8afb42c4b53568fe4edcdcd0e03ed35582af578bd75f7713979db2905cab5943

Analysis

max time kernel
37s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1fea0ef7d1c2ee1109993024584e9943.html
Size

10KB
MD5

1fea0ef7d1c2ee1109993024584e9943
SHA1

e81d13aaa0d2bf0d1afca714bfc140e989deac31
SHA256

8afb42c4b53568fe4edcdcd0e03ed35582af578bd75f7713979db2905cab5943
SHA512

3945b3ca87e915dd00a45e6eb47d2d606bb8261a182fdcf030df8267d03100ca28b2d0c9dde06fa08887ce3f87d61a0b50862aa4fea50634d7e663713a26a078
SSDEEP

192:w0YaBsLwtDL900wbc+2xe1KfdAYE0NarlEg6L8dRaWYrLw+h3EAaoHb:zYaBsLyOgdhXNarlEgjYrLw+h3EAak

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90A9C101-A89D-11EE-9673-F6BE0C79E4FA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2708	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2708	iexplore.exe
2708	iexplore.exe
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2568	2708	iexplore.exe	17
PID 2708 wrote to memory of 2568	2708	iexplore.exe	17
PID 2708 wrote to memory of 2568	2708	iexplore.exe	17
PID 2708 wrote to memory of 2568	2708	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1fea0ef7d1c2ee1109993024584e9943.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7857adaa9ae7e34fee1c2e4aa036c3ff

SHA1
165b542b87fe94c077fa494ac1954806b5e35700

SHA256
ce5d99dbfff1eb4f0afe71eb1c4c8eb8bd05d0ac0f07a969a4ae3cec910be425

SHA512
ce26448f27284dda83771ebaf50ca81bad58af99370d5fb8c512588124084245b94175666cbe7f86f17b922a395c25c137e9de3d524495c0f7787c18b12cf65c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30937ca03442fdfa6a7dfbc7b88b6086

SHA1
4b65788f9b23e5c2a542528ded4181104601ad72

SHA256
bfb8d7d4f667605dba2ecd088cd409fdbb5a4274024befa566fcb14a1bd9079b

SHA512
bc294cce6b0d374fb04eb16bb11f71bff8a259e62459185b62edc0e5063bf1a2261b98ee3a2fd5e50f5f637335eb28b086d1368a9c1dd27bac1e65c5d232db88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eef396d331fe26ca919ad26dd22e86f7

SHA1
cdc17af468cdcaa8e04a76a90c66ba56a797a784

SHA256
469f9094f774eb6ccae0235b38edf0806efe5c825965b421018cb9defdd150dc

SHA512
0f1a7ae9b9766b3dd30dbf90228ae2d50f0761085945918a1b0980ad9570921c863fb7efb2ea932c83b3d25d69ed44efc4bfd880653177fec2ae523893201076

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c40e4ca693584988ae030ebd484b938d

SHA1
3ed158d4b9efb4d866cc49b9272598e25bbbed03

SHA256
fa0e3711aed52c748e8445a195673643e976766c0685777049d1d8b421304d1d

SHA512
6a1355a781721a9beb3b9c52dc7b7819d1bac2e73624e172d392fb7bdc249e6422935de6b8c3765ee29c01054a5809eae500575a632554f2d3083dcff3b950e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a44c0f35e6aec9524d9ca5c9acb14ce

SHA1
b10ee6c69b63077434fcc3d882d793ff51894548

SHA256
fca730350a10ae3d161cc1792a3dec54862fe8af0e34cf6c196eed6692f5c354

SHA512
3a871b7c4f76668e7f01d2b38ca4fd0a714738bfecdfbc9a964c80e7c5b09457fa08129b059031aba374daa4bc4b7bef2f093f5e0d7c3309b6a04bb87bc1df33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef0f7b6bbf49a3ec036d9c413674912f

SHA1
efce7322e9c9ca18827b2cd3c2b1d25109b69cad

SHA256
1e2ce848fd282913ed17e3e3a20ca5e09829cbf42a4e4865d4db790fad2cbce9

SHA512
e8313ab78da74d88505f2278433204724ddc46107f5cb0a030805d1e8212670df6a1e7776e3f4bc81b7bcc8253e6ca5786d327539ddddfbcba3b5bc835b1879a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d367511f2fff87dd5ccf28088e4d568

SHA1
019efb22aa1232555cc6c6bdd28d6a6473907223

SHA256
52a564f35167fc5e5cb07ebd915ff44f1beb24af0b1af7a6c8a527e735831a72

SHA512
414c49b9922ffc8964e36ea84165182aff11322f4cf2bbc4e3138befb943702430e3e324dd2b3cc91ac5af56b3b0176eb4e80b7ee601435b18ccc44c1f2f780d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5c1c6f42450630f54241405bdff4b0a

SHA1
761e6a8e54629921af819694c640ae7be77f24b4

SHA256
690ad61a1d2441b6fbc67670323fbb4417b069b237b92d9990dab19109f148dc

SHA512
4addbd616c62fa8d28023956f1eb3e8b2c6e90e4502987c07b76ed0752b92f59ecb694bf0abc65253d10d741f3f8f60c795cb7e4acfb9ac7ba41b72aebcff17e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26b1cd4fdaa0ce354fd2d29e65aa6e7a

SHA1
032324ba9b3cf7e340fb2e5c9fbfbab3c7dd2314

SHA256
fd675cf439bbfce3ad1bff0985e0d21d98721a5d625d89ee631b5e57078730c8

SHA512
5b2e837d9dedc640a0127c28862448170143d227c99dc3dbc15d7678c5ac4f79e9f56c205caad6716379a9b346fd2dffde662f039644906ed93bcd237ad95ac3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b14cd931ce158750255509c940fbaff

SHA1
2e29ef49d46ca30bc34e4c60eb57466b67cbee77

SHA256
8480a635ff5107dd88fe5d8d3b06f8ce280a85fc360416a44ff2d67dfd8ba33e

SHA512
33310552592d1e75f45136e5c0b980b260f15a44460fc47bb8cf939bd780ddec917dc63a2093c96d849d70cbf5e419b397521669f67b48c0aa61232668c30212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6518864671522849be4bc4c1b3552f86

SHA1
bbcc9cbba88a575360cd154769640dd39cf6dfc0

SHA256
dfdf401536a3c2c24da466210b78ed5b59ebcb66503456d97ab7e17db2b7a5d9

SHA512
d2e74d0852703c8c484411bde2c192e476ea6f229204a1ac0d302617d323503585c89496b2500ccdb6c39a0b5d641bdcd12e16785e514f9a44293b9dfae7a12d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39fce3f8c1d9bae35760c4400974ec42

SHA1
5ca860b40d4d87f843168134f47a180c26e1db64

SHA256
295e69895c33fb842290d091b6582682d21b3f5556794870603ef66109b4fade

SHA512
4b0583b2fd304eeccba05652e9f48501e01876cafe1884209059b792acb175fc817034c15bf2a746e7311d4710051dccb4fcffeb8a5df2557a590c38791ddcf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9641458a24ca2b045eed0933c900c625

SHA1
542f31636327c3e4b9c500cc3caf4f39a1d5de56

SHA256
f11f4963cb9b23741a81bc0658eae9e9d9038ece24aa26dbcee5db4a5db0c6b8

SHA512
e3abd475fd774f5e79fc897eae9a96ecb838fc9929c39fe067bd5f0c8cb407b3b092032a7610a4045bb23bc099bff833e8b7bebe7c0646582d886f0132a1a3dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF01C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF1C4.tmp

Filesize
105KB

MD5
61f7bf7200f803fbca002e67c29930f5

SHA1
5752b6ad9b1a542b54e8a177d8b3d10e808dba96

SHA256
3c1f381d0ff6b429f817073e4cf9a2dec9170d91ddaef4639098936d3f3c308c

SHA512
a5212000647de3a77afa0d1d5619515c58a5d29d84fbf312bddd8b0851b4d2fb86989869118bad4eabe14908c6f141f8c84fc3a5cc0a4775caf10afdbb1e7cf7

Download Submit