09daf7f958a6a25d290e83d13299170cd1c4711180786a3aade11429c22f2c34

Analysis

max time kernel
148s
max time network
140s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b684a0da05f031221b069d14200f596.html
Size

77KB
MD5

0b684a0da05f031221b069d14200f596
SHA1

0e77a64e36760cee36fbc899b18f6c427aedc389
SHA256

09daf7f958a6a25d290e83d13299170cd1c4711180786a3aade11429c22f2c34
SHA512

b41e1307be6f8cffd813d6bd3b540e9a0753e82f99dd5f0e9b4e2390ddfd965556923fb2665c765eb107676e7b41879b8f96a80941a73f230b3aa5593cd03f03
SSDEEP

768:/8EzkJZspD3gGogdoiE1UlGDWdJvLc6ZvLc6xOegqXAuG22Jrx2SXE:/8EEspD36gdoiGDqJvLHZvLH4erGRJro

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EF768E61-A72C-11EE-A7D5-D2C28B9FE739} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410114066"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2164	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2164	iexplore.exe
2164	iexplore.exe
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 3012	2164	iexplore.exe	15
PID 2164 wrote to memory of 3012	2164	iexplore.exe	15
PID 2164 wrote to memory of 3012	2164	iexplore.exe	15
PID 2164 wrote to memory of 3012	2164	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0b684a0da05f031221b069d14200f596.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
292087289f3eeeaba3c4694430f38f68

SHA1
7e6faaacf589525537eedcc816ccd21c30728b4f

SHA256
4ce83eb17d7e9f7ac4bb0101e82c2eaa91131cfb909bb2fe12b842f84107c967

SHA512
54ea1b19d5346425569dea34f6234824902dfa2e045b50aee71bf53def949fe9bc253e6a941c3c8bbbb63726451a04e450a38dd91f1052404db11bd3768bf0ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
189ccd444c7cbec25d521ab3d3724f05

SHA1
3f01674560bded843a63e76b67b8be7681e3afc6

SHA256
8cc5153b42eac53f5d3d957efef0a8e9ff14551e4b9b32ded51aba6315c6d49e

SHA512
29072683b062e5312946f2e3ecde30c01f7e6321d0b834384f0ecfb415a53470a7c2072335914711a129b17e9a87c36aaff7c8d3d1064e1f2b7e0dc871f08ad7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4fb6273054974df5d56cf8f86074a11

SHA1
1474ddbdb16dc0444d0def79c3f4f5dcf85e838b

SHA256
bbf2f58d691b506b74b03f4f4900c01d0ca6160c1d48fd2a7f49a608f1cada76

SHA512
50bb00915802e02eb419e30533b8216cbb5db7a87b0b4acb4a0ef8abdaa435a1f5b025f9f9f5ef7331e51f4381205cae5817ddb9640e1dc7fa5f3164f1c0817a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
459ee676ec5b7ee65f11ec9cf229df05

SHA1
e2562d57decf733d55cd70dadc4f0278b842d18a

SHA256
2b48dddbca8d1a999a9d4e8f0ea45c55d518913e8f57becb251e84abe406e01a

SHA512
014e7fa898e6f9745e799ffcc5a6d037567bd795a6cdb9e24e3988784aa4bfeeb21c8029361b4c4e02dee3417818d678a4d0d1f0a3fe55bf0cd29b147d0ea966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1c1321de4b8cdd69ee44b149ad33738a

SHA1
4bbce7c2a96be3d5ea83c68db86def5d132f0626

SHA256
fbcbbea2ec8fad21e8ade8d5e1550061aafe3e301143d025df0906a0dee78576

SHA512
ac51d16ae83fd397f0b96f2d74f8bbf90952b74b34699ab555287378b3a6b7c8b1bece61e32ee18b50918206b08afde79f8bdd0649d81aa0164c59db410504af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0ce1480b485be6cae10d914e163b89cc

SHA1
e0cbe512bd31208d79ed21f32aaf7e443605f1cc

SHA256
79664747c5122e690bd805e70260d41ca5e949ced678382f5111362b51df3ae1

SHA512
6fff3534ba4b9abdfa1ac9167be7d5378bad1944cf9abcff9ffc95b3ad8b64d649fac8e6b9038428c01fd6d1d7e219a1616f810d6fea348e608bac88d1b57dee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
cc259c2dda7dc2b66a4358c8fe8ed2de

SHA1
5bed46e56990e9840bb89b6b521c1c420c6af45e

SHA256
48c034240f064995c58ef383003b4863dd4a0f43ae5b5782c6e49eca502a2be8

SHA512
4e81ea0e9b8839e2b1e37f6b7930d7a4364d82e3c94f86105b2e0aa1bcb55c52040df96a6dff672486476284974d48b869c3719edb176a53e3998d69c3fbda41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
be12e6f9aafb05adac87355a79cd71b2

