77b7e4154939f4fbd53adae1db3150cc4b757a5518543c0c4e4ceada58b4738c

Analysis

max time kernel
122s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ad8feb1592454f05d28819180ae23b9.html
Size

25KB
MD5

0ad8feb1592454f05d28819180ae23b9
SHA1

683f32f58b10cd41b45c9e726447712ae88d9f6a
SHA256

77b7e4154939f4fbd53adae1db3150cc4b757a5518543c0c4e4ceada58b4738c
SHA512

f750dc3547c232dafc45ffd146a7f9e93afe32418bfdfb2b72a2e237a46dcbf9d094223ed708a5acd7995d1a8afdc85e0a32f4cc91ec01e8e87ffc8ece9b97c2
SSDEEP

384:BnA4yw9WpauYiztvukeKXXTu/wl8Ttg8LIWQQ/U4cR1LeeIYECdG55LkuxOk7gO:p1D2tWkekMeKx1k90t

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6A43411-A7A7-11EE-BF28-E6629DF8543F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd769173341890000000002000000000010660000000100002000000057efd0c495dd6f8612a7a209189ddbe76e02c2b896319fc8eaf513a0d2c28b93000000000e8000000002000020000000f09fa4a56156645a4943b5eda32d089602575d9fe7fb476b215ed2196d0f890f2000000077593ae2ed2fb6a7035a704ee19ebada8c2284269eb2495ee6a8a0be530c92e4400000008bc3d7cf2a97d1ebcd522287a6e27cf73313c3ab00b185771e1d1ff5c6269888decacecb8d86df4e602e86dab473932fefa44e93d39b6952af1ae337250275ca	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10805ebdb43bda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd769173341890000000002000000000010660000000100002000000013945878b8e7b8783ee1fcfcf7b3706156f39353ab36dce65e159f793319d2f1000000000e80000000020000200000006486dc0b5d332c18c6341f05267e4e497dffc2d5bdc1535f5b537faeb9b3d6d990000000eaecbdf32bd232fe81bc6a38c8e5dca9bc2c455bf3b2d91f7c53111d64e27878566d13eae3385c742bf4dbea628066195aefa9dba2ea38854c0f8df26b0f0a24ed45fa276aa6538733be41817434c686b17d19b296e0c6f7046e84738308da2aadeed2b1d9c82f7d9801241b6ac912c048f862dcb291545b79386badeb69839f80b3485cc0daa373d0063f4fd57b7ce24000000010b1667dbc9b4ea8340e69e193ed13c5c7431b134cf190e1468fe508130b825f62d3deb58cb541037dd53031bb80e9c87a6923ba41f583c0bbb4ae70dfb9944b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410166878"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2132	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2132	iexplore.exe
2132	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2080	2132	iexplore.exe	28
PID 2132 wrote to memory of 2080	2132	iexplore.exe	28
PID 2132 wrote to memory of 2080	2132	iexplore.exe	28
PID 2132 wrote to memory of 2080	2132	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0ad8feb1592454f05d28819180ae23b9.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a00441ee8d11b1afac67ce5033b13834

SHA1
df524e410acb4d05e0fdced72c8603d8c9b0ed76

SHA256
1556299949e6c7560c4d75ca7fc82e5117c77766252a7d97993195256f0a03d8

SHA512
d73ab115893fd9bfa59248268865886e2a1feebac62518dd05e6aa405c8eef146e6edec652345ec1c40f5cb0cad18e0e6c4eec8269a3839395f66da9f77a397a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb9119cc3c5610ae66762dc889f7a035

SHA1
8e4c3ae06f8c77cc2dc4f655ba2ad6002fb0a989

SHA256
70f9f72aea3afd8e65f41bd70dd44d63910607db9ae4e6eee816aba1743502d3

SHA512
697a9504d6898ce0973d98cd0a37d1f0c6b3187e06fa2d3e84bb094b40c63395ea7dae042dcfa854f85926ed1d429fb4e83278fa08990d207f9cc81a143aa8ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e04185a9a9d3422ab099843ac72a2009

SHA1
c3610211845bbfae378597f8441d940fbfe23b60

SHA256
75d76ad9d3c4212833b9eeee89c66dc9be83b3656d540f8072ba43d358053638

SHA512
6882bf4114b2cbd7155e8031eee22679293904ee37703836e6798e0fbf34bdc4842cdf88e2cf63774a008a0dd880e5b7dbe3e5371fb3d06f61b7b49d6965b594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffe99706426d5b7775e23890d2588c42

SHA1
8513843726dae7ab7922bc19db89faa354280d18

SHA256
d34f6b89356dce8012e2a11fd2b764f3e9263941e170d8b1f8b1180d1ad7e70e

SHA512
e4c06b526b2c051762c20b96f849b24af6bcd0a675ec26e18f44610ea1df0d113cd858355b92d037ab1d80be6731588d30a2d8146f5de6fa9dfb737c9916335a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8313833af83a7fe1d7d1023db2ce69e4

SHA1
716692404c1558b73a71b2ab13ce39e83890b6a4

SHA256
743933d107d920aa659c548ad56558d2ed24eee90e4f4d561c74e8cc70b15c67

SHA512
c809c765408c26ea230df265f7cd227f7b4287c6f6fb6a1987a71b07689ef6326bad6c52ad0b5b0e98dfee63e5d769e778df1ed481c449716e40581587a5c947

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1e021478ccfb38336a699d2f75509dd

SHA1
fa5c45265df99fcf2755247af943d673b7c04c8a

SHA256
00eeaed770a2474f96d2038968a3b04e7222cfef7aed5d71a4421704e6f96521

SHA512
b1aee5c88560572ccad161d9aacb6df0f00e1fc0a623b2f436e2a80e9064b2b1cd609fc5959101ec6c4b11b0a34f0708cda1d96a43cf288adb2ff27cc4b4fc64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e24422301bbed7e58d9cb76428f19b52

SHA1
50df8a0aff728d7ed0a933da1dafcfbfbb7d7836

SHA256
55806aacb51b8030a515aab2c74ea49a6600afdef758f56d3f09e140f02a9ae9

SHA512
3e7809f10399977310fb4845735086d42ef924bd9ba647631a23995c9aa23ff79a59c86808c0deb72fd4c4bc034f3713c295f122b4588d3c845e81b6f71411b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35e3a68cf94d743e0a61e1240b764928

SHA1
a9650428692aa906220da344c1c7eb6f8f321767

SHA256
795bf280ccbc0b7fe0b9fec5728611b0cd2768f8f22d9b9964ced55b331c0343

SHA512
b956728f65958cd4f2e6c2bd3dee9e8e17bcf71c9356320641c2b0c35bcfdae6eb0ed00d13dbd27dc0012016c25d07644b7bd6c8f125c037750264399f27d749

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab30737c4e3710d07890ba34182e4e0a

SHA1
950bfe43cb7affab53f0e048299720ac5a830bc1

SHA256
3cd129f0bdb8147ee4dff9caa35eb1ff51e533cbb4d9167d994b80981be6ed1a

SHA512
c608051ea312c48647fd1b6de033aecdb5eec1f7e8f8f589e593b76df1a87131b93bcc408998ab892cb0191f53ea04e45253b4e4580d750b0c287f2164c5cda0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d80bd286889e8356f7257c9d6d5e58a5

SHA1
d1ce44feade2ff55560643ff21cf118ee9264160

SHA256
5070efb82fb5544aae0f60029e0d2cf94f92fbfa2ab31a96d5b0bce46f9d3204

SHA512
1e044038be91c7ded58858ff41b4775467bf5e512da1e2668e64c58ce9a89e7483eb5a6302a10d5ea8ebef5e543c0b75e8699830fa3b5dd9226b34b93e8a7f5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d7262be8f13647224c84a1c193db6e0

SHA1
8143704b2d5d1fca04125eb29aa82dba19e421f9

SHA256
e414b107bba102b7699d678b63981677afb762ad513e711db131a9c6d210caf4

SHA512
76c6760190af16b804683dbfc97fcf429c4e2b7ca61693680ba5331d6dd5e96e6b73e33ff0c35388e346afe0c033e6e4eefdc838df446fe585e29d7574ece36a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
452afe6a400c229234f3c7e2e563bff4

SHA1
4f4b906629ed0d36f799f06629a3006d0b0a67f4

SHA256
5953c960683648d5693041a62c52420c670f51e8a77eb5b481056096e520da6c

SHA512
ae9adf5153b9214474e50cca213f3fa09285a5b86a0602174c8b4a64caf8848545ac0f4b618345a2d0607363c507790a49c7c2738bb81a77896b8a23a5597749

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44405c576b7b78d024873b1b7fa4f29f

SHA1
2bebda2b4c4b1d4db130b00ebf106ee669729739

SHA256
cdf94b199ac0ad1db7361258042d41b993194cac15595419d604f075cbcb4a0d

SHA512
ac47c89f775f96dfcda376a0150226c3374807c596d639ff41c5e6d8bd6eb6ad10de2eeeb7f8eb9c3098ab1408741c01b8ef667476d67a04391a0e8c6a044aa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a438a18f970f56970c9925fc653b48c8

SHA1
e792e6d82c33a4448c0288bce2e2fb42ccb7bf98

SHA256
234451ab58431f51a9c9f95a0432c8fe895270e03a06b42bd3add61fbbd7cde2

SHA512
8691b7f229b29ab2e5af3b8650c6c9464457dbb5e9bea2910ddeb66a67bef27994976b7961e25ea759706177a790288c67933919ec9d3bebee4a6855b257b3e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6371ea398ec34c6f35e1d0d68f77da4

SHA1
d2433fda69b4026faf50308cfb77bc86fd22709a

SHA256
769848d6964bbc93852d55ec59e1e5fd778914a8f513237ea6cf68b545f059ca

SHA512
30e612f0db675033d20fe8614f515372383eedeab4d22697610a1897d774c82e129dbbadf96c201c6f9385a38b3a8a0c1fede8eed6cc7141e5f57ac8b2cabe93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96506344998084d0d109bc8ff7ec3c12

SHA1
9cb4715cf936b620e21070f8ad2f0b38278e0109

SHA256
dada5a9aa46ef36fde2cf15fbe3afec1a9a601be666ffe4633eaed7bb85766ad

SHA512
98d6c7041631722cd5a2b7f54a8dacbd673bf3d148a367b179481700f8bf81e917f921020957e298efdd28a16dd21081d5d872e279f50cbd3c9ca85088079dc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15b00705262ed73ba5496766c056bc7c

SHA1
303f4df3d7c3d543eed77e070a94815798f07119

SHA256
1b10859aaae2c1951ad0b6f01823ec29b92b6b37ee3599316fb72b8a377fa8a9

SHA512
292900f84dda41dc31451f7038cb42fe0761f5e942cbf2c96c5d3d76b7c8a038ed8e58ba8f62770f2ac75e475b3a0d04938909bb8b3ee91a40be509b197b7cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab63F2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6483.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit