8ea0ad9ac1c659c99f47d44484b1fe2119b6052223907feeab3d2b76bd082a95

Analysis

max time kernel
182s
max time network
186s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0214e1766144f187d229a6a790562e83.html
Size

24KB
MD5

0214e1766144f187d229a6a790562e83
SHA1

741dc2f17e6307c741fe1e0e83e5e69293d17c5b
SHA256

8ea0ad9ac1c659c99f47d44484b1fe2119b6052223907feeab3d2b76bd082a95
SHA512

aec87f86f459ca610b060e49153556e44994ef6eb53c69c8e37df774c3cd05615efa252a8b0bbead3c8ba152933bb95d3221d89c03b66f0c8d2c6456e79ec7d2
SSDEEP

768:Si9nqxh4cpwOVe3iHxed5q4KhZjIAB1jHoDHMSVpbGT14c2BFfyO5YiPKS+0lLFp:Sa385jILxGg82FwQAe0OVkM3JMEp

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208c891c973ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000e0c8a79928f16669a5b239b8408efbebfea9d736b622ac7065288d4197e61e18000000000e8000000002000020000000bd58f6ba4e18b8b72fd0dff666639fb35f38feef6f87cd9bda3b6bce8c8301b390000000397e7d1a97a750faf2d8c6a6f5f273db56c8d618b9a3fa210c8d79c494ca2020aa0ceb7c41ec227a9a9c8d93c654c0a9adadd81be4520cd946f50da5fe5f9af7abe9e1866705597364039df92d53c72516712b6c37d3535668a7a579bafe8eacee8d5035a4b14f466f3b8ab0629e865a92b1e1231dff3f291f50e93fd643bb26ce88797e6d5d4fec8b72bf0ca8578d3540000000fb62f37aa1656609ee832896faa45e99ec0eede5568d24f9bb4009a435295e9f8435465406d1a7d52ae3122278a4df8cd82521beaf6b8b83dc427fbc5a832636	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410044202"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4417D3F1-A68A-11EE-BFFC-EAAD54D9E991} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd769173341890000000002000000000010660000000100002000000089e8f0d001d179effdd4a74f41779251fe53fe9217c506b721b490b24028ba66000000000e8000000002000020000000422a1dcaea2bbc2918dc140ae4585717144c8e8571bec9398aed9da6c2900d0c2000000072567baf47ed96bfe3abde622a775e9c24c8c2bb8000f70a590316852bc6849f400000002a22e909671ecb1a1bff50c68869db105651516cda6365f5475d4d82a5f6ee53d63646255f0bf95441d4472a149b89cdd8e9a926ca683a0d0aa0df4486ebc208	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2844	iexplore.exe
2844	iexplore.exe
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2924	2844	iexplore.exe	28
PID 2844 wrote to memory of 2924	2844	iexplore.exe	28
PID 2844 wrote to memory of 2924	2844	iexplore.exe	28
PID 2844 wrote to memory of 2924	2844	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0214e1766144f187d229a6a790562e83.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a77f6a19ec32551e4bd45c115a7eafaf

SHA1
c7111f1884eeb0909f3f9983db65b851dea3b5c3

SHA256
9ae929d06ecfe4e2af0739668e8c3202ed467abd62c6ca3e41396cb6ecca7324

SHA512
8c80dda1b6a07e7f3983f5887677555a7d52698954f82697839c590f407d5414c753949cb3740a024925f335d0f7c31ed835e51dd17b710d9112bd930d164953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c68a9e4cf1715443c3ee29a4c2c6ae5

SHA1
e9defb82174167750f25e6929c7cb578e6a7c17d

SHA256
7b5960abaa31364314b7ee932789aa097d115a8deb5d80e6051908d3388a3c63

SHA512
29571c2ef6edd1329711e14979e993c1f1ca2eae54668bf1df52f523fd0ecfc0fd35b886310c9fbd1d590e200ff1ebb2f4101a74c55b4892f46f66b61bbda2fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b718121112da700554ee8b1169621b5

SHA1
4e22857ba41b15ab6eaa0edc40b96196499a83c4

SHA256
c527a82bcbc5cdc6a91229301e9a788babf8cb94c29f4d340a16ecf2ae761a56

SHA512
aea9a9b5da41a24a85410497abc289afef4744eb3a0a33101d60c19967559f8a739189ae71dace2d92543fcff743bdd1849f83c1dc4056b3260272e21b46f264

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
513527f1d816b9ea5100931a3446b70f

SHA1
ab0423c848052f7c462046009411d46f9138e1d1

SHA256
bd23617beed5a4cb094ed85248623cc037a2693d6757ed3f79d824f7649e063d

SHA512
893b028d625751df8a0d64022e9b77ad389c70fb2550c830cf02b4ec48aacfb18aad3ce828389a94ac3aabf0d978ec09fab625d1944e186c8337b83e0879b78f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e740412dda79085dc41a93bd9ff4fd62

SHA1
a5f34169d3d2a0e041188b64ea03c5f102a8d273

SHA256
04628ce1bb45693b7b960e5dd2eae5dd00bcf657565dd01b30cf60c1830807f9

SHA512
0ecb46d9337ac55b435f585562404001c683a26a465a8e1f66a3493c6ef719d84af80cd7e93bc659025b1ed37631e49fc0338fed2f88fd8d51206f635433480b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3af17c14e2933a82e15420f31edb0237

SHA1
0dc8b7b212796b189f373ce81ceb9a881a7d57e0

SHA256
de5617cfe931b6db5f0eb20b6920efa8460935e912038b40ab82a469764fe75c

SHA512
f63d07c3c3e6e95a2250985b8233cd25c324731fb40c83b733799fcdca2ae6265df71d782b82d5766fe420697d542053b3cbb6d4a8fc1ec623104e58631dcdef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bd1049bbdd58f269174d4b09fdd1f96

SHA1
910cb409dc4682e38617d9388782a3a8556e2a75

SHA256
9bec9f61393c8ee9be3981c615b8bd066465c746b35c879d5625dedbb67628c6

SHA512
d65d6ce80b1bffd13fa644cceebc57b94b9056b2bf957ddffed615084b635d03c23b97a6e9562f7747a538cadce4c5882b428be2c59ccc2d188f66ab5b8e742d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04cf08bbd0a9a4c3c27e79f7eb6a308e

SHA1
2de9f8ff6201975d70f7b7d35fc4f143b367565b

SHA256
030b7a8430bc954b601fd4bf73624aaad885e19bfefbd6f02ceca3f09ac65439

SHA512
c4801d0694f679caac783c9d2ac454f61c7d598f3292a951d9079e161bfb117529e572c3f54c99d8c9777141a06a77c11ed05604a5e987049db6a558e92ee3bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b29009584295308142ca1afc2e35321

SHA1
ce315387bf776dd4e180cd7a5766d724e8546049

SHA256
fd7c0d7c858ba18adbbfd02774ac5dd6e312cab5df70eb0d0bcc9e4b498790db

SHA512
1a8feb7002831274bc08d16adea42f8577ed5cf17bfabe73a6ddb19049c6d5221edce52b38398266d5606fe89578bcddf9dfe8ad68d6a6d2195efec13e7dc129

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5aad3a049ea0a0f3cc9a419f817039f

SHA1
bcc1ea23b9d63a51c6f6e8859d7677c816919f51

SHA256
0d100d113cca57e97f41d446fa487d87993b3e9157733ed0d8996493833bd08f

SHA512
07aaa3528658f5a68e7e378fbf36ef37ac39847b823a337a5536f8f9b3d08c4e116621230694add7723689d9e59a3d9f623bf870a8ebb1d99f130ef9bc19538c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76843eea7a5b4bb9548c3e85c0c11df4

SHA1
c500b31e9cfd2aaae0b61e1c0ef49ecb10b6cd59

SHA256
086c65af6a3f4faa2898ac2048ff9bb0fcd3502a6083e3a3d346bfdb1837926d

SHA512
0ff9a805c169efb32124d08fd585114acba3651a954532aea6132108d73d77c95f3a935a7651245bd217a07c969fc031416c86efe1b5ea2c67837f1f2c81dc88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cff464de0da6e98245e237c3849a9bb1

SHA1
ccfa1dad5303cbdb9b80110947ec5e4c98dcd362

SHA256
44cc2722104a4f12bd9d1453f693410d09ccfc51a108a31e187cda6c9eaba720

SHA512
e0506f189c49ce69f32c26a812272c7c3b60259fbd3e27c884f682e0821cd441f329d6278e8f7fb23f1902b2efd7e41e76d53eaba8c96aaf394eefac9c06cec3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a6926982d07143f711ee27daf92eccc

SHA1
4ed2db598d1365ae0c44a8c9ec18e3d998d029e3

SHA256
c4bbfc1f07290dda5f2f71f89a4f59c78e5c0ca9e85c9ed4193f05c7092a18d2

SHA512
070cd8bc74e34ac81b37751f40fa7b3be57fdbdc7d4464e5eaaea0371d56b4727da89d583d2833f3344b61f48a4f3ab6c55fb4396cea92943e370e773f8055bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a751a508f59a9ccb9eac933d236d8721

SHA1
4e22cb406a4a699b3913eceb1c3632add505e392

SHA256
962f759fba2fb7e0abe2a9a195212842fcdd27143138d89b46112fbb429dae7a

SHA512
3434591aa7793ec6714c63267b354c6c49f3b824752834466f6c0a765bbaa2fe349694d0447a5af1d2dc97eec826e5ae483c0bc2aa30e7e1e0dc34fe6a59a6bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e94009d8571f1babc8a2615bcb69d273

SHA1
51aba746971d89f2a6d1e639fc06c5bbbdde1b10

SHA256
089fafc4e9197bf77980431dee59ba8ed8ae2666f61576f48473b6ed8e74e2fa

SHA512
83eb95e52e57a260d5daadf02fe5960664d4d9b34c7504c193eef9dded86aa17d5e500564ff027d65928156265ee6dac74913f362ae3b9823e3d85dc1f75be0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCFDF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD010.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit