2d80cd563f39775b3cf7f2a87560c88f3b6e61af2604e47ede1b7aa8e9693e5d

Analysis

max time kernel
2s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

01e5c88c8dae1d02db26f857cf808aa1.html
Size

16KB
MD5

01e5c88c8dae1d02db26f857cf808aa1
SHA1

1acf45e771f13fa3b93e3869087bd6be78dbee8c
SHA256

2d80cd563f39775b3cf7f2a87560c88f3b6e61af2604e47ede1b7aa8e9693e5d
SHA512

4dd7020b4bddbcb0db3a8aee05275c3b8c4f0fef7987ae65bf68e253edd7b6da9c248f0766edbaf0f9ca39a0c7e9dfab9c1db000a4752ce39c6b23ad6571e8e3
SSDEEP

384:GS7/tHfoPUgC0MeHCU7d1Qv8AqlyxGSEw:r7/tTgCjBU7UqlG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B34141F1-A68D-11EE-9D16-6A1079A24C90} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1736	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1736	iexplore.exe
1736	iexplore.exe
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2480	1736	iexplore.exe	28
PID 1736 wrote to memory of 2480	1736	iexplore.exe	28
PID 1736 wrote to memory of 2480	1736	iexplore.exe	28
PID 1736 wrote to memory of 2480	1736	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\01e5c88c8dae1d02db26f857cf808aa1.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef30beaa2d183631dc14a6c4a0423bbc

SHA1
d2d482e6a06f6c4d64700b6975a737f062a58eac

SHA256
015c98c8b130f94edcd0f443e5b9a807b5ab360670e3216f4845390e5e25e9d2

SHA512
5632f5dd719ca48be0da4e8048d1d3ec22829c72bef2ff77f3b2d6867919ddf6b51ae2dd4def178e6260385fb70f89300a75006b8e368b45f646721b01ff8b97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
295fb937d71c67719e4951b2cfa323c0

SHA1
a8bb6dbb145594e417b1a3d673a5648704ffe3af

SHA256
48904821b8e24c00c1d8e49dcb45d680b2b0ea43439d08e78e0cccf7b57ce48f

SHA512
4f6bfa2c36e79d41039c3f4229fce4e8230dba3ee2d622c6477df08491dea5354e808990a6f85c95cdd5ccfee9d6224a3814a56e0a6d86c6876e7b0881658561

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c2ebdeae4564f948fc864cf947f32d2

SHA1
c80b9c8479f56ef18b27737a3c9cbddfba76526c

SHA256
699d0eb932866720dfa5b34a6ce619c2cc1e140e09ee0ad6543e542b301b5cea

SHA512
982742b52b40d90e64125ea918ed3e486b80840e1ad46c8b60c65b95ab316eaee2f55da7d48946f718ae3fe8669f718b6ed64b558c89160bc9fefef040b7b53f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0bb4ada809790787735dd6e6932e480

SHA1
d218dac1550f4b8fb9067c5012f24a62f5bb9c0f

SHA256
198ef543c4d3faf5cacddb0505d82598a9f1e660c213afc0058579fcee5e5ae3

SHA512
6fecb99a821e82dfd59c30f170a0e41cf6e529788afccff83758b5c444600847dc9a3923204c9fe1cff5f94cbe1d82ea92fba04ba109896cd217a5d24487613d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca961ef4e01608bd95a3abcabf6f6c1d

SHA1
fc423369f1ba02cc241db17ef01b9f01566d4b88

SHA256
b2f20ba4909ac4c5df4babf2fd9528140b17b05edae47d38f130d04f797bbc54

SHA512
f4a29dc4d980d443124e3cb701ba1ff32058eaa5c6533d7313a75ba0ebc1c312f74944bed466f6c130edbf36aea90bf7de5881aad64b57520dab33676b26050e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77efba0e0ed88e2cc9a61ec2c7f0e20b

SHA1
b3cb5df65ddb3fc057fc63d070c1e57436bb872b

SHA256
e8f18c45d8b3e67022ea48356ba0a8047075293b4f6b9e52ce365952b607428c

SHA512
4df1c478a7149b9a0f1815c23a974c68fbbfb6761600b2d1be54548dde26fee19b9b39166d4cde3483e74e6695cab4b22ad874b30994bde39cfaee67deaac74d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfd8332daa5fcc873e425442487110c3

SHA1
332ab13a27e0ffcb498eae4869c074d5f479123d

SHA256
c3ebb6f97ce17a95deec203e52b3a103fc2c115d4ac2bc0cc0f80348584b572f

SHA512
bc33d9810c073d4d9e969e0b7935fce2515aa4a74d089579896681bcb7f7355fb13d2477289559548c41248ddfb5dd2714d9b5d681825fc3e7c5290877fa34c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e48c3b727e8bd52020a8447fe3655df

SHA1
9f3f4ff2fa896851558ab8c1be3f526c51726005

SHA256
04ef7d91647980d47b384731bdb33c374fab39177444a62e08f5f1118ae064f9

SHA512
6e71875cfc5a2e67b9237e94959fdff5ec55ef9918b78c39059330e5f99bc658430548f7b07714a25729eb354a8838054fa152d3398083b11960822372bdcf15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fec64b657d494b769c880ad6d5be1aa9

SHA1
d6d9c3fcbdb9633b14b1bdee247900d949b4bdd8

SHA256
3d5555c66146df41d4ea5b1ba75695b80b6f4b3c5cd0727c10cdc1745433a5f3

SHA512
2a5597c4552bde764100d066b0a97f576238ad52c6cbfc1e537a16ec454f6c191687d735f4965d22a729cb7f6525f43a9a177d7cd07402b2bd8665c4d8e1740b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ab190f95f80c63a6d5a876fa166b745

SHA1
10bf02e9d6fcdde83b9394f221d5dd44065f1215

SHA256
0f91b2218900055ce8e9156b85d8a4783b0086ab81ea3016f47b33eb78172832

SHA512
0dbed158efcbad3796799282982e59463117e3c5d62d51510d7aa5697d18d45bc5dafa6b57664b71dc213458e77d6130f4f87285a4ae7291a03360cbcd129da8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c80739ec8731d9eab160c37e91649d1

SHA1
71fc80be3bbea9825fd11c00e7a66c7a3dfd81b5

SHA256
7d32ce1d698dd6560576508a38720f9b59a22dfa1c8c8fe1d62093daf25c32da

SHA512
035e4e8889bab714ff87d6757c429840708d6d1962871d26028a85a5714aa5541b3a27166226e37b29b2f86536863725717c657c86f253bb8fef649cf0d7bc77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1161.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar11C1.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit