ab5838cee39b14fe8b2a225d37948d525ae80640b9da5e5eb83abe18c83c27fe

Analysis

max time kernel
121s
max time network
134s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0421f06fef26279b2e12c9b208a0419d.html
Size

8KB
MD5

0421f06fef26279b2e12c9b208a0419d
SHA1

386865f7b89f0e3d48a037797d312d1f3c8903e9
SHA256

ab5838cee39b14fe8b2a225d37948d525ae80640b9da5e5eb83abe18c83c27fe
SHA512

9c00626babac7085e7edd495fecb8cdb3caf2dd99b8054b4a1b6e0cd9d18a2374e97ceb6e6556ffa3be642aede5fb2721e2f967167f7742edb0f0c1db24667dd
SSDEEP

192:F5OfeAMRyibW1HUxjyDYi9y4e1cwvNwD3ZqaEb:FcfRo9+0hyDrI4Ecw1wDZqaEb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90e14cf5bc3ada01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f120000000000200000000001066000000010000200000005806f4fe4406feacd987ae3124273f8ae189bf0ad207a17712662278a8e24872000000000e80000000020000200000002fa1bdf208b92610279f95e9806dcb73fb820416ff5ba90096c3ee27a649d47690000000e7b1b5c35bf2450380819377a43dfca97f020a809e067afffdd9cbbca1db43e0d6d24cd74340c035b4efb6bd961b8693d4f48a84bcd026cb98d605f8c352e3fac129174ef935556404a8e58c51342850a040dbc36bf85123f3f1227335afb5c86d83dc2919e832220dce17fe276b5f32041fc352d6e04f78d2d79f9e594d3d0ba3e87c57aaf1b3cdea8f8cbbeec833ad4000000043cadc7f699e133b86e7ad771229eaf17180dcc5af2f834e90a0a550bf312133b00eb2ca36d6d7db5372be7d06b5db783584efe2ac06e260ea0fea78c6163b22	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f120000000000200000000001066000000010000200000004a2d92ec7b8c199728f484d1c5e4173f6e4ce927e462f178dbcc713fbb4d882f000000000e8000000002000020000000a56df7db2431e9b92a6a9528f2b7308c4313cdb35357b88e7c5f773e5033967d200000004c86b5eec370feffaf6fee2f5a0ed36295e00f27dfed49413b782804442fe78b400000006490df5faaa4136585681a41bb26f8cecf5bdd6a18e0b28bfc422f0cb943baf9c1ad4842502c7d3c269a58f0e3247efb02b4af842ce693ce22e52698d7f02dcb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E0C9CB1-A6B0-11EE-B55C-66F723737CE2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410060454"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1712	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1712	iexplore.exe
1712	iexplore.exe
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2272	1712	iexplore.exe	17
PID 1712 wrote to memory of 2272	1712	iexplore.exe	17
PID 1712 wrote to memory of 2272	1712	iexplore.exe	17
PID 1712 wrote to memory of 2272	1712	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0421f06fef26279b2e12c9b208a0419d.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fbf571ad4875bc50cc3e0f328feb836

SHA1
e89aa12de5b0d5e2d5e82467635658a583bd267c

SHA256
4ee83036808b0a5f93ccf6b179ed8f47c24680c94d71ce8b46bc30ed0d53eedf

SHA512
99eef0b204fcaae76beb6559938b253a9d4cf0f1a6df410abfa48be7808ba84f07a749dac10ef5a1c3dbe06ddc9f4b5462d5ea103a298547568101bb78c23e19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9029a66877d49251f965d4de85efc1c

SHA1
a3aa23c3e7f91b90c2f53ca1fbb8574a9f3e08bb

SHA256
8de7d0c05b180c59b9435ef8611b60cb2c3ae23be3b555928b521410b58edb23

SHA512
fd95aac26000152c8c5e8361d5b2b540c0b50b0d0e5da883e36b4a7847cffda490eea70d8f114b8e0645ae207d131ff04d3311dac5423a4e1942c0cbb8353c12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b06cb5cae8580daedb0620d0054c70d

SHA1
38aa906ba1756884a8badf00955a0664dde8c5b0

SHA256
2c1d582ed65178059050530fa7f3b06a703cce8dd3c65bf468ad841b952b5c07

SHA512
6910872508881c671f034a1ee43aeaef006360f346e48ae4524df4ede246b36d27673eefa73560887d44e276dd7c34546c38495a720ddc8edeb80c0a10c98134

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59aa04e40d83fefbc1f7a7c6654e0f58

SHA1
ba873caee349567ccb9f61d6ecee1e656fbe191c

SHA256
223c7ed0b054f9f4e9425a06255f7e8f7fb071faae4008d7c0606723071a0471

SHA512
9fa7e1597512d8f6969586b44927fc0e3d25a3b41ec73b3b687b40f78c1b99ee6b5afa3f1d583d6ee61a6305d961b8a63561dfd7c8343a60531df1a5cb6c3a84

Download Submit