2587a61abd4e34f7a8ec263cf683bb465ae43881abec10859e1cd9cdda5dadf8

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00f3c6cf7d7d749a02a8a4a95a015093.html
Size

842B
MD5

00f3c6cf7d7d749a02a8a4a95a015093
SHA1

8c887ada534f3dc3cc5274ac1e09712ad748de82
SHA256

2587a61abd4e34f7a8ec263cf683bb465ae43881abec10859e1cd9cdda5dadf8
SHA512

56c28697e3dd483492548f75b5af913d042b4eaa2df448b074a0f2d557e09866501f0da06cc2ed1e55e150a40912e92abe187a6927a487af310c68dbc5bfdb35

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410416713"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60de3b62fa3dda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000003a2fe7a7f92612d7a92134dbfcec3fcd5be49b02690c25b2937968cb1754dd7d000000000e80000000020000200000008e807847dee6d902949c0fff9c484c0f8010e63b81c08cc776b6bc52b7226459900000008161a5ed16b89dab36563d5021de58973b510cba6f4222b40e6f853977344d4e9cf0e8deeaf9d0b8f668d16ad1ce0e86922fefb4d1e34604430aeaf4a0a6224338c3191c754a390efbb3497d48e025365cc0a4d0dbc56d76247d81b7f3b2a620d5383e60b6dbaf36e20dc8cb75450f31c19bbd84798e7ceb0a0f789afdf6a14581d1b6cdfbbd4ac0635e157a7c868fd040000000e8bda2688a00588e7222f6326360bff5f06614903bf8817f2aa5ede4bf8c25aa2bd1876798701545cdb6b499be1449456d0eb9a9e4208220d4b7b7004fd23f98	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{983E19B1-A9ED-11EE-B517-EED0D7A1BF98} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000024c5d083d79d2109e0c59cc668756b00c59570d2b3dc6eb9e890866041cb8332000000000e8000000002000020000000c1ab2acfac92c18e64814773a33a79399c434de5564bca756df8dd9224819fb720000000da52255f9ec3ef6a81b553bc3ef77e3d11bd15ee9bdec1c4c9afb7404ee3010d400000000c3c3ada1e3e5279fab21ade74bdcb78eb454c2c9d40e8310f0c9214445eade78705df0d9b59a4a30843c6aef8cea90fcc2baa05d150938771934f306bd7ea25	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1748	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1748	iexplore.exe
1748	iexplore.exe
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 2832	1748	iexplore.exe	28
PID 1748 wrote to memory of 2832	1748	iexplore.exe	28
PID 1748 wrote to memory of 2832	1748	iexplore.exe	28
PID 1748 wrote to memory of 2832	1748	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\00f3c6cf7d7d749a02a8a4a95a015093.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a5cd86ebc14f599832588105c4f0ad2

SHA1
b868cd5c0eea5de69a5044f1b9c897a20fa90ae9

SHA256
3c668addc7aa4ca87d7c77503393a0902f80b8bc1d1eda242c61a25b944e76cd

SHA512
2ecdd7cd0f2648d7d4929a243dd39f7cb232a7165c6674bc4355d61bcdd5bcc94afe805e4b619b4c29461195ef7154ffd757714fb3f34eb58ec3b25372f3c804

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca9ed83ad70904dd8af1eda25deb6b9d

SHA1
26a05b42c4c5dec31a366cca403ab722afe78474

SHA256
242a5130f7a81b77d7a04a0e7f02c090d8946300d7e7fb5d7bd0f7399501166e

SHA512
fa2b5936948b15ae5165cdbf0a9ddd30b2a2f705fa250ba00ebaed723c25368d44d9d31e36760b5ad5f27c03d3447a217bbc1edd0ae65672364f573dc0a7c23e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b620090f06b877c8a63cd8e931f703f3

SHA1
1b64e41adbfd7a9650989bbc0965951f0ba69814

SHA256
31a0aad9578b28b0b51fa92c78250ffdd01e65d43b00701fdbb8310444b35c3a

SHA512
ef22f6835324d095b5178c862a2b64551fd35371cb271b226e505928144dae11451dd76374c9c525af25c80ac9c06b0744e30206f4ef36e682d8ad65ecbba9a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f53134563e1314335a78cd961e6d931

SHA1
91074be0dfdc009d3330a0b3f7553935248355c1

SHA256
d97300ee50a5650d5a770556a824a397dcd0d60da1d25c256f33d349cf257cf7

SHA512
cbf1bf6565456432cbef1a1cb110a39713f8303c24de6f65d3d5f7d7f18015dfa7bc5d9b47d1dcfc5b5e519d0368c06b25d4470dba0899e42dcdaa256d1b1d7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
334d023cdaca94853a08f10a034cf78e

SHA1
bb65e559ab82c02e931db11fde5d7e88b61966a3

SHA256
f4c78675e73fcaea360d5ef0d2b9c3b2384486d6ab5017cdfd9e420ce6174f00

SHA512
b4838bef0c6e8f77983c7a21a05be0afec09a807e01d898f0528474b230b1d8de4efb309b767f37aeb8513ce5d1bd983f2cb3f7e34fa432700a26f2a225d1cae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b61f1a54d1fdb6157bfc22594fbf2fa3

SHA1
b3904a087d1aafeb397474faaca4ea0cc78295a9

SHA256
24183f6ec5539bfb3d41e0d86394b32c4ddeb095c5db839053bea1b9bc91f5e3

SHA512
bd5acf5edadcbbebcb8bfefe57c778e35fcf8719503236d9430429ea06651cfaad47d376df57cab1eb67496fd9896e95f3ba95834be04c0b5921c31b47075239

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2071ab67e282e65aa47e79b03d68bd43

SHA1
40aea32988738a49d4910bda9429407db0d0ded3

SHA256
bd972fc677fd25a0c89145e4b294d82d031896ef509e04c14a28e3986f3f7916

SHA512
afef441e1740b0368dc34a33d6efef94145b70bd9b7fbc60a5341ee9140f14b32a17550cea43d5b6fa0132273fb9263649eee8a87a7b8f5e78b42bca288426a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8aafbcb2226f435279f4fc5f7ef3d84d

SHA1
0bf1fa3d15b013b7e69289c9e09784e59c4b545d

SHA256
410f33c0248c5c7bef1c16b26e0dd2bd9de819d8914f520e0421b2fe47667728

SHA512
4cdcd037286ae58b887a5f8d0f8e6ccc1c32e22cc2d7b337712434120131afc001c669ff7db8025341c660e400186f306fd2d499e68818d83d318cba97dc6b08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92538d1872a219b53c79a7381b423cf6

SHA1
c9034659d8240931daf9e87d7774a7e2f7e2bfb5

SHA256
10c7e42d392c083ebf05fe16e4d186a5303bb70194b8a8e31291a91c19426643

SHA512
db5e459042b27b138494ba358be396aec918806a3b6f868747f8d8d253c3ba61b45f122ccae8b3b17e17f78ee0e06d8863563db338932df89a2320f8820c3458

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
829168a82564361b3339f86e74a10a20

SHA1
5fe7c5a98a356dc3db47041c87e80dc8beb8c061

SHA256
2b52d289e3c30a802355aaf6b550298cd4ab46bf0d27218392c672b829f6ef19

SHA512
b859cf6cb017ceec8b236a4a2dc70830c29b3f5ed8fabd59ef1dfcaca3a0b7163a0748b477843fba9773427f032cf3f97efdb8c31358a0f0b43d830825312752

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20ef05fee05e5ddf1bed171d3ae1e2be

SHA1
7c6a9714a5f81dd01c3ae1161ff6ac393891b4bc

SHA256
d651392715c4c97ff17fbfd62a3c814f754d2487025d27f5242fe214373e825f

SHA512
84d10577ec49274cb5b374bb137f90b1c312d2800ea95e40cde81323db9c23e609c00d26bae5d90c942f20660c47d7a6d8429fe0920cab0ebe61701cb8d08f71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ad4140e56699bbf2351ba0614e54938

SHA1
9238a6f03f6afc923a655df78fd283201368c396

SHA256
455a1498d14cbd5d0a53785071d86cc574d818c7de2559af99c9934d67ec26fd

SHA512
c41a2124780f2fbeb79c39df6b0cfd42ff19c5ef7abc6fc1dd7732681e08d2ccfbc16760e9ebbbd55432b22d2176f90cc0368f5decd2e96f22607fad7d2eeeda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b614dfd2d9ae85ffbfdde878a42bf636

SHA1
54102903c219a547896afc981fdc040b795cf507

SHA256
fbe90173418e83f28900dff081276a2fa215554c003e3d5615af63f7a6cae8f3

SHA512
224d3fb2ca674f837bc140af9c5ad353742fdaced17be7f631eed28e9bf327aeaab24ab08ccfcd7db8844a7e14c71db674588b54954c28a0d2bab9e6eb06fd7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47f184c1a93fad88d080e68aec341928

SHA1
0188f3b9595ef05fc7bb69efac6740dc9ea02d46

SHA256
01b3ddd13a2d8280c83b5b8e427e251581213f74614c6d54acb7f36298ed93e4

SHA512
0b5b73b038e0980905f13dca8bb1de5eb5d142a4ceeb0688d8de7b30644b46c12cdb1a41555a188521fac728607fe37914426f9c56ebbdc25efa9f6fce43a73b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
853e103db92c04cce4d17953cfc84f78

SHA1
05d2942393f86ada1526b73cb70a2c18c406f96b

SHA256
9253aa2f169e873ff91ca5dfe2a6945c392bcebd6ebfbcc0e72e7a712bf0ebe3

SHA512
756c130c0cce51b595c4b43c51851d15238a102c1d49e0636ab693ccfb56ba12f74a613d6a00d05b12cba44b1c29d76421074745b956cc9eb46188e44bddd98f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5fff4016309dba33d1c14480ab20320

SHA1
f5688babd97def5faf39828fd8c6e5e1ec84cdd7

SHA256
3b60dabe9ef58d3db9e7c36c9e17a850842ee07fa54cf8e6877ab44dc57684cf

SHA512
5d38ac169eb154d442022ad16ccbe46ceb00b12ff3c837245a3bed367ddca25ec23e67eb1da5b9e75cdd1d8760913a9fe5697621de9fb7fd07efd9088af97fbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9080.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar912E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit