b3afac580f4d9e0300270e125951eb36729eef46746bce4aaeb98a3a040970a5

Analysis

max time kernel
120s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b4dc0db2a7d3998fd4543c7164b073a.html
Size

254B
MD5

0b4dc0db2a7d3998fd4543c7164b073a
SHA1

95ee6cdc34b23bdfc20fa5822feb0dffbb74aece
SHA256

b3afac580f4d9e0300270e125951eb36729eef46746bce4aaeb98a3a040970a5
SHA512

267516cccb4eca5f178b59c62c116c16f3bddb88dcebe2bf1eb3503aa8380aa5afa3d5f5a8991cf65c17a62a28daa0433ad616643de4366417382536dd5fcfc1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000ff1cfd1a2f3fc5c06d1cfa056526bef4f643c0572d0c3b877957902bf9e7ea27000000000e8000000002000020000000c33b37bd8be8d771b499a6c4b8b0db10e1840691298842a9e35850c7ad4e1afc20000000b74a62a260eea2f8233862e4fc38bbae4649a1ba6abc1650a4664525a835925c40000000884f7639d027202f4cfad5777f01b1538b677b2f4ab893a045da453cf2bc8ab1b895abe1741681019434e74afb4825cdc5d49af2515c467cdb3719ed45854b86	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410172563"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{209B8BC1-A7B5-11EE-B9E8-EE9A2FAC8CC3} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e04ac4f5c13bda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000027f5fe1a0e40545bc485c5d2fa33ca294664ecb6013cb49b001f832c008be303000000000e80000000020000200000000c52fa102a0d301e911e6b381ad2919b3ca1ac9dc96b2c513fc09d36dda67b70900000006c9351ba70482d17b6a2455f00122695485228059a26fa7d4df5dd240dfbc299aadae1e09026a4a9df512082ca05bb91855be5a721ded26ceb87129c416122c70934a947f7f3207ebff4933f73294b20018c07e7a181e64bab7e40b5be98add9126fc7b5b18f97e5e10674cffbb619818691de56f9d0a46b39248ea6c6f4be0b60ae2a7ff85f1bfd7c61d0b6b240649d40000000ad7caa931ebec8d8ddc30229a8629d9f6d860b05cbeb6526c3976b6c8f11d6d8a53e4a248d533fecdc32c72f5ec0cb1b9068dc4a7035c1a373859ef75948e3c1	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1732	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1732	iexplore.exe
1732	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2080	1732	iexplore.exe	28
PID 1732 wrote to memory of 2080	1732	iexplore.exe	28
PID 1732 wrote to memory of 2080	1732	iexplore.exe	28
PID 1732 wrote to memory of 2080	1732	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0b4dc0db2a7d3998fd4543c7164b073a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f43cae25de29f73370b09f3aff28048

SHA1
dc5638e2a5607074e987bcf029582f96b8d3687b

SHA256
1d34cb2acb7756580b94787203de31be8bbef0bf475ad241ccca237eba78f52d

SHA512
e06513780652806b82ad546c3791b525b7a09ee5e5b2cf3d44ae523c1cfe241a22a8c1ed469cdc02970ae712ec13bf0260d8e6c44d201bb4249c149bd91fbd41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd2505e8102e8594e168eed41b542a37

SHA1
c7d8d541ce635ef2f5609607daa1179a98e682cc

SHA256
5b67fec0055a71e8770281e2bb3b8516fc3292f05ed7223ba2f0b14556a380d9

SHA512
838dbb2c1d0b7c7ef3d6d2819e79eac8673c6536b3b70e1ed5ce3bda0daa0c9c62285d0e11213c9336283b802fb79c99cb6b61f83fe0a4babcd814faa50e00f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
286049d8f28893e7178948443a03953f

SHA1
ff7745f9ce5a90cd7a6a8b7c60d80856857c8454

SHA256
917fbaf9adcc71619f3e7b98372a83c2dce40219fa7eb5969b8d386520134bd8

SHA512
3b33559b20c7c573a6a85a0774b26601695736c0258ca7e7a1d80702e0c882eb8d5c04c13c5bae2f97c72ce9d521b904d227ca6b6de3f2df626112958abe770f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08a7315b4e61232cdf1df3899440eacf

SHA1
81c432f51d275468511560b0fc8814e8e9bae82a

SHA256
8ebd420b6e7e324ef19fb8983981afb366bb0637cd12d8e476e77e6fac2166f5

SHA512
5e5d2bfc8ba1a0b629cbdefbc5de4c1d16e23dbed5aecaf1a198ccfa70083882000710af448821aecde5741c9d53d0319783f7e3823ea9492ec388806bb6bdaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61e7c6e4f35f587240eec76624500ad4

SHA1
bdc3226b7ce2202b1dceb5662976820ef7089a4e

SHA256
7978858280ddc151e2c6eb176977f410a0c082f557bd47ecf28638e2a9a0068f

SHA512
4c901ca19a41162f7f60e0fb5d275f945d1e26364f615674384469fd7fb189f25e9768298be7a87deb2dce26b5dee93747705a10167a4b981f25db83788a9e35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee12496333da669a311be8f7be565011

