9a255cf5d0c60f411944879c6d5ccc02c490a3435f9b4358fff56baa8d8f23c8

Analysis

max time kernel
151s
max time network
157s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b585871c060515dde06b2bdc342230d.html
Size

2.6MB
MD5

0b585871c060515dde06b2bdc342230d
SHA1

48b88e9da6ab6cf053c7f22fc7be76463bd58d94
SHA256

9a255cf5d0c60f411944879c6d5ccc02c490a3435f9b4358fff56baa8d8f23c8
SHA512

a2f4feac68c457f7482af9e4b728b9d170dafec35ca2a71fe81af943fb8c4712fd944bc33a6ec53a7036e55dcfbac373a61dbeb3a4cce39d794736eefdb9a045
SSDEEP

12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NNA:jvQjte4tT6TA

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410173079"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{497273A1-A7B6-11EE-9695-6A53A263E8F2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
308	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
308	iexplore.exe
308	iexplore.exe
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 2708	308	iexplore.exe	28
PID 308 wrote to memory of 2708	308	iexplore.exe	28
PID 308 wrote to memory of 2708	308	iexplore.exe	28
PID 308 wrote to memory of 2708	308	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0b585871c060515dde06b2bdc342230d.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:308
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:308 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23fafafc6d2bfb6f608bac17e8d88ae8

SHA1
cd27dd2719b90369e05b65e80db8a4070a531588

SHA256
4cbbcb80f042a48dda4c62e945d572f18662ef3691599f96248eeb8bc62bafcd

SHA512
86e0c7621f4ec9723ade7d0fd5a7e8a22b528614e2d8957d3271258cb8a580f1db1da959f3d5119956d496942c43d9a6caac05cef149ffabf77878c1bb2872e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ee09012354c3c48e04a407d5501981c

SHA1
c2015f73de18f18e7c14c5702536d726a4d0237c

SHA256
d1238c9772c24cb16eb3c43af7139e3c36fcc22e3c7288cb1c72d5d89d9ec6f0

SHA512
48961b9158da0326c59d78effc48382850c2594a9352df09395be64b6e528dd98dd06f7956972f2fbc39c5b9055477896139c123d9c4f1c81e3bc19b9e678304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0beb3ffb3641e6666a273840dee32881

SHA1
4f59c806639e637ad9ad8eec3cd7b7cda8431eef

SHA256
73499fd0d08b19f202045271030744163c5cf476edb3d605f6b9695e7e1885a0

SHA512
55fad8243a391bed56254e770f1e0af51cf7f8c51ca1371ccd1121169873b9725476af4506f8f5679fdebf791d871b8dc0d50555d6378ec5ec76f6b0cdf5adbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7907c4dabece96f2ed9e1b4a9b6c0ab

SHA1
22d6b29cced9d402cfcab677f5a36b7465cce6fa

SHA256
8f727147ccfe61b9ea9ffbc113c43e09544c9fc97c5c994460d4396f18fa455c

SHA512
652ed8561fb8c096a148617353acbac64fc40cb0f05acdb4cfffe2a1c397abaa46216ac8189fa5bfcb5c55e647d083b8ce95f40b792d36baad51f193e2d2006c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a05b2f05e81cb61314bf37cfda84596e

SHA1
5779580763dd668c662fd7cc6bc4dfef5df36ded

SHA256
2483995159613531f67d35ce6b4de1d5c643df57d1dcd50564a2456cd5bb768e

SHA512
b078024dc2935ecab869f222535c06a49f882c192f3604fec67755aa8b463f997b0fb13bee40a9c1bf155fee0bc10b2fb9e0320d83bea30c50ec66d646f7462b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfc7e626e00a01adcc9f8d967899699f

SHA1
c73848078ed1e66fde67fa6b2bb791e6df036f82

SHA256
40dd316c9ebeea68116ffcf9b89764e39ce8678d199881edef8372c5547c8fc4

SHA512
6d15d95528ac58a8e02904b69b423e0261de3f8cc628ea04946f8b889091709c0079ce033ddd5cb72725aeb4496bd032dbb47a6f67c91fc100d1448259806dea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6dc05df617272c72969df30604fffc3

SHA1
432e7540c62a8336a61285762c022196ea414752

SHA256
035c321c1abddf950c50c9de5b991e193b8f68ce3291c7c102246ddefa4c1e1e

SHA512
742cc9d341f99328dcaeb4c5a293e6a139160aafe03d0b1580f53c842a4eb6a62944b6cd3c7ffa5b55eac3efc0286c848355b07ae031e0541dda9765b5285394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e597d81a3e9c0b663eb2ec8fc71da295

SHA1
a664b28d924563de90d2f0fd8ea9be84f308f398

SHA256
620b2e03fdcf3eae198e06a3c76b82409f17448fb69f336e9138e9cfd8f65e26

SHA512
526a37f82ff8214981b7028014a22d42dce37d70a73feee02dd617b2bdab89c997897dc83412a064faaa350ce1715df867e02874dcdd821543601a7f29197824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3b70c8daa90284796a5f524ae77df4e

SHA1
3c40451e63072bcaec49712f48405a0112e6d36f

SHA256
067e558f2fbf10d11e831ec7a23a5cd64abaa3d5cf6b3c5f8a14bf499d11046d

SHA512
37eeddb1c92a63a5a06c1c93fdd2e477d6d3ae3062ad97278028c18ef1bf72d96e7880b5f9d3eaaf680b8aac22f77a30f64353e5a5359aa1362033417c8a03b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39a1a59d4da739e8c7061cfc7d4cd849

SHA1
24c88583df77f3dae4991841c8e192e161fe53d9

SHA256
601cdd8a315d5bd50ffa42c0e21e571acb15f75dd1b04bd6efa1e9ea665e1a65

SHA512
f39b3f1ec56f088ee0e6b2ea0255f5abddcb9743dbf3d75fbf80986d00689f1a7688e84fbd103c0bc5ee21d38ae4cd3b6cb017211607d2aaf496977b80a86be1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5663d911de29452382e00d2d589fefc

SHA1
07ed055b35ae015930eae77251f389b10af77cae

SHA256
bd6c3fb818b0e3debc09b28e5bc0f4272a1126cf8cb68bfd5e182c4ff2b5e42e

SHA512
481bc4266944a1b9f5d7fa552102dd95ea308ab07d2219cbb005dd714125c914b37cf9878e8f4119673e9367adb89a044fa62c0672d259e31286f6053ab61750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdae8a0edc53721d78257d7f9c9f2e8b

SHA1
7fa83c43b7a2a6b88b36b61553a5c2a543b305b3

SHA256
39d4788ed2f4fc9ced877e4a4baf04f463e9477197069e744f3a2f0440b89b10

SHA512
56d671d22ea34d6213d2459089594d93a73e3171739e911331d73f5e276e4f260d44256a3803977216665087c01b029cc2c592663bb530b5c1f9416fffbf7428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
408ad1284cf15fa45a6a13723aba6bc8

SHA1
f23b6200b4ec49921be5bd761f1d5e49dbcdcfd4

SHA256
3f42f230816f967c84aafca22ef3bbf19abe0befc7fd8d85b27d470f87b61c03

SHA512
a353398e0817745910542fc9bece14f2252e925d87ea14bebbb784afdcf5d85d2bfe9aca6a8664b0818ab270abc51e07e662a09edbb6b7f72f6b3d62a610af03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a1ee1e27af687e41ee08134c27fea7c

SHA1
417f80a621dfdfa80aafc1c3fb42e3902c4eb849

SHA256
9ba688a4abafcad3bd722384db2b73b66ecaef07dabaefe9f72b7e26a46b1fa1

SHA512
ce4fa53eba650d7cdf6fc9eb8dcf0c40c2588e1f05c7791b882cd4d43b3c14b7cdd36b5f215d92cd4263ab8817dd4b4125489b94358aa2f0d6497c821d3d871e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff7afc94456d3843282c7c1c4f226651

SHA1
049b0c700d058e55579aad7b5d567352658d9ba4

SHA256
be2589f552396187caf9a457a50a5e5644d108434ab8c28723e5e6ac8ced2a3d

SHA512
a6cc7a0c654dd505857424dca05e32be404ee87ebe8c49706e54cf0fee2eb278cdfaa56218c6ebea385764a22dca69308c74eec69716329fb366d6b27a03ee54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ae085928a9d6455073dd7639921c80a

SHA1
e08b7b535e5bf941e3956ced02c0eed993891949

SHA256
493fb644e30f8e8c2c00683fe0e1abbe19a551ad6a3a86251b4af8ad5b26e8f1

SHA512
2cb3d74c156e315e384636c8839d278cc3db8773a14c36049d5aa61cce9f8a872709f6271d1083586cc89f4084013b3deea1491edf6bf49a87f4d5f8e15bf884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSNXCBKV\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M61DDFBK\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCC55.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar107A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit