b382ff8b82111ecd75de93b951650d45df58567f425bbd8f09947fe2f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7c4dac3cec69bb25fe1f418dd869fee

SHA1
6ae8bd2464da79c55a5e3f24bdac8aaf792bf6ce

SHA256
704e9e95913e09245bc63adfed59163f644370f64e5b22ec057367f089ce4301

SHA512
3c4c02fbd62e3091b3d833a9dd7bf899661890b15cd9f78dab4f966e94b69c2dd7b68f81494d8a77487730443da83897f5a5cd0b9916650f14fc1f5d89a68cdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cea4ca63838419f7048c53d3178c2f60

SHA1
78338cc4225625cecedc7b036486e453ee337d1d

SHA256
485fa1e1f23c8dbb389f6b884c77a25479a34969f83208ba80e1cd210846ee0b

SHA512
18aa87a0d6c275e5bb6731d23452bd71d74b71f0292751ffe879fc64b792186f73e31b8ac26da39864a1b6b74d1b8646cbc033ead0a9f1917d032282c13ea15f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adc3ceb8d0a4bcf511c4e39e8096f616

SHA1
ed30adefa7005d3e17ded6c2ce231caa9ea36bad

SHA256
b0d76cd17e74636e5d9a7bedbe88a5208e667f37d3307ff96d3ae5f66af4589e

SHA512
41b2b165e420d0cb8adb65222dec733af90567917a9a16e1fcc358f4a238277bf9d5e10d77d012d2d9a459414aeec5d693b1b1976d7592e362d85276447dd89c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d551b891c192e8847d2da4c9a123311e

SHA1
84a6063e4064a3c3653fb9020405037a6f533f4c

SHA256
43ad31414901928ce62f8b74dc4550d2a3e523bbb913e88a38840006f53e110a

SHA512
44a490e0c1106598b13c90c8c5e2757c01e0978c957516b40efad0bb40d679b51e88de99e053f397f46f848356ee8931ce5b653f3214139530658fc47c762931

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
743287c6e3c6f0e90d5e15e55e35a8ae

SHA1
d46365c53fc679aaa544ca6660afee3c6e1d93a5

SHA256
aa2e109ffe433ddca134883ec209141efa690e3084b33f5476f6d4ca62c294e5

SHA512
aa52afbadf0e25222e51fb367661d41b484e743532ca3d989b06b803028f62704f9ff2c8417b778c3f34edb122ca45adaa8b8978539642e6bfb0d60a1841ae23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2a63d4435e59fff52a6d7d9f3b7b983

SHA1
c125e2c54069b0a507a26eb81d54790943edb1a5

SHA256
335c46ff4c8c04c3b82c16098442c39ec512ac431cd7c95ecfe121585c7873a2

SHA512
51207946044206d5140ac675873eaf8d62ef0f212d5e5acebb1788b3485991fda0b78a2a25f52eb97be5b04b1334ffc93904f590f6fe748995579c6a92259ff0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08d20d24de06fe6b0f238df6642e592d

SHA1
ab88e6b354c178105853fc39e52a73aee90ffae4

SHA256
0bdcc6d8ff6f46211088522b0884e6dc3d9caf5f21aae5807924f5907dbfd3fa

SHA512
a88050efdba3f3298b2d001e038379fa6f26e11b06a6fe47c0cadefe9962f594ca246db34d54ce4d6153f4f8d1a26f0c5d4a255afce508c6b12adf1cb305f210

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64d821e039d8fb55d55459109700d77d

SHA1
03f53c69ed9f6c6c1d5e0b64e34d9fa53fa3c335

SHA256
9831f0ac8895b299a973bc871007216058568b81eaeaf850146fc0eb51d2c2c6

SHA512
221d80becff289cb496d0f9f85f3a59e7d80139940c23110bd9e13116d5fd8d30977970a1f4f528fb9b597296da1feca135d06e93ab6bba6e576d4a73346c3cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b71650be4f921e6514acddd956d629cd

SHA1
8108765cfbf3dd92a8906c829afe8c624367a475

SHA256
8d75d567433eb313b586358e2e927effefa80b3c8da08acb187803b788b0966b

SHA512
6691b193ec25f03dd37133414b2591b5676966dbca8e0ee1e56f1407e911ef045532b8009a796c1a919c01ebbee7dec66f7fcb301c42c1ce22b4a4aa78092a13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d464a905f80b3ab2fa523f33b525611a

SHA1
ede061f99926092963b9a9038f397af92adbb07b

SHA256
56cbedd4679d8f1355def225b4cdb5ecd7812a16143ba98861cb75da03c24fba

SHA512
2db3b8a2a8b44c689130d3797fcebc0332728c75fb9fe4e15c0f393e5121951fa4f002c0ec1104bcc7fa883a55f7f67d4c376902b84f81d394e10ce3d19a3d43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f02f4e855aca7cc3ee213d0a6d24cdcb

SHA1
39cafce53233199b25d968af9c3c0ecd54ff5eb9

SHA256
5de44d289d260d4052195091bf06cb5b67af2f6730bbe844c4313e535705d7d8

SHA512
e3f7fe06532ce7e15699fd9a4ebca6bfb9569eb9c722a5070d01b814c0819cf1f1fd9eec16e860261c52522bcd62dc0843e660b639ab5cd8621be201ec27d2f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\cb=gapi[1].js

Filesize
133KB

MD5
288c5ba5b7001fe841c32f690f62cc93

SHA1
29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

SHA256
c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

SHA512
e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1142.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar11A2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit