3b11002cb9854a139c7dc81ba497b4f6dac16d79eca73f47d9bbc0086ca48a42

Analysis

max time kernel
151s
max time network
171s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1faaa341e737bf22c622c651058ad4c0.html
Size

76KB
MD5

1faaa341e737bf22c622c651058ad4c0
SHA1

e37074bede22006636ec5d516a7a9b4c9b3a3c7d
SHA256

3b11002cb9854a139c7dc81ba497b4f6dac16d79eca73f47d9bbc0086ca48a42
SHA512

e03585ffbfdc51d6dff71613d09c8cd459f3ff1f9ecbee2d099085da15509fe1af9cb4ba9989c4fedf5245b033a6aa3e9182f12982c78a29a4e81733ea3c816f
SSDEEP

1536:W9KIPZR/nRkAXrfvsJ9SryVnf3TDyBz2TFXz0pHciHt9kQ2WHYXUz4tnCnt2jC8J:mRkAXrfviX+Wbtv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB5CBBA1-A899-11EE-82A7-E6629DF8543F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410270717"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2120	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2120	iexplore.exe
2120	iexplore.exe
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2864	2120	iexplore.exe	28
PID 2120 wrote to memory of 2864	2120	iexplore.exe	28
PID 2120 wrote to memory of 2864	2120	iexplore.exe	28
PID 2120 wrote to memory of 2864	2120	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1faaa341e737bf22c622c651058ad4c0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef5cbdd667953d01cc5cd0e610d16ced

SHA1
7f14e49917015bc507ddc8464cf9132566fdf197

SHA256
0cde84cfb6bd90a56ddd1e37089f7a3b219a0a4eaa6c2420ebaa8c6dd97f8365

SHA512
9ab6182efcefbe68916ac9457691f01538a183b1f2364749f5607d358d1bc66d939172323ca2053bd541ab58f89353dce5eecdd620e4503c0c43360870ae4a71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ee2aa91547068d372dae37024c63dc0

SHA1
18d5707ff88525105ec4be78409945990160447e

SHA256
ac3cf28cffec8c2054123a64347a44bdf54e8977c1c94604c0e28fd55bbe2652

SHA512
469293f06182cbe9b29ce78b645d29bfbb17b2469fa34ba00e8e65f19a59234b555bbf19d2f7e882607438a7f048ffad5deafbb2549123e3611a82e2952e6895

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c80420671f3edfdb6bbc6f1d358fe86

SHA1
833e2e4512cde737f1249508516d8d19aa9d3fe8

SHA256
15952355e4a295051f573a5db94ee8ea2df363410489e4deead3b937d02ecb9c

SHA512
23bf6c236718413d9e7c96cfdeaf8545bd0a2fa976336196cb3a9a89931351cf21287a4e3bb380a85d6ee6390e9d47f91ea2ddac3ac4315a6fe62c02f549262e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1885c09afe2dab8ed1373b4805363d33

SHA1
2928ac9d9f4cbdb1fc68dbb97939986605a1c5e8

SHA256
274babc1e9cd94a39ace31771eec4b1c1ba7464332761025bbbc5c8dc7fd1611

SHA512
d3c6ffe89f77570370f574f4a801a35399c3a584d9a622b2d6748f25e51d619b4654497440cfb4d825e489a6b91be8beb772e07a5835899dbb39ead22265361b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e88a03011edc46114f9eda933d636b6

SHA1
5933e74b7d273a00ecd68a316e2d33c41e1db86e

SHA256
661ad64a670ce532e9ab03b7127155498277a5c68da97221fd9cfcf3f60b8c24

SHA512
1c1d2326359639ada14518ca6ea4e56c18c59272793815f499f4e12085daeba6b2c80c75685b1b7152c41d00a563b4af5df48531dcb3b026084494b6ffedaddb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a40ecaa9f8e5958f41f0647641aed2d3

SHA1
1fa28730a3bd4efba5a4cd1abf8e2879243550cb

SHA256
d62c47bddad88d62dd4c3c47c611646f4797e35a5a3002d1299854c1958fe7a2

SHA512
dad7fe77235afaa2a05d59c2b10302b1aa3db2bbf64d63060cc0fcf95cb90c5edda38fa9ce902ea5cfaaeb017fe8708c62563b39acb226be992160b056dc85e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d6b9cf66baa57b3cdaac94c704b5fd0

SHA1
16ef0e2d8f4f606bea65c5e9fb2fe70dfeecbabe

SHA256
f912c323c543f1199ed4bb4688bc829a200d24b5dcbabf621ab7f4798d59ec0c

SHA512
01869b2adab3a6cfd290bde0ed227a39b664642ae1e5538ac5507c8451cc81196cc00d047c838a25444f1e80da8113b9c70841ce5710f2c36b6a011fe10f2a1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d8a62ff843cfc794903a86e93212d1c

SHA1
27e085f4cb180802e8f01d01b3e7b15364bbb7c8

SHA256
1a66f560914f0b97d0fad276ccaae6eea3545380d10b0ab00cf79877df69e460

SHA512
96b5228b718a6fcd29475902b52279ba5eae714ffa7518a01617cd55f331439c9f99a1c2d1001bf3b349a48d053c7c435a8d29533b1d05b5ace60412a07f8f4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3cbc6e7ad068a0a5da3d69903c2e075

SHA1
9721385b19ae383ccb6a6e324cbdc8b2332889d9

SHA256
f2145724117adbdda5eca5ca84c347ab39a80b6a7b4245a81da1aafaaefb9551

SHA512
64c729e4e0e6e067cf3ea970a5e674ac4fa0ba770f3add85f82cd46299d4da252cdc45fe3ba2894a8b653d33017d071326b79d3847f595ee05a5cce0e3aa2d14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96a0232848769488663a7ff501ec25f3

SHA1
b22d248b0403c9d0dee2f5489d1ec7539532f9a2

SHA256
926415d367e1236ac7ec77a9e93f40814a8bbf423f83909071a77230774e9ba9

SHA512
c8b9505aec34125c1b28a6c36ee64e524bc267425c5e215d5a7c33ff432cac1c8889e84d8cfa5af03b6c7272bb042b3fd8f6354362408f5aa82156ff4096dcf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d12bce88b62d1b17dad00abd69a0e70

SHA1
6b9b8968d776a55291fc9195356b3070115fc840

SHA256
645cd83f2b27d2b3ab20c9077f771341b2e3b27fa18b2f7065458c1a19006acd

SHA512
b7624c7d65da22be577e0457f68eb626ed8ce7562d6226cabc0c0c4779aef48c5e0d9b82a3baabce2f8244ad775eb0574243aa66287a7e98bb1483c681608046

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45eb506365b91204e62dada2ff2c69d5

SHA1
f5d615e542cad232ff70e8120147c2056c0c8fba

SHA256
226da2581c63a398178ca855fcfa3616d0469fad31d11bd8cdd6b5cc64d1a244

SHA512
57e7ccd356564ea7939f732b93978baf2ac77de6487374e1f25bfee674bd152d5c162a93530560c797600539b903e081b1d13934b33d7ef08fb821c8cff42230

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed62349ed5f15c915058a87b369e314f

SHA1
f2b56051d431260b31df3e220cfbed9ea1e4d596

SHA256
08502713544a0499965419846a074f1a4a27c1707b2031e8e4534a8be5445791

SHA512
703f6edb5d17a8dc16ffdd51fcb413c9edbc5bd2aed667c43bb2820e9944b188582d49d8862774053d8071fb20b3455ce701e356e987595c646f760ce85d2479

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24e6f91724c2d59e04f404390e0074e4

SHA1
33dec2be5fba8b18b49c77f041fa4d5f8aa39549

SHA256
ff01928d4b091c1947cda05d1d3737036fc774f1a5dd6ac62fb6aae98e52ede6

SHA512
acd2c8ff125c4df7a40e975728402b3a1e2371aefacab4ac4c8aa37c9c8c15738fe1d9cf4600179d4ff21c2e7229d9481edfee0c1bcd284ffb82eb4d97f53156

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a81f35c0b4f51dc7439856f1bdc5a105

SHA1
27e6593cc00bc3634b75e68ea3e8c1a8a8e9f78a

SHA256
5234a0a7ef599645b43be9edc8f76fb52c66141b58885ea7fe7cf6db5edde645

SHA512
70b9955c8cec3eabe65393e4a99a97555cda037b1c74b891c7065092620371ec77dbc9b5170848a24adcc7557490f8558b43825676cd1ccc1a3a4d350e3a41e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a24e2329a34af5209be062c778b70ca

SHA1
61589677e0466fb073ed4d664e6a00b6fc3421a6

SHA256
0f9572e1475ab0da28c16cabff1b724e51c5cd2534da2b2b5a2b91d95375938b

SHA512
c9b66e677986d784e7a4bcec817ffe8352b457bf19d668bfa67d79416d242bc74906826a31ed76f135824396e984dc38f29cfdeb01bd2e04963d6e6ff23fd069

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63bf2d1d4d992d470e7157d6446792c3

SHA1
f06222769e504ace0a2da72b83b74a480dc8d7ba

SHA256
48908ea811815d69d598bbf1f3d989e92c23b02d88b97616a5a44214e5dffd21

SHA512
cba16c6e989d7758bfd27c176f35b1fba80057c7e549ed7997a2eab6602f3f550fcafe352a111a855b72b07814b3273a7a1897cd1d4fb9d09341668b1b8ffa27

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB76F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB7DF.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit