e639e76e1cc94583c2375e87a1b07edb135bb3154d6eaede44a8d9bec127f8f6

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f6875826a90f46a97a0e50d76363817.html
Size

6KB
MD5

1f6875826a90f46a97a0e50d76363817
SHA1

bef09a368b68509db8df100a00a79459d7ab8a89
SHA256

e639e76e1cc94583c2375e87a1b07edb135bb3154d6eaede44a8d9bec127f8f6
SHA512

491a6d0457829042753805a330da01129c1992b2f39ab1b2a7f62c37e0ef85844599ff2f547b4c6afefcc542c23b9b9346bb4f84dcf85fb07b97a3a6750bed85
SSDEEP

96:Mp4DVjrsU3lWhQ/IeQoP8iGVEp8xn7rhKH8g66H7w+eCBk:q+vecIezP8iiw8xn7rouB6Bk

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000b3357a69379eba1b7fd36a5800f8da7c6955e6f8b861c0f6f5f49914d420c5da000000000e8000000002000020000000b48233c5cde94c81edf119ef5aac4792691ee475074deb2aec1b07ed95f28e48900000009bbdd67ac6e87ccc498eb597c0dfcad3b3400198b2078d103a8ad4711cc51123004f1f0cc6e1c0920701a48b92fb1ac751935f927d00cf083a34f822463b28f8332ef8202329245aadd3db65beae836393a95ee46fbac8b708ee8106a8afaac43c25968ce5fa91e7b992756c1800227610397ec2e584ea85c0704cf3832fcc5298cbf571d4133bf568ff63079601989e40000000f7145b0ffa4b61ec11d518309539513e733a2ad897429b4ece0c75e4665f4afebd65726cb176a04f5cef6e48fe134cc45be0ac30a1420ee9df200435fab47ecd	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410268740"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000a3f3127444478427dddfc4f3247ea8474577a51b6d52d0238bd4c5bd0634016f000000000e8000000002000020000000c573e3ae743724a7bc5549731c71f3d756132663a6c7693f6c4ab2cbaf25caff2000000032bf354907d4c291fcaadfc7fa0a0e6ad29192cf8d7be17e5f3623d19bc96025400000008ca0f8d19aca2e78553626da65a9969b666e13d911ea8c36e22260f8b0614edf73d6f50445b2e2932f23a51fe0a35bfd90caa2407a92390b84536096c62dbd2b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1107D701-A895-11EE-BA23-F2B23B8A8DD7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0e1b2efa13cda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2964	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2964	iexplore.exe
2964	iexplore.exe
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 1872	2964	iexplore.exe	28
PID 2964 wrote to memory of 1872	2964	iexplore.exe	28
PID 2964 wrote to memory of 1872	2964	iexplore.exe	28
PID 2964 wrote to memory of 1872	2964	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1f6875826a90f46a97a0e50d76363817.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0e14563105eab4d2c36bb45d37062d0

SHA1
c34db93dc5e587b7fd6508a000bdae11193c0434

SHA256
f97d17c311aecde09d1fa1e1cae4f7fef19c396919677c88650adf0c01dcf0f3

SHA512
9b805cf5f76223c9dfafb5e1c1d4a12e6cf34ec0b54cf6c34fca3e3e2b0ccc1f7d2bda0416fafc3e0d741bb00d492269987615ede56ee7dd262bfa3df65f3ad7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cc622233d53eb1e34ecdf53ec6bfd37

SHA1
9e4ffdb6692a335314e61784158ea5986b017e20

SHA256
81954dc15d8d5f4a6c6ece33ab4f2eabee3ab17886cde008a4e21f9771742d4b

SHA512
7cffe294fa84ff7e70f65e44cd104d6cdfec944e4a4282667500635cf9bebecf03430a80ef928d4968257dc6167103140d3e1bcad2d4559d79bf27ac1447c969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11ebfe5577a68ac6a705c07c59a425ba

SHA1
d455a221baa9691a0aaa98b0929d177c0537debe

SHA256
b8160a3f167881cbc073a7db9dd402e09c4b8815395f50eb6b90eb335f316885

SHA512
d14dac22c7ee91206372e260f5555bbe3ac42bec05629d92a08ca20c85a42f2247e6d379ea823da1475e87c674f43bd9d0c5aadba859440a48250a3eea2897c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dfbc80d08bb2f1390cbdebdd766de55

SHA1
a99e403ed8d5a6b86ccba36c6f837f5b02ebf832

SHA256
ab2aafd6c31bd6e18fb830ced7baf02096e3d57234102c3bd6eb9d43415d525f

SHA512
d7a6b1813a3d6e6f6d39f4bbb617695dcf3c408a1bb8604838eac4280eb350412a2d4d866e947f3d41f251a89f0d1dc1614f6a5d174e08752187ff4dbdff72c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e975e36f4787bfba4ffd11170ad3495

SHA1
ae72b1c8e17e9d19ecb55efbb18e014a1c84ccf7

SHA256
cc32d1f7c06b3d3f34c454b1e78b80f0115bfbb9e2d6abcb67cafbf459bf165f

SHA512
69ad6eda84bc6398d115a547bc3d1a76a9c428c4381c3d8c6f53e71e3b0e2e1da4ad6ce992924d12dd839aeb89a1b05bb426094c4194941e4289589ce6c3ea4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18a42ee20ec33032bfa92aa2ed3c431a

SHA1
f1cf458ad099272ad1f1ee63ea19420aee2b67af

SHA256
1fa458739efa58be362c96bb3869099d1e46fc639e346a5e22ce79293fac2f0c

SHA512
c7ad00c5a6535a9f7f6b813f0d07a64b63ed82e1b0c8fb950c3bb0217e735f9ec1ad4e977dd5758e0d8ac07decdf3ebc96c082656c26a5aabc34d5becd494004

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76f694db0663057430f2f4e741e49a3b

SHA1
e2af63598c56f2e865ec025f9a8b8682ce8f9141

SHA256
ba847c36c0f6aa824b8d80f8503b44bf70b1b26092d83ccfb8fbf8c56f48cb17

SHA512
592a5103730773d685b6aedeb948f779c0956c08ceb2f96737f1a5a0bd6ae21277aa58d459747a6cd6f960d75fd1a8baf789e6fb44851224a05c80b76c1c397d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91cc976f553a858c1966ee7482f66ddf

SHA1
15643f0b749c66931efdf0c13a0cdb41e23d7980

SHA256
a16a7a2d9f5fce4abdcd7a28b402189ef63760a8e4378e7744c636a91c63cf51

SHA512
9038ec5262a52a03b2530d0eb574c18d65fa0d68baf9a84c18418f3ae5c73a1d9bf10d5e4e53704a6e11393ab6c55c4165b6f7f5e971f6380882508e1c522ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76e8d34e74551fce1260bc3f0b126cd2

SHA1
c48f58f988614b837b8a24ba08621699c6601062

SHA256
869c1c4cb2a8a4c9b6efc2eb791cdef195f02a31729d1341d91f5a5aec573fbf

SHA512
a6b9d7f827cf8e89b94ae0abed7bedfd4eaa86a5b8d2ab7ad68e0a4b173984971499ee1106ae485a03eac48256cf8f2f5e8e5d8363b34546092394cf4d946563

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba30082970261f5ebed13fa863033f7d

SHA1
ba04103304be14775e0957060763df428eab177f

SHA256
a49a10376350d4c58cf4ac80f59f9f00053573e9948784f3b82d62b2eee1e59c

SHA512
ab3b8a8a04f3d853c9d819e930d2f380c5640d69e4f6a16d4d9dd47303336ff2da63ddc44c04ee103661122f57f25b68d2e211e31002d1be8780a549db2aa363

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c011079ba05f4b551bd6ca1b4a3993fd

SHA1
0108e147d3ac35332e21ad306d53cd54492cd464

SHA256
c8ed10e03a8db3f8369e584a9453dbf7eaa4be5013f7774b80159077da308918

SHA512
cee6b4c8d4287f315b2a4060845ab877bd2a88ee66a524e3c64c8103d77bf02345982219b11a80bc48f8952f885cca7bc937e147bac35852a3b6442fbe539cf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a74ef626cb300428cccc1ea07324d54b

SHA1
ec9898bca136e1b1a05ebaa3beee72c6ed465639

SHA256
81289736e204a3bd3e289abe1bb7b577ebaaca424614e4fe26ee341f8b07e294

SHA512
2997846d319e64ad85c31c2b25ab625c5b2b0ec0495edc446831f70164dc626ecf2aed2bdd868db28b1c25ac466a6e9c31ea0613eb78e8588248c85558466601

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4158b35a39121392ee5ac5f56c800231

SHA1
7f82cea2cf42d8194eb55a2a3406e122c1b5de21

SHA256
713a766805d4967b35e74b0a8a7f14cea6272eec80e5385ff9ace8839fad99fa

SHA512
e12c07cb1191f26e55d128b2090ec076ccd918912c680f9dbb2ed5d46ac919354a6d75467395a7764b34d814b087e2369ebe7acca7dbb6a96b7a1917239bd38b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d31a6be34bbd40b46c5ad19a14d8ba7c

SHA1
1e586a1ec71917d86f667b0c33981b63f40cd157

SHA256
96d614ffde562dca1311e51a1a285bdb7f08181253a810e51e2e94b58d188472

SHA512
6b3e07b7067b9b95b12fa8b9cc5770f411cbeec1ffbe959adfc2423155e9b8e1c0e81d834e3118ef0b89fcc766a2a9e59e483dc247bf90da452b9d6874995abf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05060cae69ac2c0da7a21cf0bef28658

SHA1
01f2f883500423544aeaacfd67a833dc55877ccc

SHA256
cf854998fb4b68b39cf8251b38e34350f03fd18defba03100b83a9336953c68f

SHA512
542449dae766e0831a799a2c47097353feabba00f042f3d54c2eebfb7df953e320f73002e9b1c1c1336acde266d8a4fb5f2ebb4365fcb45dc210e68c0547b393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93a54be1b098249f06c3a3a105ce7785

SHA1
602afd785bd123dbcb269f193b896fa759907d9b

SHA256
08cbb3fc6de8ba78e2bcade6d9325e1c76df2f9d52056970be9706401422ea16

SHA512
a436587e003806d68121b766e431de7f23b7daf225b6148c237a16ded7ff8b17be033654634b394b882ff47f0a38bcc7415043e2ff4e02c6311619bae05a370b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e08e84bab10327f8f08e8dba4c732f48

SHA1
c704ad743351c080663a0e6041cb00f9dd38668c

SHA256
cd9285bc292abce68c33ae53f61247c64121acc3d276d2ae56acf3e6e5e2326f

SHA512
07f6021ebfd89251c24474d1c6b6190594327aa01a7deaee00be48e7abe6b281cf7a5beca2503a9126e511131a58a97168ed925504e036eaaa63ed7ed1976bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF26B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF368.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit