0d5b6893086190a9708b30829cc9abefeb0f3759613dcbb5573c2524200b2096

Analysis

max time kernel
73s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

202533facb74ba241f32e0165199e6f8.html
Size

158KB
MD5

202533facb74ba241f32e0165199e6f8
SHA1

b3459c9b22fc2bde3fbe15355bbf7dd38e23f874
SHA256

0d5b6893086190a9708b30829cc9abefeb0f3759613dcbb5573c2524200b2096
SHA512

b3c674f042ea378a66cbf34f3fb80b855f946ef057c8b21d3e6641564648b11d2ec997b06b32d93b1b6108a8ffe76845315c37c5deae87965f9b0f1a48e81fd0
SSDEEP

3072:s6TLy5v7EBWTUK1b+3TNDv+h/riE4jKZfsgphFL:7TLy5T5TUK1b+3g8jKP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000ca84165de5d098b4f877e449ce5e7d73271397985c7d14327988c1827f45ebc3000000000e800000000200002000000018c9ffeb99f08c81857fc8f39d1e83de3003ea3f3fd657b16cca571eabe4e8182000000066e1fa502a4363d45337b7af5c2def803f143f2f818373378ec872c4ea0eda12400000002ca9934146ff744949bc454aeb0031516d32c7be4a2ae3cf908b6d31b30e95cfa7fff21a19cf0e012551c4ad09e818c4261640bc3733766567c605097934f160	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e09eca99ae3cda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D17A3441-A8A1-11EE-8D93-6A53A263E8F2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000599cb73e3a2a13ffb1d6bff2a84457b788a983d24e6f104bea8ca4e787c44ee8000000000e800000000200002000000058ace09375b2631329348b942b2b183efb3b1fad7c442e6c9fb03f1a9da1219590000000e766e32a0cf7d187540f3b288600cae2a23be98843201fdbcbd8e5d38f712593a1350f7cdafe13bfa246bd3b8527ba182e9bab655805452beb34dd2c8ba28d71fb9d881bb2c8036f005eb718f2d384556dedaa1d5bce0b984612038adaf525b2b978a53e729cbcb60dda5465a03a795852d813df7e231ad8ac5c853b535309b0ce2d9eca19ed0a2965acb1922fac88e740000000674610f35ba264638d8a468da87f4d165932855b0b25c080d02eddad4b30e209dffd1484ef9ab43526170ae425459134e26e18d29ca91d88d84f46e8ad440f37	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3036	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3036	iexplore.exe
3036	iexplore.exe
2980	IEXPLORE.EXE
2980	IEXPLORE.EXE
2980	IEXPLORE.EXE
2980	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2980	3036	iexplore.exe	16
PID 3036 wrote to memory of 2980	3036	iexplore.exe	16
PID 3036 wrote to memory of 2980	3036	iexplore.exe	16
PID 3036 wrote to memory of 2980	3036	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\202533facb74ba241f32e0165199e6f8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6e1f53f260cc889ffff5dc0c5e5ce10

SHA1
c81365399ca0942dbd802a60ac37b7435c422f8a

SHA256
c77a72f7bb4de37006be2044ecabeb2f8505b8afcb4cc5708a0d2c86f95f147c

SHA512
faf50227b2ab3e24437385810604d20c6e68e7e268a6e8bdf67bdbfb63f66c560020602fa1749917b11e272affb1970ecec6a06c2040c0d679edf694002e6e8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfb116a6a05d33d7e47c928eddb7c38d

SHA1
47cbf605d631c0bf52d69c90d265bdd61f35336c

SHA256
7d84a092f3602bd31f3747b09627439605feead45f77be09a22f05704dc68d0a

SHA512
2654a4340d30018e98bf11cbdb54881ea10d68fbe8f96744ad4deb430eb887568f1ec87c6f9715a1b7089f13f0bd6d51182860fea141207ef606bd2baafe41d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9365faa4e4da7b41812e5051560e1129

SHA1
29723051478adf63cebe938b34adba3cf045ed30

SHA256
a1ab370e07fe255427891f83e54c7f842f3d6770c95b39226228ab78de62ee84

SHA512
3ce3ac8141d4fc3d28001e10d3f3c6c5c52b5ee1b6671aaf5eab143d8eb542a33a09ef8b4fe6d449d12625dbaa33de3d45ab97da34a1126c75c7a37866a93786

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
720694680b5ce143ad5550babe9472bc

SHA1
7ce874dd1544ffafb063e6910df0a3d0e1c462e6

SHA256
a52b4594d743ed06fa00ab51dfa705069b0b37f9c65933bde3a5c0423c5c8af6

SHA512
0eb5e87eb8dbad2519a11b33fd9d1dbb27cbcf1a75e2654b171c8afc52deaf47c96a5ffd583c77ab0ad9ddf71ce60597599b24f044e4cb6c85ccabe462606f64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dc767bd07f9550a5aee318a33ac5428

SHA1
b5be2bd191c590a0687c2bbfcc6aae7576811b5f

SHA256
7474ee8d4cf58bc15755d17114e134b28774695982ca030ca167624cf0fb4190

SHA512
92ea52fc463a276be3e2dbd8cd3a7f3b7bb0e54657f65b6d96fe1bc245da8d0dbe3b32403abe55882ba692a2776e9a281b11d806ab9d64ea03bae6fde8da06e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d42f2c0ae3f055ccb8809b563ef55de0

SHA1
0021faf227f42798beb456775902124e6ba21af6

SHA256
7fd73bdc9c96950ae65b14e2addf67ccd81d92f2bcb53ba978d842adaec35572

SHA512
4e649380cf96d67a2a70bd8e35f32bbc9046583f434be43b685d2b34d720f5985fbdeda5c3b13a8a2b00c33eb9ac05d664a93231d9a23bbe292ad8b009f2129b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d715c60ed23cff04ba55c11461a70c30

SHA1
f6fe1d7a3bef4e35ab4acbdf1439c3a0f3b3c616

SHA256
b43d2ec94868ae512110218f557d65e98d90736f21860933bb14b7f7dcfd97b8

SHA512
9056a711fae7f932f869aa483b13747b9e70510f1d74b5fccc8df6c8e25240040accf5b404617d8839af3243149b3c39ce5bf3f656c8cf9e9e32a0c5307fac60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dad6cc98111d4de344264c042fd646ee

SHA1
ea6b20182de08ac41c7b0f761b7b250332266141

SHA256
fc84beb91c854e2be67ceae6fb4394d324f3e5d7bd79aea112d77399f4ae6965

SHA512
a7b451cf7d3f782ca17aa9ce76fb3a58131d300b2091852b4d85f32a86605f3817864e4f83aff048e4ee21f410105624e49c375e888604e9c0d99706036ba73b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87dc5d24b883da4600ed1fcc59504412

SHA1
12cbda0af474a5f4a85fb6e33f12a49fa78d4868

SHA256
454f88fb8147d8e533fcea4b6b7cdee0a5990425f72be4b787417c6e1ff925f5

SHA512
6168e8c18caca5afa1db07b8bbec058a3274a2deea415d2595c82ad5f61dd2c02da89fe13875f61e340663ce008e0aa565875f28ed74848de60df0e1b54e75a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d96220109a2eaf4346b3b502a354c602

SHA1
a6ec5e07cdcba76ffd8a32fe48fccdc00f5adf75

SHA256
ea4c247af524fe0edc637bee186a2d36f84dddd5a9b33ac3576a3d43d8185468

SHA512
cc96fd6129e818b5494fee40af44fdf6535d161a927db0f5e8fef78fd9b65b9b43e52639e8ff334ea6dcaf7a811f5c6a1e7b9e2334671a795b5fee0e193cf706

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0d4a8c74dcb225f2c17733e7511ac89

SHA1
144181ef7cd984c97a98f54a74238ab1ef048cfe

SHA256
9db911c95ae5ba479dec47b55d1cf8c77c9ee9c0648d87e89e157dbdb1b836ce

SHA512
8ffc39be09167bf46983678964deac1454d096012346eb4152c73c2762fe6e95172bd50b7f60acd775719be8997b5738dbe8ff399eb3192e6dc8fa691c69cecd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed8090bc27a646946b3abd2bbd8cb361

SHA1
f9c5b57e3373eba368f1599de571c1747178ea97

SHA256
efd473e72b6d63ddbf441e8cebecc3a721294aa291ba5d9d3679e578e1d07619

SHA512
e25c2efa3e7db69d69305d3e7ac9001eeb1c9ad8902478fb598d31edda3e6717b1bdb408545295a737a3a2deda755abfcd2c26474ebdbba318a4760e5f8c3eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF4E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar10A9.tmp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit