934e8c2f05b020fd65e21617525c7ae36061a718bff86f2ee8b00eeb06eb2eec

Analysis

max time kernel
119s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09eb521ca4617a6520794fc80f15c4b7.html
Size

11KB
MD5

09eb521ca4617a6520794fc80f15c4b7
SHA1

f85d0d5d5b0b80fb0c77e7c73e34df53f2761c96
SHA256

934e8c2f05b020fd65e21617525c7ae36061a718bff86f2ee8b00eeb06eb2eec
SHA512

5dc748ec5415e6b5ca030fb3508b8f002b391ea21acfe29aee647aeaf9e2d5f4ea794225810c53997846f8f53b14bb5ff9e497c340f670dfd800d486ee606c43
SSDEEP

192:/lvk94EJwy/QgB99kJnDOnu3bBVp5Mxp/oVa9p/jMf5eOW4wSV8sjWQ/+TxwqGJ7:q94Ezodqn2dMxp/Ca9p/jMf5eOW5SV88

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410154946"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c0000000002000000000010660000000100002000000086b6e0b7ada9e76fb867c26cb327fd066d9c1d1b533c98ef78db584e53ac759e000000000e80000000020000200000000b81e7b4f9a3f2224cf94d3c7c3e3d5240a19cf9ebec8865cd3d5e254fd1a2e19000000081b4001c3fa274542f4f6f8574f7b3e71b6bb9f560fb09ed1d2146e0ec1205c6548f99a9952ccf9926ddebef252e0cd424980840789abd32a5a7495b7a19ccfc21242755694a1c977bf0449658d60f7153c161e5caf4020bdbd86afc437e1c27748092b387e28b61d206f16e2b821eebc0b851dabf4fe979ed7659566762b45f250cb6955edc8ddbcc2581242d83d6f740000000867c967391c0524a69e79f9ea96029d58f8c3a564e834e3a99c3888f108068aebe56b50a2a60e2bd83b582e83495b52e515a9dfbba7c562a95494871b987c4ec	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000080a0bca74fa99c09a2bfe57852a36d65b309e76abfbc1897d154fd717c929a5000000000e8000000002000020000000682ea36be1949b4e0d6c03a0712fbf3cd7b69f4015abf7cbc53f975614f397182000000083b75306c4b5e50b096fa9a4056f439ed0556e6594cf1cec53c074083b02ad8e400000004778fecc0f2dad27194feff7ab3fbea1e349bdb0a6c05f599673fbe4219d0579b9ab7f1e0d2a819536b41a1e9f973e1625dc7f0b7da8993f2530991ec89edf32	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2034a9f7983bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1D992D71-A78C-11EE-A2F4-C2500A176F17} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2512	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2512	iexplore.exe
2512	iexplore.exe
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2924	2512	iexplore.exe	28
PID 2512 wrote to memory of 2924	2512	iexplore.exe	28
PID 2512 wrote to memory of 2924	2512	iexplore.exe	28
PID 2512 wrote to memory of 2924	2512	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\09eb521ca4617a6520794fc80f15c4b7.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c49b539d9f3b41665190138e724ccee7

SHA1
e163d662bb10f210037af87c4d39d56e22911c88

SHA256
3e5a7ce8ef1ac218cf99b4f88023c06d746fd3404593b904eeb74cad6c3520fd

SHA512
4bfd7e98836f99f03ce63eb2cbefc6b28d9cdac46659f3de0e586d60a1a5c96941253438ce23bc5f1eb3cdf789a35e1cd727a57165f811e32b8c99e756666d37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fea6d734a26bd50e82e3f44867a1cf5

SHA1
e69a61147720094341da4169263c84e070216aa0

SHA256
db5ede168845ec9bb12945865be6408c9de414f590a551e9cdf9ab05c55beccb

SHA512
ad44c7346f2c0db61fcd4c046af8b1ff034bdc71cbeea3788b4a522331bd7b4c897d22d004326370f578589e22a54bf107b4e55307ae79e0c2d505d3a109cdda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bc0a0f96452fa30e071c4633bbfe8d2

SHA1
0a98d46e092aa28e11847cfe66a4c41843230c05

SHA256
5c1e5dca72ec42c69319495b1cb439b32291e362b9e30f6e4c174a0161adcd90

SHA512
5a5776a29842a9aa1e2c93ff4f95e3aee23db0dcf53f5353693d98494cf3c6f20ca8bfbdb61c119c62a3f69ff8e15fc03394cef24ee52555631b9248b6312c31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c627cee14e122024a2f80947a033f62d

SHA1
f42a1529fccaeb04bde9fe56bbd2f348d2c9579a

SHA256
a733d706a04ec4f9a615f0f35215124f9d125e88f343cd8a1e573eb0b111315e

SHA512
acc12b5d443a1633b0536e6f22e64ea52c162c97c5106754077a9b19bf93ac8ae94a9cc5da5f57e7131dd57958ae263385ec0b99dddc841bb341aa9c8ca4c470

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8c27eafddadaaa1ec1cbf8607b505ff

SHA1
7f866159d30b124d4c14f0f7b0145b83e03f050a

SHA256
be00713ef3e63dc25d50014cc91dd6ac96cca3d0f0fc63ebd8f52b187b8b88a0

SHA512
f94862fb6e287cc1a237926511deda59dabaedbe5348ccce500fd9890f2dc7af88e562c2448db2344ee050fef5abcaf40b8525244778eeb384f92b12d586dc42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0015d64d884c716aaa2db224e4fef54a

SHA1
77568d662dd9be5690b94d866f53824bf101b18c

SHA256
3b5dccb60a6112d05282aeb2b3a073518b7e3ee99888dd4c943e0e78cc080bac

SHA512
4399d1ea00ad0da848130cfc839000a2ac60a4e3a2c6e492d703f062b64243c1b4002463bf47536a580e5b146d879377fe3ac28f2100eda8a3dbc1fd95b03df3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67fca6621a43536a3f0507a5dbe230f8

SHA1
331113a6082beb6cc60493f848e766fead300e53

SHA256
87e138026a35a2e4ed960f818f4f35cb16e5bfb6073e8afe937a9db58a3a0abc

SHA512
6b360a0c3c94421de0789be6871a9b788e705ed3d42ee7ab49772c17a12f37f3d1eb32b035624a2a0b5f0754dd84529e1c0fc58a0902f96105454a330137f4e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e4967e1e018b4f08db35aa990a8a63e

SHA1
fda36311848ab2c15c1b1b264394141fa596c40a

SHA256
928324d4466f854e5daf4429362d0af3ec533b1e668a335280ade74de48ad735

SHA512
e4d8ff3c74ebf54814a3127d0108950fa663158829dd6e26529d50f2b0377ab04be9f5bb4e474fa33148a852c07fc239ebe1d02d47871846627dc924e0241b7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00e53c7b71a033881046ec247c208471

SHA1
5d986e2d9ecbd2b07923cf4a4d25e3a9aa9d450d

SHA256
ba700d5ed9acfa03be72c564b4a326c805c7c7e403bf8735d2e1abb18a211540

SHA512
427f6c2d15d763269faafae894a18c8cc0c95ca47e3b66b16d91c0d9f5f8f0ddf7a1f8bbc977b87dcc72b576f457ccb3c601b6d2e9c863dcdcfd1573abb620e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7b6b69fd4f95d45e53f2899da13a76d

SHA1
8abd7864602d425f6e6f67c88ac6cc920bd6c9b1

SHA256
a1cf7d97bfa3595fa1da150fa54d0bab8053430e0d65bb6367c5ddee63a957ee

SHA512
583af7ca3df222c29b100f71978faabddbe9e6dd180365f46386f8fda123f328120c3aa5a8e3f3890752f3475f3725c88977f50bc7046f4a6af0a4faf1921a7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1db563c58e57a2c659a821604302fae

SHA1
032405e95e7b855c0438496e40db577262a9423a

SHA256
0de2a6c412cf144d29178c3fdaa9606d695d749d4d6c64b8490f8e459cc9233c

SHA512
0064f4e1b71e67b69ba92d08048a4e7fbb1afddd19db2cc8437402eb8f90298594d7be77af9b92885ce39f8a8e37342ec815907f825f9dcd5e60d52c8701cce3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c0a142dd4da1d7c4f7f29570ce876ce

SHA1
af7f3d2f6791af8fcb9c5bec43783fc903c5fb84

SHA256
1494c6a8efe26d511d1327e91eab354457293230e4ddfb3767af1b137fffa762

SHA512
26aa537a3b6dcd4849cc9092bb1ae25e771a0e48162c97fd693a6d5460c033d29d092fe35a5613b929c909ff6fe744a185346c0b5b3d17f43b7a3be74fd8b47c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b71778688bf830baa1aa64a353c3c2c1

SHA1
1d227a7513e5429dc16d0750ee3a1b94645c6c6a

SHA256
f0d99289d2504176df9f4645b5365bcaf6d450f399e244bdba6ec1c814ca0f00

SHA512
7a9024fa46d7c5ac7be2cb34c111765f6dfb8fd13f0584dc7f4e809c8e0c7ee96f5a458e64ccc7ef754af15c1b9fbbe9535af66ffddc5715e36286a967ff1c7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3ba8f791e78f1475b1856f6aaf0d979

SHA1
ac203d8d7e00ca7f0d451026bc630b0013483f69

SHA256
d9feaa1aebd90dc5f9c4d66b2298f226b2128402b89782c81df5ab58ba01826e

SHA512
235794404ac63dd49fdb6e664cee043fa189c01cbfffb9d5c4400b001af3e1264ebd502352cd7e2b8e9465cc40f22e8750d918afd0fa5ff02192046b6e5bb29f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cafdc31752e2ff5224bb86dcce856aaf

SHA1
252469a8cc0168de8c939cab25b4afbcd56874e1

SHA256
324508a0e0bf5cd5122f5196f65e13b7c9b715e821257f31dd7f67375d20df39

SHA512
232b049f30974c58fb1a20df6102b00165ecfb1fd62b2614f11c7ca0b439bfb87ab26e9ae69dd8abc4cd517264ee8bf76039fbcaf5a460b85ef9b9c05a238e1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9102619d566d51004f21c7b51fc088c9

SHA1
0433321898d612e9a8be28b34caa05561aba2e7f

SHA256
97d2bc25a3ef27b1543155e3189da67785398bef2c83ded66cd72702de830e06

SHA512
889f7dd6596e21389e7ab65f9ef0354fe8251d4fa9e5d983b7eac29a5fd64824fcfda7488843023055d314bbdf18ac1b0b09319af30acdeccf23d1e7fe571dd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
960c54d45a60710144a71123647cfc99

SHA1
913af02ccfc496c14ee6ad524ce471685ad6ffef

SHA256
b9b05a3ff85b3909614e2df83f0e367d683cf549b5e7de499adc24a88c8896d6

SHA512
0f67bcdf4dbe53b4820c4c8db3cc95ba775cc144d3d1a2424c9bb664ef26c7181df79a7c3a685bff5b0639bdec8dec60abe8f7979387f8cddc98e7fb891b3814

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab715A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar723B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit