1b98d27bd81242c968567d80dbf4968fbb0c33756e856dad8f0d99ad7cadba98

Analysis

max time kernel
118s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c7822d5b826cc0aae8f49b1fa9cfc35.html
Size

21KB
MD5

0c7822d5b826cc0aae8f49b1fa9cfc35
SHA1

ffdf2d1e3af235ee815c331d9a237b9a773f1221
SHA256

1b98d27bd81242c968567d80dbf4968fbb0c33756e856dad8f0d99ad7cadba98
SHA512

34cd22917d39c4a5ca0ef6c0b35cec77ff5a0ea08961ab7065bb0b0679bfcf9227e54702707fd79777f0a52bf4013351b28bfe4000cbd74ba60bc993ba03ed81
SSDEEP

384:FOnilR5UeR485DhIeWmLxl4guR4BG6epyrLZ4guR4NaQZKSwnLh4guR4UCMcEcGL:FOn8R5UeR4cSXy4VR4AJpyp4VR4oQZPB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000ccce6f9bee46f7b60edd4c24b3b2c4e4bfa2beb5f23f81b3e3cb136b5eff9633000000000e8000000002000020000000b1ac1f2d5546d0eb837d065f0964a11145ef3cc17c3c65e7eb9ae812585994e620000000f93153b0bfce5dc9dddb48011938983334c4797258717cd77cf5b0a4c5d3171640000000a563ee67ac98d8bbbb364eea1bf0142b3035ecd000afccce78a90e2ab9b9bdfa1e3c53af684e35f884490d6cab902a20d7546f9c865e21d780fa1b2d47ca394e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{809C4061-A7E1-11EE-943A-F6BE0C79E4FA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410191618"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20f7a370ee3bda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000005d4a4d5ceb94a2259e5b24d7aa649d616e1f7059e773dfa13de5ce3498cf9f17000000000e8000000002000020000000fe1c81f15d9b9c651ce393abfa05cd8f5846e8062e16f05e60368eb776b8d9a2900000007aef9024d279689209e82c0d846ad65b2d2d71bb24b18e9c1b67554aaa40a63eae50826caf031320327d2505d57dfe309bbdd016d3dcfb9a0cd63a6dd66bc35064c01b1106c779c979e152e68c14a5f905abee9d4b74d432ab91f2526504df633c525acbf5afbf9acdfa75bb06e5c5b33b85bec828dca7adff5304e81cf26f107ef91a0de0fad227060e9e9eee166db440000000359ae6c474e593949bca1e33065e90f4454fd5ef7979b572377f20b9559df8bdd62450eb58c600e003960b67a75e087664e0205df32c900debddb82f37a76c62	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2780	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2780	iexplore.exe
2780	iexplore.exe
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2812	2780	iexplore.exe	28
PID 2780 wrote to memory of 2812	2780	iexplore.exe	28
PID 2780 wrote to memory of 2812	2780	iexplore.exe	28
PID 2780 wrote to memory of 2812	2780	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0c7822d5b826cc0aae8f49b1fa9cfc35.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b5f8dd79f13c4c07543f5f8adaea0a0

SHA1
fe69dc67a77a38414d1036e8075d28950d404d28

SHA256
12140dd68da324af15be6d805ee93830fbd1fb7a60c4b5789c293149cadc39fb

SHA512
9afaabc824724aa5416ba849a2f0bb0d6aa666877f277954f913415b48a164805192663fa088aec9bc900d6025cb6e164fbaa3b28ba8cf2879282afc18a6e788

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c39f2581b14666e26e2dcfa83fac7fd8

SHA1
a1ceade3dc3dd96b541dcfc99455392758a13db7

SHA256
0655b51a2a4eda88c9c659b63a7be39f6b7d2bd2b13df22950cc06019a03df49

SHA512
eaaa7c5ba5efe8aaebd4b6b0c7afcdfbe89207bcc6110f8a68a301194062823894919ada1f558452f31a76e4888c4fcec21d5a4c96dc3d2a30e609966927b0c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95c65479c3b52e657d617192e06cd484

SHA1
4797f94866fa7b83d0316bbbe638a336d9114f3c

SHA256
7b13e02d6d92563fc478a5ddceff084aca7480428a0b15f392a2b8b10c92962e

SHA512
2c41b446f6bd4a69bd82e4b1c566141589ff39fb6255f8f2a4e94a4f0b1386546a2917d71801132d9ced1df0fa8dc58529c1ffc36c39c3be0485763f2c045a61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f303088cba432119eb294aaabcc5ce3f

SHA1
424814f4a36906f54673a207827ad6e36b98fb34

SHA256
02e730b53f96ca2f1d1f27425074d458a920f86b3337f03eb8b8b223009f51a6

SHA512
3fb01ae1ac0778187bb27108f55d710ee24406df02f9b71b65b59e311ccb86986e1871e78eedf589ababdcc95504cb00e401e818ecbd7f892404c15b2e827cee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2785df5b82837538c70c1fdd14d9e764

SHA1
c0c4a55ce902ff97f9ef9c0702de8f59bc246938

SHA256
21256d15437e82d6920c553292d26241ae0ef6ba600b9967ba85a546d9220fba

SHA512
4985059b8d05ace1f86fe74ca1e8cc0ffac97e4b1363ec1d15754e79228cbd07e7f6ddb5f3961eee08794aa0520180968d093026cb474ac58df56788788387d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
232fc37936356c3e95ce169a91f81fb0

SHA1
af62322465cc24ad6aa5d9f6fd8ee86f32a5b470

SHA256
4d627098dde0a365a778e4aa5d4696988fc77ed5ecd293349917d9c81d57c750

SHA512
fbf048dfc509b8084baddca8539ab0197146e6ad4930686b12ecf57ec8aaf2b20e0df9ad9338ef6f999d5ece07c948d27bc83d5063b716bd6de5b1da591be224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c0b2fa3bc7e6c36d5e8750295660725

SHA1
8552825297eb197f3ad91b69b19e2cc1507b9a52

SHA256
f3abf1786d52951777fda21a2e3c3c370edb65910112a695ea4eac6d28da3ced

SHA512
e6807aecf5d265e961848787074c1b5c247013c116b7bda64cf3872dd4aa7a9a976f8d9e1dafcea63851bc1bb7ef13058cd8ab57943d2760ada0dc9be755aabb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f480d071efdaddaeb3809c5ac4b6b105

SHA1
bc0c628587e9ef3ecd1731ad5bf693ef754f460d

SHA256
29819258748c6f67ecfc34104aaf17cee021b701f24365c5ed673e526f462ef5

SHA512
54ddb460bd2bf0b4fba967182617e017eebfb7494e379a6e72f82b7945dd6ca3932be5aed81454988e222ff09f6e901782297fcdca919b489fb15efb57eeac51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a55ebefbcb44f85cb7f8f99ffa2c32db

SHA1
795581f6189ee48325ec7495495903a60b9264e2

SHA256
5907c0d8d02453ddf595766a766b9733b3d9345b40d49d900c20596f1984d898

SHA512
5e25835f204167af5701253f5eef4cc16ee86a34fafd83159b48945d2b4d6568d0eceb77405b947d674a4c43f25ce1d174039954e34513492a0b68624822ac7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc8d524474ca8d90156488c712e09909

SHA1
3c4877adb1d86e1e16116203a1452583b3675fd8

SHA256
e3472778ec1b622897a6859b7f0c541466065137038c62e67f8e5ecef313028f

SHA512
821f887aeabecbc97346af957ef4d69e14ef5fc35877425de34cde6c6965fb8b8ff0798dceeb3bb74d58243d9177438df6ffbe9da2f88e3e59580c355e949e46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bfc1904191c1d1c659fa24d2d5b230c

SHA1
dbabea78fc212fed109015e8517c5fb11f9809b6

SHA256
3d1289f998bc3817d43a8b594ffaed8c1b19e2f2c2a8929653f048800c99af9c

SHA512
2b82d6967bee159973b150777271dc7f8b2047287f28cd79a8a57f6627eeb3df1cb26d991ea658a308ad5a190eab7a495a886d5c5e88f289f85c6d05f238cfd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dab8df543c7da7a11a00f0708d059d7

SHA1
0f2cce8b720cfa813d02498b4e544504009fb5ef

SHA256
895ebe5c5f285154969b1b46b0ad6fb1786fbbd18a0a3748eaf6e7a13b8117d1

SHA512
16c1e8da1533f1ab5ff1eac797eb00968a243d987996c6afb584c56dccf65cd3295d2975c9ece69b1370bd4bf3729575aee583ee5951c68ed9147be940ca0b5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86d5938477cad6051f78418595931dc6

SHA1
633952d55fa4f8893b57cb9f91f8c788423d8ae2

SHA256
67b87c66107c25d4ec36c2cb90e9a0593bc48241171946068a6b65599f7bf613

SHA512
b6890aff1bdb919259782b93f3ca06575160c42773f05e3d89b638ab31f28604aa31e4bb2a35444a932d6c9a91c9a019fb3987064aa982231b25b61a8ec99d67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1b95feaccd7ce62130ab4c6a446d5a5

SHA1
d223af0cba9192755c2f835e6212c4c9a8e817b3

SHA256
a7e24e37002b49aeaa14ee9972575ac9047890fe543b6fe0addd8608c33f106a

SHA512
53dbaf4970a8feb955c8feaf52d0024df1e84bccc243c0f36d1328be7f77d866adf07df423b818b9078fd234cf374ecb29849842737ad5a241cb978d6f5e3b93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc38ebd621d168c083252983fd6c8314

SHA1
af6ba6dfba10628a2af5a25318140c6542d2e7d1

SHA256
b7c8f15bd04009bb3e45115f731abb1cc14cb753d066696587051b3388c2c9fc

SHA512
a1278aaa5f1f3b017638da0fe27812c4ca29626baa7f922f2e8e95b78140d06eec0ff70e6016aa72c76d19a4e95ac972a4d7d8feac25350a36b566607df0df76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57af02969600f0d8b8660139fd0ed2d9

SHA1
f8661d981b09a3d3a285844a5f3c6798783d13bb

SHA256
bb3e72b81a268fee072c5fa6436c73f1f46274b5fbb205d601a359b959a5a30a

SHA512
70390a963042ef74d3ca96cd9f05f6af8558289f5bf6cb21737f0f5fb5a1eda8a420d266357480daa93324ec797d1b03bbcd638d0edbd8d06d2c01aec3bd23a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3A25.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3C3C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit