dbdcc0671628859c105b5a3a13f3c2a95f0ff1c7a1d7e4e13e694ed880b06adb

Analysis

max time kernel
145s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a1e3f77dea44597e4ae37131e7ee65b.html
Size

15KB
MD5

0a1e3f77dea44597e4ae37131e7ee65b
SHA1

97b63b292f268fe9af5a56b9964a10bbab49a6bd
SHA256

dbdcc0671628859c105b5a3a13f3c2a95f0ff1c7a1d7e4e13e694ed880b06adb
SHA512

8ea564f0926bdc6dcd3e8991f0b99b6e54dd1c5e24744fa876b40759b629eb1083f775f7ec76246c4f241f898ae681128d07d588434daef1045970cf6ebbe48a
SSDEEP

384:dIAySGmimo/6Un6A1J6n5iOe3eNMWIDijL7:HGBR/J/9ONXIDS7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 901e42c3253bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7E5A281-A718-11EE-9840-CE9B5D0C5DE4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000002ba5bd2ebfb65639b62c698dc200cf91eaac3154e79877e5d870611c841a5af3000000000e80000000020000200000008c29e7c5348ddc8a8d7859ed3e2e340e7db92ad832fba6e1185dda4702acfd99900000001d2bad51fa294a9eaeebe4690771211802716c4e741b685955f48ec72a5352e31d0cbd31040a76f81436b10ba19d4432368f1919c086c38dff0200ffe2c87b562cb7da4f588e0b857824b1c2cc621487f357c251d2d1d940da022067feb85ceeccc7f69691e38dcb9967b6c5c27caea11a3fce69fa9f4030739190bdf9a977fa8f57311fef9dadd3ac71b26771f8c13240000000dad4b3cb5768978aefc23aadef0a2b4f351ef170fd4f256f3c84f6214aae4cb8a0a8917b70ccb8d167ba7419807f764219c547b11b29d50427ac537ec90b29e9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000008b3b61cc28729065612c66de3caab4b384fdeb9a4a1f50f821c1bf04cbe2243b000000000e80000000020000200000006453106c2c97704a33ed506981a34453dbe3e7f677f00ec202e1c3b815a38e2320000000f097aef6282240c7319713f76bb87f93e95f6a35fc1fbad0e52889efebb43a14400000002793de8b24b10ffcdb487b6ae1fb1a04ff160f5e10e636b84ac84d08b66915d981d30f92ea602fad6d0671c71f1a3725e03a1f4bac1c5b6bd1f5d8a73357e86e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410105462"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2416	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2416	iexplore.exe
2416	iexplore.exe
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2268	2416	iexplore.exe	28
PID 2416 wrote to memory of 2268	2416	iexplore.exe	28
PID 2416 wrote to memory of 2268	2416	iexplore.exe	28
PID 2416 wrote to memory of 2268	2416	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0a1e3f77dea44597e4ae37131e7ee65b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_9E9C5BD522DEAFF0AF9BF0B0877DDF33

Filesize
472B

MD5
3a03d31c0d72895a743a5b3da0960e1a

SHA1
dc6f14a68f2f36f0dbbdf9e48526e2ba3da34bb8

SHA256
a359a47aea123f2d6a7e3b090bbc69fe268c5532da8864d2d6387eed150714ec

SHA512
a5714b9d94f16b38edc2a7d389a0f13f5344f129499e29c4f680a008f05d4ace267ae52e127f55efc5142fb3c3f110388ab713367c5e04180bcf5dc0861034d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ada7bd781d818d4b412aefd45ad71e4

SHA1
2d6e7f507459ed9bd2606d95edb83d58a45ee42e

SHA256
e386f24bc5052d2f296a7d53c9d59e6fb565afe31e6a3802c950b3374c093bac

SHA512
6bed09282b899ca20f88aaae5a61739d605eec9df03fb637529b81d42e1cc05a221cdb4aa74d042cf91796194e1b4542268c0ef46222ebb6ef519a587641e735

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
427ec4516dd0747d41c1110d9e31801c

SHA1
aca9b7f63ee99f996df0f522dc636f686ea58e30

SHA256
6cb2a5c7f59bef9265aa04001049c8d6cc598b781966add395ee41db24f3c2b5

SHA512
68f997b91906dafe0c57623ffb3642cfa3f65bc703256817b98bff62498ec6575445a50c05a0db1992a200a94596552ca5ee1a87d04880a2452c434d6578d2ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a9e758826f67730bde85689b5eced82

SHA1
ac77314024fe02e8fb130a268ebc66de364e518a

SHA256
52c95cdd062cce6304e0814f5a42f2fad73bb074078b61d8be93a8af4742f366

SHA512
dd964de3200b0efffdbc2eaee713fc57d53c7036aa1684a79d138656193d8afd7566b335771e7dfb367528681c0340ae5951199f06d5415465b6b0fa5d089830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbb324fe8a1125a206e896f1d2f48c45

SHA1
3e5ccb06c0877db0ba71fc2909c318d449c4575d

SHA256
47e9b0800f0a08cce980dab23a9a441e116e90d058e6e55d530612180d4caa78

SHA512
f6618ceff4063130305f70c7e2f35b5f17179feeb02c117ba5e4aa0e35499768608324a998596bf1f9b4b1c87f68d6a57c979cbe55202dee5d0f7558f3f4250e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2365e24396976001161e2450f269db20

SHA1
028329d5792081885272ca237ee3e849b4efc2be

SHA256
8268a352527a95ed17db0a0f25e2c8c209e6641f906bcfaebb2ba817a2596ad1

SHA512
88a95721fdda01f6459995746672db6f260a5a7e3a694aae7e08a47f66dd462c7e514afdc8d96b80c49db585bfc1f6226a0a4bed0fc68a51f945760c145cd801

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
328bdb39a276b96c5c9188d45b9c36fa

SHA1
427f4b0e044616d77ff5ca9760f88d8a80ba2060

SHA256
8ae293ba6a9c30b300e72fe569b471baf89d22ccf501f946a1d7731dc6549d88

SHA512
ae78e651b98c0e809d063b2dac0a86df51b7274ada0cc371bbbb83c8b113e12fcc0e70c8d5e7fd54dd3bf5fdd5102520c3f12668d5ecd4c8aad92297cba86f8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f19678dd572e49584e78face57740d67

SHA1
1f35b5f80bc5f0cdeb9f8b703defb13e99ecaf50

SHA256
c9809c8fb616a772b0ff08f25c98ff2c0cc1ad4808c433f909a234388f03f5f9

SHA512
4794ef5eca3ab6696d88f1b16dd791de57c12e208b2ca0d26dee2937435739cbce3757eddd9bb326dafd3f7102a568bf1996f9c194a6f27a3138962b4cd217ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8c0a9ae6c43a7676b1f1aea84305abc

SHA1
f673892131f9c7bcce5d550c4b0af304e0daac2a

SHA256
0530c159187cf1b350b451354fc7419f1b1567d42d823f00971df9c379f60759

SHA512
fa0d29e599030aaa6a6dda67d3a4e07102e4d2587c5987497230cc3ddd6249dbdd1f0658d1ed1de083dd857aeb964cd8a46531b6d210c2943be07828895469b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e0866112234a1b3bbed3517fd53016a

SHA1
444e7e56939bb2bf9929c943be922ef0c9f2417e

SHA256
9165a5ffbadd150dbf439e26416a5512337b2365636020e6e521c9009bbb1426

SHA512
18cc0f5ffcaa4a67d2bda8a959559e4d1fee654ee9ae9d621e5ffcc8f3d5f400829f89aa477013a77b27bf84bcec5ca6876b1d752724f9db82bd0dbcb0ef7838

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed2d572b05b77e24b8e0f02812eed6f1

SHA1
2aff966a08d2ec9b1a8db1a726672df735883ce2

SHA256
e9ddea1bad18dbb1e515c0f70f87e72dbbb85feb70be518539373ababa2d0c63

SHA512
a4d1f3aeec0eb49db68d516efb283af52337b8f6052a346a2a9e09d72dba1c4fcd2446daac44fcf026c049610382e36962cc7be5d47e7d647cd8eb42a90c7504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
468d99b2dc4ace9b0cd31bf63366dcf8

SHA1
7f8d856611cb78c39be9f6e0c8b9b73bf0d755ed

SHA256
96e8b7ee1383c4979accf89968fcc2ad38b858c1ef8ce820cebf71964f89ef3c

SHA512
67a25f92173a855805bf3e22466df4d7b1c824e4ee0bedbb80fbb5b4bfd18c264e94275dd9191593db02baa0bf53162cc82005b543c27da026ad1fec74ca2540

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6384824c60fd2d833eb7ba9c34d4bdec

SHA1
6fde5c0ffef473ad108b5c880ea8f1a73afbc072

SHA256
fdb0e2c3ee70bb74e3efe571b09e982bb99f5c31fbb54cb67fc588ffcb012cda

SHA512
c7b7df6a7af11054c37e4af1392878e2be6b298e28f29d8d9fc242f595dc5fc2b5a0ce6efd84bccab920a6eab91a89e869125e1da3b6945164e377db874cecc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e330ce50cd98c58a8276d799747e55d2

SHA1
0d254f8f2d60d6ace3d95fc152a5b86bccc9b0b4

SHA256
a9630fa24c4797e679b3d389eef76d610932250b25a233219a90a2a6e4a67985

SHA512
0923ea69023331cc5ae5201021591458425d62420c300442e53e0c988536a4d86e1dbb1ec1ca127934884298137accfe4c230910b8a067e067ee4c6aa664e68e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7966.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar79B7.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit