0936dbeba9e21abee2fcfc54428f17aee8bb871db8d5291b26d3f76ac4090dd1

Analysis

max time kernel
140s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c60170b94ed2663507713840a4e665.html
Size

28KB
MD5

03c60170b94ed2663507713840a4e665
SHA1

6df31506eee6a16925f65525b580e5bd9ec75f05
SHA256

0936dbeba9e21abee2fcfc54428f17aee8bb871db8d5291b26d3f76ac4090dd1
SHA512

b5287ec3e8b2f6f63994b4104a5ff9d96cdb1fff0d9e1cbdd485cfa68d17102e5cb0724dcff015a2ccc1ab3155841c01b7706da2c4f86904f15ed075d71c0130
SSDEEP

768:iA0GBVrtlugpl8V6jfHhuf2KJ52Fw7hdKuNlCytZw:iIBNugjBQ52uhHNlxM

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410069165"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F19DF61-A6C4-11EE-B58D-6A1079A24C90} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1984	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1984	iexplore.exe
1984	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2064	1984	iexplore.exe	28
PID 1984 wrote to memory of 2064	1984	iexplore.exe	28
PID 1984 wrote to memory of 2064	1984	iexplore.exe	28
PID 1984 wrote to memory of 2064	1984	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\03c60170b94ed2663507713840a4e665.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74004b94cd3f4b30634dadbf8ef8836d

SHA1
46ef8535e4c5e12cb3a5655c1c7aabea51576865

SHA256
06aaa56cdc7805a9af8da1ab2cbbe476fd652b5858977f031910d9fc4cc899cb

SHA512
de7ac13bf5a70c395df3da3b63ca5b07aecbf890128b40895cf5912241d92378ac87fb4e09e4613c698a5e4af379b3b46e563a3a20176a50ff7c2fb56009705a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef11a3574fa209bfe459412906e0a24e

SHA1
d3d00e2a17bbd835182a1e2e74332872cd98617f

SHA256
1e59e10d94e6b9555161e642d7a69808305a4abd9cacef575b6d8259dae59576

SHA512
78bf20f6e46d46f453bf13f44f82c195fff5d3b585f92ba511ffc8ecff04d79afc9d67671bf3ee37fa95a4d23029c3c9c5cd1f22384b17dd74242c7609fa0bd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8066f4f7e27bca213529a8bbb8423975

SHA1
1d9bdfab62429f33e404e67e8479cb8995d8d252

SHA256
03483ac395d78a0d58ba9962c0db1cface47832203a9bdaf9ab213e0e0fff826

SHA512
2379daee9234cb794ea9b9d616ac01520c1f68273bb1720e28ad3c5fc28c4092fa2038d464dcf6f1c2ad5161568487bcb6ceda6873cd74fef3779af426f3664f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7c5c52532cf512daf8f21d083dc458f

SHA1
54cc81d4fd8103342bd90ca314fa6db7db33195c

SHA256
c863efbaf86b920651abfab462c7e7b4a1cca9a91f396221cfa93931711e82c5

SHA512
fc3507f603e7548e6139efd71dbe70bf08149f81a3b261984722a3ce6f72d7a774711d5b61cb91da87cbd0150e9818ad69302e5dad15c6fb610a72e36e9f9a6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f6dbe10a34f2619f338190bfdf14927

SHA1
cc067bef3c121a9826661e3379af1296031e0bc5

SHA256
70cbfd7e12505c0cdfa2b04d5e5761bb6c2d0bdaf588267035f5c0db6c8bc8da

SHA512
424ecc606d1cb7f2a80006985fe2bbfb50d51093efc0734815ed6cc8a35bb5d26eaa5005ec0e952b04466d02491506f49d6db7405913abfec255b729604f3f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61c0ba1cfa9710ae4c9f861a53acf973

SHA1
431771d9082f23dfcd5988733576d8ce6ccbdb81

SHA256
d1bc6e78fe6ad36d20e548b7d5bf396c911d1c7304da51c88d08efb4b6ca8ca9

SHA512
a580b75a80bed49566a8e82d065e6a17c8a2b238094d8991fa59396f3105f69ecc62944ab1b4ee8e42271b2d117834b8677731ccde9d86e62ec75ca5a80d1051

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48bfb4b92f610ce7018fce33a047f7f5

SHA1
62fc6e42ae01a252c0ebe8fac931223cd710c537

SHA256
ad0159393be3ac7aee13fd3fecf9a39db475e3bbcad60f81c0edb0b507e8f01f

SHA512
d398ac4ab5368501d4c12b2c1aed2d52f4294a90f334b22af4c22f27ccabb562adac15562f50d7491c8cb11741bc155c34d6b1bef53532c335f8d6b37caa13de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b9218a1bf99a73727e25ae938292b65

SHA1
fc69920f9b2c918f2b59cd1f091282304c083629

SHA256
f5f232c11664be060a6a16f8a563a1f031dc6b55dd9fc6304fa7ec2b14c77787

SHA512
5774989841676f6327d2296035fde0c2661808aff0d06418168cda6423b0a3de9dcf3bf3779f9ac9f9af15b1527c72cfb5253190eac6b0fdc3f51a77abc19e33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b08cd700a7a036301e9d235f79d303d

SHA1
b843ef75da480ab57affc70e51d6e025661b3cf6

SHA256
8e793b826f49ae20c00c2c0545c35213851f66abe94fc55d72fd862cc81a8c10

SHA512
b47982a46c9a6878d2209c842580a2fb47219bf9429d84db3c1f08795bd4c5bef1c00c4d2dc609ef7e79cf18003a4b74fc5139f91e9d1723547f9bcab30a0c52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d0d2de0915574bcb652784cc4285f5c

SHA1
1f563626fe7300aaff60dda4377d3d424518b002

SHA256
02b4610327120741815566603f270e35a56bde7884bdfe29079b5c0ffecf2253

SHA512
6d9e691f8693f247ac2560491550e6ac2ff36cfd4b8dc86970ed0e5c7a76dde3c688f17c241839636db210e7f47ae74b8c8c6f0b152adca364fee577e47ff6c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c19dbb5356274d3c43bd089a7388f16

SHA1
02592587cb2672d977c5b997a507199fcf1e2c34

SHA256
4bd14838e4bc1f6c839b6586bc0be79fac41c16192c36cabc8153adca68f2051

SHA512
7b5e1c0b07299d6d95e3bb9d4927a93f5516426c557dd6ffb06ec0c7baccc01b93922a92e94c8e899a7c3ad465bb4701546d6289987c15ae2dff566b9448f019

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1683eed608d44cb71c2fad899dd69162

SHA1
50a41a0ba789d7ffee9af1b745914fe950da6522

SHA256
418ddaaa0b00d1e653a3d02c5804aec60f5c33782bf1a6b47f4f666339d932c1

SHA512
777721141d00f2f1d878e3057cf2d11dc85426d7cecdd42305b8b6d9746018bd25eb8f8dbf98a5705fad53bb1fc1c7760e931a5df6cc83d8d12788de0882d329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd877281672e24e3394d4c6bfa29dc5d

SHA1
754b512f32e0b0e7beba90f4af1e1c72e67e37f5

SHA256
2173cfdf8dc92aec03f3720ac7e06c93a5280399e2d48326c2e546c790babac2

SHA512
b754576f7adac04f609901e48f542dfe9222c58f9953233c8fee16a2f79fe8618e8f108eef1dcd8d02942d9b8446f0df1fd19194588023bc263222b59d7233c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dce787a539b22acb4c15158f0c18f44b

SHA1
02df670a176fcb2de066f36304396362a3c824de

SHA256
368355295aeab11d503576cef455d16b72febb709333c8cf1c4c201adfa7803e

SHA512
615337bd139d20e7db12e51f23c428b387b641a37271a2eef507f7c2787aff5d2e072d62eea6e58dd7a7956ca88c8938df4c847f94c19c230ff706822f978dc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fcd5fb125452f06b7d8464f72866d59

SHA1
af21249124271d574d8b754066690542afa2b211

SHA256
9a02a253d77aed47d23c3477cc848ef8946579584c353a5b8ae98d49eadde955

SHA512
288bfa1d04ca48cc33775b0d58d59ebbac9c8784a0b215a806d0a33620cbd685611602f28bd22234ee844e13f8d424f9681845e66e57a1e508e1e8a3bcc189b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eff2c5914957e80c5ae9bdc9b5005b0d

SHA1
a16d30c2316a72e6701361b3b51ad1e8b0d3da22

SHA256
a4561b36cd2827ce4523c29843578d386c1f85c7701e14998cacb60238f2f218

SHA512
e7d225b7b94dab9728077e095de08d7bace5478f66f1337a44796fcc142ffdaaf8ac98f97ad8af841b7c3d9a12b96aa65e47148b1ef2ba532a23cf8065aba5b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e516463628e3ac519dca6f7bcff448d7

SHA1
f8d15de66fe9407eda4c5e8a885b40136e86ceaf

SHA256
4ea174e4820241a42afedfa8620cccae2cdb1964931d9bb265817432bdbabbdd

SHA512
726064a6b1687e5f77f95d16c625829f06f9e15620d4a2ceae7b333e6665655f18449dd920e439992360593366dc71d94b34d7329e792fefb46d7ab3c6323cfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5975095690c2ac3872e681ec7c0bed8c

SHA1
d9035cdc76972ba288cd26cfb6676845afb3b57c

SHA256
2117d3b62ca004146b192e84fce643a2593f2e208ad4c7e7f19d2fa372847590

SHA512
8e476f56302b18357ca7a7b90e67d261a58d607850ebf2318594f1e8c0be1a8f839d0fa4af47085dc53bcb8597c38b91d6b3d2bc9628ffb9ab5b08d09c1d33dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbf6aac3d433f54013e3d6f45eca3a21

SHA1
6c15b0196304dc64672ae77ab985082252fa1983

SHA256
261604ec4a8c3bc917ceae4f6907c503dcf3b932da7319e5db94e53912deff7b

SHA512
665335895db63ca068e23f28fea4a4d1e65dac0d03824f41ada95f64a3b1e076be0e823eacafdcc0542f08af316fdc3ee18ba69bb85fd94976cd80c26224acfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98488f585db6e9ccf24a7c3ee5b2060e

SHA1
6e902e36348d5de371f53e44e9f7f1b8a04c41fd

SHA256
fb7f62cae9fcd399a528f7a2cf9fdee4f2cb4508426028a283073f6a161d91fc

SHA512
fc06f294d813d3628959370f18cc803b455f047ef03d2cb842aaac031720801b3e6fb838a6c35436bbf1541b8aeb8b2eaf6fd59c7454fd24a18da8c3340c6999

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7A8F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7F62.tmp

Filesize
17KB

MD5
c409e9b3f3d05a8f75afd37dc81d42d8

SHA1
e3b44b80d8376beaffbf556735373d42813c75da

SHA256
3de798a95b0ee7de50d2eb2fae267d973f6fe27e0108ec27ed7ab29e488b816a

SHA512
9988821e0d36efc1871eebcc426d08008e342c93ea46ad7fcf4d69d1019de6771c049ef4d88bf6b6ad2c5ff06befeb7d394902ab1167f979de48faea38cdef14

Download Submit