SHA1
644afce0d30f8c137f344e413636aec3656792d1

SHA256
a25c0f6c951cdb2ce40c9937d0160997ba0455fac2962d0640b543b990201a26

SHA512
271965a099c54bb98cbd0ce30287617d6abcd700b6e2fe6f5fb230f206a7a9eaa6b3a79b361ce2779582201c4096fedbdb6a6cbbdb5b02ec304aaa9354cc8fb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
eb18de05ce774277ac18ea9b29fb855f

SHA1
030d30af87d65d438fb05219d8ddda4b88a768ee

SHA256
14dfeb88a835d2332714ea68856f30c3958333a94829b66a17b28216224a9f8d

SHA512
532965362423b6e743b0ca634c8dc1d0cf15d320a680640849ce0bdbc95d1353f64e5b28089b24cde8f2c1cd721b2f34aa9d311c391e9414423b4b2c22d168aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4dfb1b549b1dd49d174030236f20157f

SHA1
935aca877ececfc2bdda1399a1311d0eecb4cd27

SHA256
2ba6763c2fd72242b38ba48dfff82606000610c555af78a3c36092298e3a11ae

SHA512
b892224302b0e82e2fc0acf7d2b4a5e3fe40c42a6f5f347f50fa7202ac32201f5a5a9fa8115189e2f74adb444acec2e5dadb0fd7cc443af48c4398e5dc0c588f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e0c56c660392e1f595bbe26d0bf2b7f7

SHA1
898c3f88e22b4f4d052a49f3573bc369f68cdd54

SHA256
ba6eb9af1ab4f07c736a2f8832873f56c97ad792f081c6bf18246c4af018174d

SHA512
bfe44da792ebd5c54717f430894acfc94ee0d054ef4ce0d8c2d81a21378b7dd6da1e381885c76a2bc9b21f43979b38ce7609bfd8dad1ee13a64a3e5d470938ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
88462593ad3cacdd601f03cc753450a5

SHA1
bf226d4b3870aac816cb69864463387ca4d17c9f

SHA256
9e54f68de145f123e2ce84285caf25552582629d6372fd6e7fb6f2565a14cf6d

SHA512
9cdda755a02dd6f136e6e13ecd9aa63b268b070df1851c6cf4217fa1e30cc7131cab08fd9e5bb64dc65a3dd896143317263e6446815028ddb1bdac46120fcd5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d928c9ea90e4568692edcbe38293ea90

SHA1
c50d737deb8624afe0bcfaac9ebecfb5f99fa944

SHA256
37784d5d0a67745d8c2572da24a033aae12b22bc55389af83dcfebc69a0833a4

SHA512
2ff5bade2bf24c5cc75677a197654cb7a4c0d2d7758608b53aa95ece318d39a51b55f7d340d5cb86079b6477d8c7bd1a3b6b8db1b5a0bb678cc5f60c1dfffa24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
73ccac03eaa31ac54312e697d80d4d95

SHA1
5d903c30ea27466ea3a9b46a172f7b29980af05a

SHA256
461a8863fc32916f272d955b9850e372b74ea0f9c184b28e026f1fc8cff76c75

SHA512
fc95293dc921138999abf5814d0a25850eb02986acdd22ae1f0f6b6d40eb24a5d800032ec0737df7186011cd80d8e86f5d9b4bbcf4a9c99d0ed598d037978824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b80d0a49736ef8cfbedc9a4ef1fc8f65

SHA1
4ee8dcaee803395ee301b46f90ed5110dbd22e34

SHA256
cd6363e001022c9f3c3523504e6a6090ad4e5668b37ec33255218996913b83ed

SHA512
cc9ce321af2f70ab2963755b6decd62a4c6b7312f8f2ae900d5ae24741c9550857e52e9ab733501a469e88fefccd34c73082adce302401974acca2e2f5e927c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U3OZWAL\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VERELW5L\cb=gapi[1].js

Filesize
101KB

MD5
440d4aa496ba688775dc8bfc95aa91ae

SHA1
d1e9d241102550ec9c80826a171a03b23fd19aab

SHA256
214b93faeb19b74d0b10bd8491ca274af26582c7841b389cd88648d3edbd4a49

SHA512
dc979e186b96750dcc1243f3c0949298cd82883a0c74acb445cdb6c49741b77111950c59edeee50e9b82d0d598d015f74e536b3695e9dde8f304681b2d48b61b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar151B.tmp

Filesize
98KB

MD5
371aef904c2a44b47aeefa7c5bb3312d

SHA1
b1058296c351474166e45ea27423122bb191efc3

SHA256
0836be0716e46b765bc8c79b573e98af6e058dcd5ef6a6f38e29f30b7ad77ad4

SHA512
8a40153454ad5319c7e5c6c5e6d818a483bdb3bd4a7d250359e8d393ff87378a384ff007a80ee9ed76243f83a7db1662f3b0d5c7debfe704fff8e724f7886812

Download Submit