SHA1
8c6f9847ebde85e79901b33b9ebf580561a0a4f5

SHA256
7566c23b3f4c917a4ab77d96329f01a93f14507a92bd7197b92002a2599e4a5e

SHA512
80432320dfa465cda3cf507fc65da7c10cf328fe07fbdd93485be75e0920ffbe7e482bd7c0a90f7530400298e86d83e7767e4d7bd9b7f3d2ed146fcb00165f18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bca1a70cac914ab88b36e8a0e9c0052

SHA1
dd3e45efc9f801f41b591ac5f78d971fbc3ce5fb

SHA256
ed4d8c4cfdd4f4af74742a89cc8a4fdeea2f39d881f0f24e0a660a809284dac8

SHA512
3e31af11091b97fe61a5e568be5b94ac2eb308e12b78281d7f428a4c947345537e0f818573926cb909f192601178f52cd3bfc257f0fbcb7553ff0f5eb8a16433

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c92ccdee4fe8094429dc238429c80875

SHA1
31ed2dac4a16220b578d4858273cc94091ca3a10

SHA256
a026defbc5f0f3f8c7ca22d44e39c450de9a8e6bd548eb0d7ba7d8cb4cc8ae23

SHA512
749e629a7569cd2ada95b1b033674af7b6402ad5be7146ea15c5ba928979c3c5dc4d3f23f377f4627ab25234eb354b6dc864033ad677db874ba544d080847a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
336e7691fded5909fee1106ffe36a8f5

SHA1
993eb07fc1463c9529c13c8599bad4ef6f6034e6

SHA256
504e649fb25447a5ee542532b1e7ca8ba542a98caa2bda31e54aa25920247fa6

SHA512
6a265e391389edba68c77d735d0820323e1ffd5dcd8d86872c9d38df19ca0ba1ede8709331f466e6951089ab9beaad564b83aa9c9605825be666ce88626aef2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9818f8a0535cf6aa4729a34e02d51b85

SHA1
f0531b14ccc3b3b5cd26769d32843047eb8d41d2

SHA256
a97a528a4c42af050c52b8a52f17820ef2603a57a361f4a94fd35b45ad2f28cc

SHA512
9f4352413b87e18e23df22a911d4bd3ee3f4a1939ba3cbfa9e49d0dc467fcc61882a0097a310fcc29ef439df9da43bc59708a91e1f3b7f8d188de733764bdd89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
455c786cfda7a8d7a58bbab4b6d81b07

SHA1
192eaf27e4d76eec2152439ba1d0b6ff39cae71d

SHA256
71dfcab58d69fb6eee553aefe3bfb62ff7bf09432fbfed41727d32d867633974

SHA512
1ac954491dc0b4b73f64aaa1a44c893e6ad012b11f8cd34bb09ddd432492f6b2cff459acc1c461c81fd3080d7b1c3895c8a6884b48333276253329de2a2705e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2489a79a74d54ceafc4e5096a8b9fdc

SHA1
2f0baaa82c524aa72ab70defe4dbd91aefd45812

SHA256
c5790abaae59e99793e486864d1e7c20aa06f748a52d95340c90efc357353d49

SHA512
0bdca15d82ce30fe435bfb2c30514bcfc52df39c6b1f1a5ad052831f2faa4d9d9321bd66bf0f00bbd4c0d659560f59b4f72d8c1a0f495097602fa83fffecab0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51e5e2c4ddd0df9e5327ae675f250e73

SHA1
258d979da42989a064983084fae0388f90c28bc0

SHA256
75564170853dba0bb6b37b3a8bb490d786b11d51c296a53595fab29c80b3791a

SHA512
31c2854543487e8e633717923c56fe9c1506be79c3fed80163bdf09f805d8a761df15a62a4fcd3e9c5ed734765319b40848b6048680b818986e98039f4813a33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30b55f72636ee916a020e6490ab2eb02

SHA1
8a92ee70bef8411c741638401e469bef1f223281

SHA256
a2b03b3cbdde0adbbb2c0c5994ef4d6a607fb92c931c2cd625613f749c093fb2

SHA512
78acebeaa14e715e99da71949bef90f57905e16e06a4df45475db3e6a6c4e6fea361aceff94abd1be163ff1f1f92f35f79ccd64447a460bbc271e270c26b64bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7c8c5e51d4ea51d80449389cfb6f67f

SHA1
6b6447ad5afce5e0c1527682e52cece8363d0a4c

SHA256
8eb64ac83d33fb3e00f79becdadd745c8db802f68998b84f39f87827d59388f9

SHA512
f8febb76eb543ea5cc2033f057617350a2385363f8108c819ec01ab12b0737c4a0515977b1a1daa693d5d1919a91b1303bda01fc4960eb9c7400794bdf19e563

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB1B6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB1F7.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit