e867084094dc505c8b5fa22a852889808d18ef2010f4e93746ac4ececd274174

Analysis

max time kernel
1s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0aff1f565631da40e5124a91c3b5e952.html
Size

44KB
MD5

0aff1f565631da40e5124a91c3b5e952
SHA1

4bf4c244be5a151f07b87b84f028b2be1cd16b90
SHA256

e867084094dc505c8b5fa22a852889808d18ef2010f4e93746ac4ececd274174
SHA512

a24b4afdc3a3b41286b15e3ad6fb051fa363e0430b677fcc456f25061284ae08057785b69b2f6f7d20ae8895484676cbcadca2f8b51b82f9fb39f2862c47c534
SSDEEP

768:WMao81yEXInTfT7vVLlDSAVOBGVPUTMFp5iZ:WMao81yE4nTfTbVLlDvVOBGVPUTMn5iZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 23 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B08B19B1-A726-11EE-A031-F6BE0C79E4FA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2152	iexplore.exe
2152	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2692	2152	iexplore.exe	18
PID 2152 wrote to memory of 2692	2152	iexplore.exe	18
PID 2152 wrote to memory of 2692	2152	iexplore.exe	18
PID 2152 wrote to memory of 2692	2152	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0aff1f565631da40e5124a91c3b5e952.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fda72f4c3d01952f0a79551e37c1f1f

SHA1
18fa6723cd96086c805f97b1b31a83c05e417495

SHA256
535e5647b292c35f5bd588bca3d6f0988d035f17df2f58f0096e84abfb7fb720

SHA512
7ea999011c8c19aa4ab874ca8122fe21355a5e1f58b51a47c7a28b6e9ed036e3d6524742fb127838b3e8eaa179fc0a67c529db9f8ecca548db8d00db2c7819fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92d6f3c292426122c3b4c9e77c90824e

SHA1
9e41c86420c9b984a7fa38063d5fd4de8ac5ac84

SHA256
b0b301ffc55c3387d484bc2d9ce0325c4223aa20b5724fb70f58f4bf69fb9885

SHA512
4e08ce3eaeb89dc31457c0fc1339677d0ac523de590787d76e121680b09b2b1763904a7d283ed40000eef4536ee47f64687331485c2e000f535d39f690a70711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d7ccc8d6185bf2520035eb8cae94bfb

SHA1
59edfd21a0ea86efef45c325dc375f9012202a36

SHA256
6699f11a42e80a1ae3393643e58b5b8cccaec4895bec5dcb359882674e11e51e

SHA512
d796a5d23a3fbd9c76f48cc4d836b4f249a4f847c167ef5324e886fb873bd3f7f0988d137c560c5baebf03aa57b063cb56a33fd69e85721a6774590de7ee2629

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f987083ab8dae43fbe63db8b420cd4dc

SHA1
7080558eda900d6820ab29cd497c716fc9f90c99

SHA256
e661a2461d5df47b28bdaa37070763ccbe2566ed432f6846b88a795ad5687f1b

SHA512
a0539a98cf5383fae5ab6a1f9864263b1fa4c42d55eb8fc72d6d08f5c83546e65ea4bc8ce10b9f248ca6fd63debc126c820feead2949309614521b00258eb221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b454fdb9513e15405e151334c88031ed

SHA1
951fb65f286fa3cb690720188ade09fec758eeb1

SHA256
cf693a2f39306ce240a4f5002c9bbb0b86830fbca421c9c3739de45b1b86e94b

SHA512
afea1d4c227adc5667d24d7f14d23cbea21bc39359a0f618baa15f8f8c8f4aa162b89f8cb3fc988ca196095b330ebb52e408508609bb210dd2c2f6ac5b41a0e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f5068546d08411dfc86556622c107cd

SHA1
abc2575f59fc9792064b4303b97628d30a911d80

SHA256
e9b9ee09b271898f05412ca1a4d691d4ec822fa793cd6334101c1334a2231449

SHA512
9de2ded3274c096800a5f0a2f02599869c91b51f100e84165246a0d9861849e5f2bbf3b74ab19cad520516912791a99dcbbae83aacb93b5f9578a659adce9610

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf902d5b700b75d8fb39f504f6390359

SHA1
45f30e5c21c65e0bad93d8dfdb035097176d898f

SHA256
86af9149c514511dbc7cfe81790d43935672f2faaa1d38481812b573d92d7bd4

SHA512
0e94a7088658068d47015cabe3c4b1c3b0254a00ed3f98b31fe8156a54d79c936827968892e7f7a02971dd9dcc3e63ccbacbc48cf67b20ea02dbe1054604c048

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
829343e3c506928445dab2c532bb529e

SHA1
1e5b3df82748d5dda883dc271a0f6722b3f5834e

SHA256
5c173cf62f28ce1df602ea5467ecd3ca6cedbb96c886c74572a5989672ea3fa7

SHA512
753f8fb14d01653c9602af31375faee98e8f223bdd793ce6edce2b1240b0ed17e42c225ea2dfebd54e2bd8e635e8ab8bb34a9058f3911cc8c5ea55609167e6fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3614acd2640c4a563967e78b00c9c22f

SHA1
dd36e99e5ec2e5a5c3dc4ba57987333bffbb2fb0

SHA256
5baf1d207bc215ad692938d5a25b47aa3baee09fe8b1c96e0a79b023d183a78b

SHA512
5075eee8d0f22aaf2af9fa507a0a5ba7c4fce0794fb1a129594d49fef0d9261af0e798c22beabb1ea740d721d0809193de40b9b81155222c01349a143628f3d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9791fb86676a3292eb5a8aa75490c4f5

SHA1
9cba68d21203e8dff4a6ead15b54469f3c5a2c31

SHA256
cdfd3b79a0a6f3adceedbe50892e40c22cdea12ea143dbe5c7bcbc0e35f70de3

SHA512
9f1df1afd06b836f1eeef7505e9e69ee4f027d0ef2e4286c9b57c8ad08356418dac5c455cea2deaf0a27146dd1cc9ea8f1286650a34a9506a4fefbb661034642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a25179e2e3dcf4ddb69eca67ea6e7c6e

SHA1
fbad0bfc3dca845a1caad1a8c921080b34ca2387

SHA256
cef84afa1f1d48585af778e7c6e9591b3f95ba30fbbbb11805943cd76990c07a

SHA512
55a1b58b88e626835095831f945371db4cc4b253d221ea47860f9072a3ecaaabf31667d9b7ed927a19782ae3ddfb1526525771181efb96c8cdd411351c35ad8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3638db4086b964dd0bcd0cf1b003cded

SHA1
4cc9f84b4b8d3f6ae1f51013f689c49108b3854f

SHA256
234410c8844183ef54507162d4fe8ababeb8d1c7de23c04c57539432fcd1d7e1

SHA512
5207f3d8bfc97f6993440e3b18ea01e87bbea191fddb9d7ae94362f6115063beeaa2f6fb771b42d7247ea853619208926a8e5c95031e08ce0a55a8321423345e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5F06.tmp

Filesize
24KB

MD5
3db9ce6c57e6d081861e48714ea60d0e

SHA1
3b4a8ef0d7d8788c70d0c416e0952511eaa6d601

SHA256
b2db522ae04e7f221e4c6c03a170d2e688f0efe0eec6f7b43a30c15199103131

SHA512
89430f2a07192a84cf81ad788bbf120036cb680cd9a3fdba3f2265e74207115a377945e83a79377abe87034a9a486b80e343bc29112c7f674230034b82a496ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5EF6.tmp

Filesize
32KB

MD5
e17e0b7bb1c2c884ec5fbc0cedd844eb

SHA1
3e554bb28178270e4c56d4d127abbcdc9aac899d

SHA256
6a10d7095f5af74006f40c96821df619762d48edec520b2df0179a621f7ab585

SHA512
1890155a4fae97828e363ab1353534cee3104227601463a4582ab8969f2c443519ce6416490346d0de9ec601bfc33a08b791e58d0d302d1b7c9ad0a23a9fef5d

Download Submit