42ed2cffe90fcbf2ada3f9d01d2fd54c4792c5387647af00b56c2f7369fcd1db

Analysis

max time kernel
57s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

011bf46f227cf77fb4c561cacf1c2702.html
Size

161KB
MD5

011bf46f227cf77fb4c561cacf1c2702
SHA1

24672a70f199b3f2f24a5d4d9bf4e0b7bdfd02ff
SHA256

42ed2cffe90fcbf2ada3f9d01d2fd54c4792c5387647af00b56c2f7369fcd1db
SHA512

23ac2a4256ac8064632b6a0a6c09146854d1397384f4c5b03a9bcdac34ba9ea4255776bfe2d371dd8446d660a869ae3bdacbb49315ca7402f499448d78d0f591
SSDEEP

1536:LIb7wDlcBw/a1fIuiHlq5mN8lDbNmPbcNyHcp6WnF2:LIHwDlC1iT5HzWnF2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2F4B4E61-A7F3-11EE-86D4-76D8C56D161B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2408	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2408	iexplore.exe
2408	iexplore.exe
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2280	2408	iexplore.exe	28
PID 2408 wrote to memory of 2280	2408	iexplore.exe	28
PID 2408 wrote to memory of 2280	2408	iexplore.exe	28
PID 2408 wrote to memory of 2280	2408	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\011bf46f227cf77fb4c561cacf1c2702.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1dd43359613d1c3d88581bc3f2a5930

SHA1
f73deed8eb71c09a71f835fed4c5018b7f267c30

SHA256
0d6d87b142dbf24f2f1edb306c949a07049a03e6e9018ad285c93f2194223a8c

SHA512
1b1a61c0cbeeed6c36a42b621962b2e2c71f91d6dc8efc246156494165e0e32a14f9616c972d33a817ee3e52576573eeef07e3d7f0c9bf678f2834c542d5e6cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
001efed41fd41fadd1173d2529793a66

SHA1
a5dcace11dfd1b156fcd203223b6caa56ef7ff76

SHA256
05f23f30401f6efaa26e46075938ad76fea75cef3879a43fbde0f43612380d86

SHA512
b26c52750b5aa7f827dc496c0dc2b6b111abe8b821528072fac34fa1be8590f863ad064682a6539c3bfc18084c2d60bd04db0b2b2fbcf00dff6daad5eb0df71f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27f2a3a9e2f616e88a0817c783c58513

SHA1
00fe1263e951aed65c7e4a1f19369572870109a6

SHA256
a06a785dc9de6575dcf9f03b81eb6aae5e7fa2ab3ed718f72ec64204c2adb76c

SHA512
efb78754486144460343c936c16640ba8c4b4cc2b724e4bac409c59e54ae06a1f55e06f2acf0f8d3d95cf87505679b66d057cc5b7704f876a8ca26b512a27102

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30c5238d87f6265d59772ffd4d90a7e6

SHA1
97708a8d3da22f79150e344a20cc302a9b59b67a

SHA256
c14e3afa32ec0831d795563ed7aab181576aa0b602d4a98c19c1d35048e3492b

SHA512
5e2c786a57fb7d35d9b168e248c73ceeea8f32389eceb050bea53824c7031dcc1b2627d8bd7a066edaf37c4bc58f6c23ce9ce794f7d034756114381dcd813dd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7279967acb2dca033f46d70ff90b1eaf

SHA1
f3a2bff6247bafc864e895d8ce588d87cc60b952

SHA256
7faa8dadae8df7dc53b35a59f82c938fc3bc6f7c98df61a6363d5219000d7b41

SHA512
41e5c84d3c4de37b4f08c6ea7300c1c5bee68e87388db5a92fc5b322f6b0cfbe1a29a68efc8f9269c5428082933c295500dc3cd4a25cb6a65d35bf01681ee070

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1f9e66c8f03cf8558b4f382ca08e3e0

SHA1
b16e96291fdabe1137d0061ab2124a8d0de78ad7

SHA256
592aa4f01b58e48a50d24be1ccceb0d59d64ca5d676fc877b87cfe6122423cb1

SHA512
f1f3cfd9b2e3134ed3a43f81636bf7276fce27161683e991f1a5a9f7da65bf0d2e62e3c593625e172de33876074e1c83586421cf5d7b538de2144f03dc30c75d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a61ecac39dad5c4dfd84b7935e9e9542

SHA1
dddd5fb5cb7d780ff161fd1e33459740402b3bed

SHA256
61d323a67bf913e5e8021fc9ce2b6f7455a761faffde25434c567ab540df77ef

SHA512
eeebb33e3b344ee2f3c741a47fed6a91393f7a6e320228cdfb0185221517d1ba98ef95796461191e1c36f8f8b642da4d7dbd2dc68fa38d443c98c7dd24526424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2499314087d2f7805100a5551996cee6

SHA1
4c67fa69e2765ee1f782b4bc7e583b1b476c50cb

SHA256
08359e8da04952f127b17d1428d749a59550f07c157b979ed905c0f41cf2d72c

SHA512
339df668311af693754f9e30a9098b251a54e8fd2682f83e6dc565cda69cd87a3e4713ca1f5cc0956df32817b7cb1e0e03a0794edbaa5fdd0b4691d0e3be2a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
903418f0663d80481fd45203bc102ee7

SHA1
d20ff33f0b986061b8ac2a50e7b4e5ab4f1b6695

SHA256
32407b63451fa8890a5501e4fdd25a5c62d86e3e9413fbdbc02cc47594c34417

SHA512
cd7471f4a3fc8d5365640804346c7312f10c02a6179c453370d594a0cbae9a1562bdd20905d66b65542416b913eed1aa279cb5e655e6b65715475130b7eec41d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
141148de5fa2e327aa713a50f82c0146

SHA1
8f8e02e6aed7e15866807169c647798c66604721

SHA256
e561af86090e5262b947f896ac8a75e9abcb6f85ecc5e2cbf843d5bb85822cbc

SHA512
b841420fda944629fc3282bbcffbdc05cb8b94c4bfd5f709a4aebc0c2ff960008c208fc1c1c9615069658e9bd5317e8fb254b82c272fdf4f1a60385074bf7157

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f74b79509826ec86092582096bd61949

SHA1
0ebfa8e23201dea67951d76972fff39b11f63683

SHA256
26d73e30ba8fce33d989ea53b1c3fa45d3e96b4e7da88d03d7d45ee929e46a39

SHA512
60bd0b9266677674c4c003859826c29c43f3ed0915c11a3e430b937cae868d0314720418c67d504962eca57f3ee8d100a473344966c620ad5177e121e4b9f500

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e14718270e28068a44a375d747c9059

SHA1
b0a3b33629925da0f98dc8ec17f4abd851bb220f

SHA256
0655d41923277f259e448b9efdbe81824a1b797986f1e29fbbbb11ea7c016d30

SHA512
7fa500bd061b0867ead9067dee4f451b63c8b64a19bb31989168f2e9ad22999257bf33052bf0c2075da55d7413ea9239074781b12578b7488862e7dedafffbae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e21331f5da1fa0decdf788ff7471725

SHA1
702d3204ce77efb181d3bd0d7943be4557d8dcae

SHA256
fd032c29e310fde09c8d371e0d85fa790e6b16bfa386acd1e276638ade9f22e4

SHA512
551d1e8bfa1153b01f67dda22a27dcd6ca43c6084845036bd57b6832fa3551bf52dc89bd6ff4b305eae00fd96773b3f1edfbeef819d90800bb752929ad6685cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1122248b0330e2b6082777f0f3181f6

SHA1
08ab16bb3103ac7a2d0e4040f3f40a78978dd96c

SHA256
df25237682d5acb82fb4c561db6fcf8ad7665bf6d2a43d123652dde59457dcf6

SHA512
5827a77f1def577bfc6426876338321b9322b4e01286e42a14fa9c582a7e4247b102512edf5ab5756e1c63688ad0dc9d595b3277f10042c23c51aa813a84d065

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bfb653f26dae3a1cbc5443b1a61cff3

SHA1
54a50e40f8bccdbc0010a1c30d943f51567f0ad0

SHA256
ada675d80dd7fd9d17686b64bfdb4dee9115178c45318cadac1259b10fd4ad5f

SHA512
fc80ea4ea60f0a14ddd787f1233b83a9b642e2cad3a02d354a97a15861363a51723e68db782ed3240648122c0a1e951c937810fd69dc7f5c54b9e243b89d0f1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9db4c18235e831712a84919319b8cf6a

SHA1
ef6c73fd2f9d460c9d6c89bc3c1f13a5d5b70ccf

SHA256
1ea11cf7be976af61f5d298a96a1a66c1c01eb3c10c53fef1f75f3eccd283fb2

SHA512
147d3d464951297565138b7e69b848d75d283e6cb33fc5211c6f2401c2b77d8faea4488c810f516a6340ed39fb3060fab79f191a2eb6dbfa04a75d8d3f821008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ef68248df07bfa1cefcc8b86f08d92c

SHA1
d64eca18788ab895f1352e444f43b2b3e844cc2c

SHA256
030ce38d8886a96debcbe1894ac7d7d3bf70b640b1301e3321a40633578d1e1c

SHA512
340e8a14f4aeeb11eb531afc0551511421d410703075a3932778166255d1c6bd824945d1e19c365d6c19fba258c6b376f2c9c18d2d2efc33d90e47ab25049f05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c598030bcbd2dbfe20eec425ebe9bbdb

SHA1
db2aabba59e163af74f5618f2883d92fadcd8f9a

SHA256
ba5c0f10defac703e8ce27401f0549ade8688ffb8f1e6f7581ccf7c4d95c2ab8

SHA512
6e7a9d21d693f83c579a41e8b313f2d9df8ebc292de30ca17aae898e33c087e0433a3a5dccd23dae2fdf72debe5936b954f35210f203ff926ca88141516d4a4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9fe2cc574fbeb6ee1c1883d4da75021

SHA1
2af0a2b917951dfd97fbce2f2ff57188fa5d40b0

SHA256
f2f82bdb2198ed04ab2220356397744c7bb1ee8d998198a1cdd00594954faae2

SHA512
117942c866fee1f322bae7dbe44d6cb7536992398fa312a54ba432946251637c9d41fdfc2482810a728098a7321bb4a2dde6cd2972310ce356d1379508be6d93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ba0a99062d263abb5a35093ff4a2108

SHA1
fc6edfc20707fab587556c6d78da4af45ffe687b

SHA256
ac30efcc85144722a626cc928dc903be3f77db2a3df2a3f0c922a07d176e0aa8

SHA512
3dd2c002b04e6efdde6d4372046f4f3686c75f5cf28ac755894a45c7dbbb6e4cae033aa03882c9210ce9956ba2353ccc2b445b0f646d0693c20d3c39e0ec5794

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29c66d41fea023a61491b9d8b6ac499d

SHA1
56660d75f3bc37b30487fef0f8d74a4eda45dabb

SHA256
7a2f29effbe789123705e85b20fd9a36c8b4cab2e00c68d901292b3a76d0a1a0

SHA512
a79ae93cf7d6aafc364586cc2eedd6a6dc66a86ee551b2462b4c6a4d92a78b060a4ef03cda6f14b6b4dd03e14fafa0f9cd4499cf9bcec1d8184b25f84f3c378e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b5cf6b9c0195ffb5214de472e1b240e

SHA1
ddca7c7b3c3e2934167f4ec98a7d687a5a7eb712

SHA256
f3a66d3a19e04873f5aeab43443aa8707eef057b37f83483fad895f2b56ddc8d

SHA512
48f9c0c84b4e4f093548380ef26e7008b6a2dcc7ea0e2ff65a89f6edf34b88a2f42de5918a65048290d6eda1f57a212443b7fa4c9009d6c3ee74b8f9e5d8b3d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfb3082f2347818d1344063f62828869

SHA1
2876968adb510f2ce846a9cf9fd75af89c4d6677

SHA256
89795fc57a2db6aab17e2c870347e90214346284a0bc5f17ad7f58d2da43d84c

SHA512
0ae59058c807f0b2ef9f4156dd4a8ee3c99cd15f22144dd16433bd54f1d8d9d895f2783b30db5ff8cb073da391e61a77a942d308d35a8a17e0ed7719392a80e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5312.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5353.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit