bfaa2b5fe5463c9ad5e12f519a38a20f2743bf48d6dd8bff2b0f0d75e738592f

Analysis

max time kernel
2s
max time network
158s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02bad559eaec3c2399f1c0059eb9c369.html
Size

895B
MD5

02bad559eaec3c2399f1c0059eb9c369
SHA1

62dab6a34884567ec2d3b6a537bd8c26b7e87e47
SHA256

bfaa2b5fe5463c9ad5e12f519a38a20f2743bf48d6dd8bff2b0f0d75e738592f
SHA512

9a97023303702924ed90218d16de6d4d3800da98ac2596f357640b633bc8f83c266c4f160f14d99b6fe9f15d034253b4735d49bf78373091b491eb6d7e04a207

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 20 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3245CAE1-A696-11EE-91D2-EEC5CD00071E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2192	iexplore.exe
2192	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2700	2192	iexplore.exe	17
PID 2192 wrote to memory of 2700	2192	iexplore.exe	17
PID 2192 wrote to memory of 2700	2192	iexplore.exe	17
PID 2192 wrote to memory of 2700	2192	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\02bad559eaec3c2399f1c0059eb9c369.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
  2⤵
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c1fa1de36026bd6832eb84d9fc5eb38

SHA1
135badb9186d3ab680d9eb6920408567c6f21e10

SHA256
b6e2ba888ad0de0567bb6db7436d8a85bba7d0e4db60ecaddd8ed46f873e47fd

SHA512
dbfeb832c6ec50b6b9d45c248e712cff4a07bf1c69b4814fa058fa28b13a0657558f01a023e4c0876b1b426e0d8ffb39a46e2a696392b25b9dd1ff8036c43cef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac35ac00c14432fad19cd68eaae0f9e1

SHA1
ae6ab91dacd136ef713179f68bb1fb8b7622226d

SHA256
a7b5c4bda8caf546538434a9ed4c83c3076254de20e3f9c56af90df0500b87b3

SHA512
894f6c85af0d7069e3a3062319324cb7d3e9f36dcf288fd72e8de8aa5a1be9d86f35c51fb812f6e12b096bc7d026a9c462f515cf327e2ef2776e112d5224e7bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f231484f6e6bb62998900a784c3a31ba

SHA1
d8f8cb6e7e504d281a31dc8422a9caa55316e8c2

SHA256
894665c5a1de72a545c9559c94e274547615e968b5ab9c331f8ecf7fa680cb7c

SHA512
572b02c11ee92c341200157802eaa8ef34fbf7506e5cbe986adad121d1b9e9892e62d64e6387a66240a023ee166f0684ba0a850645bbebf4c25dc7d3c7865734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c73d1592c62059ba4680d0ca1eaefcc

SHA1
4ff69e1f9618df88890f26d5c2b572674f62c8ff

SHA256
3583eb9e0b662f0999c0e49c5431cb9777a419fa656db12240d5ac3985190488

SHA512
76f51cfaa6725061a91922106944266a333349925bdbe4d26a3d105d49a8e977693f934564a8ca292173570b88872af0dcfe20f6d7bf7c0c9ee0618c4f757b16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1a88e86a5171fb9050b035f44c16fe6

SHA1
bdff6b20a976cefe54bfd5ae4322520a8755ee86

SHA256
a2c4b5239b156fa51298a0634fbc6f15aafbb566daf6187d6bca3e0deba174da

SHA512
b79f94b28b55670a4900edadf8dfd536ceb967958406ff1c15d6168b34dc5a940a59926b506fe6fc891b49931b403ea3e69b18eeb7064df36a3fd9af38c2209a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f4f79d4d32e6be49112c8e28805104d

SHA1
77049746875da68e83edd0a61a27def3d21d3133

SHA256
c5c709e9ffda70a27fba2fa67d7b4877a71718431ea03ae918a3615da813bd04

SHA512
3920ac736eff4bf918f991dd50c65c5c63d2cd8093952943bec2fc696c1aed56920be6f4222783a598edf05087edd3a9ca3fac678151db5663eb252f0d3495e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec545791d45bec1f23154656a5da13b8

SHA1
206f47218b250084b900f736fcacf9005ca2f1d2

SHA256
cb4eff9e1b8987855935b5d73e45e5db70635e03e6fa3e1c19283955493b8726

SHA512
2836ecc85062b22b15b4015377af916fc6478c3089ee370079f36178638015a9f24aa68d214ecdfc9cff8bd1fb869398b3126e243ed22e9f63c655c03d0042f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0c789213ed66d1ac34c54d3dca3f617

SHA1
4bf8ff4d3e82bde93ad42deb1ae348b9ce3072f4

SHA256
a4a93efba98f56632810d7f22618cab2ef6f7ba0261092474491a15671801360

SHA512
0d1b3a57f8b7d1d73d256b327595ee841652d7797ecdf06131c9be292823283867af8e6e04c60a6b09b10e06c24ccb42e811ca9e085472f8e679b9bf686e4180

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e22d9387816d45f4bd26fa76fc2ab5f

SHA1
8d36e3e7c3802cd601aa4d97906e4d86e229ac76

SHA256
93098a53fd37c2b6933efd5ed1f56461bc9cfb2ed8bb9bc30a58475ed839afdd

SHA512
448c48ee08d43b837c9d9fe16571d20f80ba2de719688bc08b37bd35adef80409a61ab70f79e38e70a59eb4424f38379a88c0504715263b58e8abbd960034457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44dcf8e283f7de2fac0a9b93c9b4ec18

SHA1
2d8ac2c063ddf3e5df1ec0d9935a5f1a6b107c31

SHA256
4e503c30ec9356ceae2414681284b60208d600dc034ae05c7e26be8813f66b0b

SHA512
ecdf56ff94853ea638611cda3d7611712b724ed104d5f44afc44d9462a6004b0ab70db68f52d941993285fc8d0e6f04e9841816f25768d51d2edb7bb15d42c00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec7927693dee924bd95d66eb8ea5712f

SHA1
43634244eedf97e33740813de51ab9e6411b3c8e

SHA256
f442125fb9048bd293f4eb0170ff6ea0eaf1cfd02253172d70613009358abde0

SHA512
1daaa8c010852f3e54be373809e0d6ad6d6581cfce58788b7218ba2e02186916b8d6a912cbebe386427a42b0498ae96c184cd00180bec39ef959e0a7d98e3964

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67c6fc8af57fde82e4e2cf3f9c9a0060

SHA1
ada42627284e190c5b4f28dd43ccea5d65e66e69

SHA256
a509018f6f61045cc804af0f9358a16ae6de492cd46b86ba3a6880b5fecef412

SHA512
e73e3772347635e247fb8c6bf798cead2070e5238a72d59bf4046896cbabb0ec112d594e901d505d5a4bce9b45040a5f27a7db512a3af6dce6a0fabceb99198d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9897f71ea3cec1e2f86fcbddfad15ca3

SHA1
b814ae2d25a8caf5f9d9142c2e594314250f41b4

SHA256
2565b88287cf1742251f104807fbe9edef2f5cc8da8df8675928b4504e45fdf6

SHA512
8e9ccd564bfc069e5a43380fb915ee4b181bcc8ac4b3f0b3a63d9741ee36237766a5f978da968aa0ab51d337b6f5794fe1d82d05f27ee7fc9c3141f3d0ae1710

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5044a724aa1ca064c6e5b4a67e7d74e

SHA1
37f231cddfea4072b59868f63b9d5d87fc13e255

SHA256
93a5d180bd392fb5853c9f3d0853ba62a21f8bdc5d1dab0bbb884e1d33c3fa25

SHA512
1fddc6e0a9fe829e9b67c93c1113756c08dc657a76d91cddf656c5f8bf45f9c583d36d477209c210ef1eaf17f533d271ad937888b32064f77393983aab5bd4ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9f095997be98d521fd45051b19fadc4

SHA1
86c25bcd77acdfd5d5d0a63ef0dde99aa2ae8b91

SHA256
db522898f3482c5f9ba675279c2b74bf0b4f89cccc4bf241d4b1de2b9f362772

SHA512
17f9c66a374a336658c5008861b8fe42ef883b2d7dd43744d0d3bb0d094f34811ed12671dcfe20a20c992404881eb226b975a4951ba0dff043ecd7d1695d575b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29fea9ee29bf174291da34119d505474

SHA1
4dab55e14c48b53a59291bfb42473deb94576c5c

SHA256
a622e768e678143f953a1c33a70ab61adcdd16e9e3ad51848bc8d72ae455c1ac

SHA512
941bffba466a6a55bac734f793b1dae106539c675b5a6fa37d77a555c7dcbc0b790486da4ea767013848646049438d10090bc0793d61081f81ca7767abf136ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a553d742d310284808c7f659dbbfaec

SHA1
ddf8247d56ff92ae444368975433d47200f8ab60

SHA256
4a57715c92828a949e89fea923afe36759821df2a08308ac3d29a6f686170a52

SHA512
9c317c9bad032e72648db493b4a49d213dcabb2451da9559bd062b29d676b2a091e919643584344db376ab0ea687b349435aa6ed699e070ef729f8e5bb293236

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51fb039d8e1506e31ee6073ce0fb7be2

SHA1
c2cfc06e8920f7edf36431ec457bea6c4cb4252f

SHA256
487798f33706c63fc58ef547b43e8b9021c36a2f35291e10d6c9d357ff5628e9

SHA512
4f915f14758a83033a20b183ebb9d31b1573066aef1c08232c280e840c3a8404b94791618c02039fc967b4ad69e81c456f4cc48974cb88d0dd2ef3c601a17d49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c72c86dcf335068f4efc0396ec7a45ea

SHA1
205e0dc356d06ab116b9cf2f4d5a85a9edf988ac

SHA256
0c68a29a1b16e53206f93cf3afa8c399353bfdb1b2149d564d7843412026bee0

SHA512
ff12314024297798835977e13b66894842e9742c98a0c0d99145caebaca252ca1f03a09867d69c6c14cec64eb7ced5be1d5935a12ee37a9b0f849a791305d879

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a2776e67952a8fd824f22567929e9ac

SHA1
05f075ad208f7dd337793655f740dab6d8fed50c

SHA256
dabed404745bf85c022d58c77c3a310e3cc51adecec5a4338b7d2c5617bab890

SHA512
fc85b68351ce31c5113af4d9a6b05d98ca4f418b76a980208d968fca8e6c719e7d1e62bc027de389190039916e07615302c19e99f245d8e84c5c73ecfbd90125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat

Filesize
1KB

MD5
7747dbad80ae5e5fdc8bdac4d86926c6

SHA1
e2420b6f11ae08aef0a519438a3d4ccedf70c2e5

SHA256
d208979aa7a74ed84d089bdcc335f31ff73d68ee6af3d4c856c2f2b53c3860ba

SHA512
9f3a442c29ddc3830e983966e0363e17c0409da8b80649143f3275016ba5b5ce3514d0cd1bb045dc8209dbd40227215da4a40284df8e8692a003598c1f4248e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSNXCBKV\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC6C8.tmp

Filesize
17KB

MD5
5491475fd56ab6b74b9266b1252f3752

SHA1
f2b49f1ecdbee2ba9459f21178023ad3e66e4cac

SHA256
4d294d7a358070ad504a1e85e8d7be11a3a89b13d5b24847da9d8c4a43693269

SHA512
9e6da009b2cfcbb5f5088c0009d358118f1444111bffef8495e775f0e7141cb049d2f092fc1ccd15ae0756aed04e4b466a360061fde1b27fc6ef9193ec94aaac

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC7C7.tmp

Filesize
85KB

MD5
50052e2f4449d9cc05d1ec950b06514c

SHA1
5b664e48bc729f8f8783ae5d2e382e205503d06e

SHA256
db65530b16bd17b791d07288b12510afd106b0211187932c76de810405e02c10

SHA512
450addcba4db506b5a543089f3831d2ea665abc46e5869747ef46a4e9db181080ac4545e22a520b418cac7f67b4f4808e5c983f4be7c1baa193e63497232d160

Download Submit