1d176aebe370fe14839d3c028163165bf15c79a5ffb2228de6e8c4817ddca5ae

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

00638852ae8ac6ba868fc7ace9bac9d0.html
Size

13KB
MD5

00638852ae8ac6ba868fc7ace9bac9d0
SHA1

edc53e0d78dd82e70b32d8de83d475b53ff3c120
SHA256

1d176aebe370fe14839d3c028163165bf15c79a5ffb2228de6e8c4817ddca5ae
SHA512

741e3194ee7fcd1e962cadee6052c31f0e7bfb7e66bd067bf5b7f4db5e2acd686c7085b6ff12d5d496f1f8a406294422e64e7fbb559761fdcec1dbe9d7f996cd
SSDEEP

192:SUiQ0LAc6Xlv15K0xrWP03KbyURciS6rVtBrnhsxvS89N1oevTP:SUy6drxW03OZR4krhh+K67ocTP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0cc72adf13bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000005af810a2a19ad29623940704f8696e5fcbee69f1d2c65cc22d43f075b33e6cdd000000000e8000000002000020000000b18a21699c465cd2ff5f9bddac1375816274b4a8ff99e7813035d14895b19c9020000000e11816d12ec12fe3b0bc72e9c867a769a6e8785a902aab455f1e4af1abc65ad240000000d554d1b17612f43589bef81e0e0976146e46c1bcc054fb03c7831a3e808af24b1a12530e1e2e855ba5b2a7c30202a17be84e5059633dbecdc3f9d362c1288831	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410193068"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000004096317203050d67c7197bd5423b1cd350a387395ea4f0e23e7c250612d70aa5000000000e80000000020000200000001c250094c6ecc6724d9eee2d887830f358fece6cb7ecdce9c7a285087a51a3db900000002b0dcccfbfa7cede22497a5964d13cff6c8597253565d2ac2284a8912f3a87358dc1ed097bd48e22c55937b2e1ed9655c6720001ade95ef697b8aac6d149fcfa72f8cf84ef6e4cf6bf74c3c96ae45d69281a526ec06a056603dcd8a1944e589db57b9ed582f71173715cfbcae0173a2f70d79163d3f23cc73343ca5eea424c959c83dfeadb829565e5d8df89a71223ed400000004182876e124ccd334a91614bbbcee573777875da60815e2fb821a570956972906a765314d13ff4726760467f1341da6c066cff51c9218023553cbda26cb34271	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D468DC01-A7E4-11EE-B432-EEC5CD00071E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3044	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3044	iexplore.exe
3044	iexplore.exe
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1740	3044	iexplore.exe	28
PID 3044 wrote to memory of 1740	3044	iexplore.exe	28
PID 3044 wrote to memory of 1740	3044	iexplore.exe	28
PID 3044 wrote to memory of 1740	3044	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\00638852ae8ac6ba868fc7ace9bac9d0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d7de354c0be03888cd354941bbb7cba

SHA1
069d467b3bf2719dce70509a443f5137a823dccb

SHA256
405607739817640f8f4689a01359134e6d43437d624256978fabd263c5260fe2

SHA512
b68467416285bcbc8b5b697ba895cc95b078a9ddbf162c978c2a321d0808dcc078b9c31ddb07c8612d40c800eeba98e68bf5347d63035f0ee5cbad9a5456a5fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf01c35633b17acaba47a6a02edfeabc

SHA1
e80f16d8e4f1d395f2e2c7b0f2161a0095247eee

SHA256
c325c91ff71dad6502f97e799df612a0ba0351b9e072579fb34cb422ae833951

SHA512
8002cd26b373834b1424609aed7850f51913bb740b92400ab97f7abe1a068cf8006a58df8ed67f3532c032defe050d743c2a0225d25bae9ea943698859bdedcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9caf263c41c0ff15fba51ce296d9fec1

SHA1
6806ec615b07e5a8b2cd4029e36b27d0642beac2

SHA256
21542ce2be080571911f04f76c34e83d923d74689adca5eeff3b9f09e1251f89

SHA512
fc4d91eba2dc680ce0f0c545a0c311bbca8c9006e9b6a5eef2cf6b4b7a5dbdfb15d3188488ae936598558453aa9fb69f55d4bbc5e4cd757d52a5771860f08803

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e24d1b49c46467ac161d1f5a5782129

SHA1
70d614b60d0e4ab53d8a6987811d046079061aae

SHA256
785a451950251097b74ed501f6c676fc5840bca7faa584e9d5b06d0308c31c83

SHA512
0c25f1fb2a7f3a1dad6896ccadde6546b5de7d6afe7f1dfb16437c2261fa7a9d40b2f423fa3f2ee766682918717003315a7974ee7a9fd0262de2a74da7a0cf83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b390b47ba69191ed9e3b9528ea207ea

SHA1
7d4ce85f41ef2f2e7e052b8f50d3b424bbe6aa1e

SHA256
df56c7456baf2da7dfc3e03c9d861a8dde48cf15c9c54e0a68baff0f283dcfa6

SHA512
b6a46e2ed02fee85c07285238e24834b2bcb27aa4b5f66118482f67bfef710c5707986bd3950282e182a45b72e0c46c5855de17e74bc26d8125d00ccf7e8c0d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47a1f0d2812943f55d0d44c12443e3ee

SHA1
1ec1e1d1320068cd875c9389ed5053c585b0c46d

SHA256
cfe144d5cbd9d49789210c300d2fdabbb4e7d30d8c2922cec30602119bbfcd85

SHA512
dd952e4cfcbfb73920f05ef9534ead89081633d68ae6899764bd65629a4b1cf0ec51ef3befa9670a0de7a7762818434bac165fc3236381c58ad99bd09b4931d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0844d42228d156747af66140bc4064d2

SHA1
4ee2131df7caa5a49e52d857e5c58e2f7851dfcc

SHA256
c25190bd218271e5593646cc7d6ce9d85c3ab0e5868f34ee3fd2a98acf394618

SHA512
54572d45b3ce29b5481261de414f6fa4656bec834d55bdd6c022e6d4f8bbc7a20ef0062a8cc5e0bb7db54be554716f08638926dc2378f5cf60015147ce2c6d2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b450400b505e5ae65d1c109f56e813ef

SHA1
723984f00a660627cd877a1f7250f549b276a065

SHA256
7f98b1a44f6e7848e360a20a44b569f7ad320e04edcfa9311577737e937d92b1

SHA512
97ea0bed2e2bb3376f45cd446f88b434b0b26ccff905a7c8cc06c4ba0854ccf6f9ea17c7f9103829001b2ce3c1ea574a489f1c3ea86dad585809d83a4b98f212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1f69513251a881f129d1b4b1c958504

SHA1
dd2ec22b10c70a8624925b27f64b829f3dce42cb

SHA256
ea64edb15d2ef1f395f0ed9e58e01e289a4a2c17f9ade67d825d45a5a5560f4c

SHA512
70072b820f0bdd3581775fc691f26b71f69ca17d66c99f3ebf059407513b0cb39fef196e6661f9fe67ef3b603133c2d27325a31ee2af85e3a45f15e480ea339a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d34174afe928142c16a5fe71c06b76e

SHA1
a74a5deb0e496188b51ecdfdcc4f9b7aeceb3c44

SHA256
733a7208c8d90252b846bcd372292716b78e941a7520fc27598a3395fdf018eb

SHA512
86ea79f59803e06b5857f44c231871ddc54259a5754b819dd4fa4f3c6ba4bf880c4439f22c3362cf6bea5e9e0f79ab20b254b774b4ebde69a54e2fcfb42eb5c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2ac328694383055497b064fbc5f4171

SHA1
43ecdafc4594e28311aa15a71cbdce6653655daf

SHA256
217e5a00811010c55a3ee5b1c2a6cc84cae3bf60fc365d1ee156f3480944fb3e

SHA512
d43459aeee7176aabf59fdfa848040e5a0500082f249c1124c65a25fb17bcd16de01065621f4a22bc1a0168936f1d86f23efb5e8dbedf9c34ebdfc8af76220a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb683278b4c99ac28cab8b727ea15b5e

SHA1
2e85b895ac21f57b98af17a03a9cf66dd8e58dbd

SHA256
fabf1ea06901c90bb2abe4ff0a28d8c5c6c332bf2b961960158b730c814b3d76

SHA512
e69a19a02b3aa6ed75593d86ce22f6f7b1616894ac0f240160ace659bf31ca09a1f82570a4ba2f96ebf0d557312e9e75cce509340364001f0b6d44cc21e42ac5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc2ce75a1280ce35391fbbf8a415e2e8

SHA1
bec32b6ef55c483e1bf7a09fb0b4ed7d083b66b5

SHA256
4e25d8c5001acf3c5113850bd7e6cf5b0ac7b2628fec7c7f6d9d9e4483f8f561

SHA512
613f45d941669ac8938a73f37fcdce947c9837e63716ffda1e5252fa926096ccaa2525306730ba1e739302ff37f8f171ba0631a0f1d7ec315f55acaaa4910221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8811c233cb8eedc020921f0eddf29369

SHA1
5801870a7bcecf95022091698421ea68fe5dc566

SHA256
ba488cea774bd68060af4ef3392f0c72893f985b8a4a67667fc8740f2899c6c0

SHA512
74ab400df10dee47987759697bc3c8d9de22cbbf547ae5c983acbd62fc6ecd50dc2434fd81574de1a5da979688785f20d42afd1760a5bfdc786013a4963ecb2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69c59e976366483a89c215b0e71670d0

SHA1
229676d66c50bdbc04fee45c0b68a20640c5bf1e

SHA256
76de91ae1028cc1ab08c5081c3be68a7efc8b7f0437f4d20c810245a70f08972

SHA512
7af4537d8070ed06d4046a47dca5b1c5362b028ec541850e1464335e7690f7cea7c69ab32c1ae7cc27d19755a82136cae5e37221eede22f4e1ce569320987874

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea84e0cc2bdc909d6e3ae9444132b613

SHA1
b981a896c69b026559b6156e23a8acb5cb1c3e0a

SHA256
8e8c40a3dafe9ddcc781d4f6a7b3329cc4bbd879ee8b9b4a961850cf9c1496c5

SHA512
f1592d437524559c5084e6d61dbeb1ebc9ae0fd01d528300bef6d869fe2560fce6650a4edecc01cbf4ac86e175d7a9b36a031ce55c448fa39a106ac4bfed50d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4feb77da1726cbdb825bb1dc257d480

SHA1
b54eed37ccbaf64803b25c90655579d054c663b6

SHA256
772d7ee272592f06b4703cdd3f52ddc6577fd53f35ea64e955812e9251f8467a

SHA512
2c89ad611ec000b6727fdde450efcd89fe5d2487b3112666e665b17735e97fbb129bba358ae326e225485ac210c5af1bcf15ce4e762af91f363e0029178f9541

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab43D7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4437.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit