02385c98e02f1bf0267378b1fe78448a0a60910f252bd921189d93240ac46222

Analysis

max time kernel
14s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0f793631a22519703a5f9caff537d575.html
Size

82KB
MD5

0f793631a22519703a5f9caff537d575
SHA1

923a8d9907bb0360a4960db71d62c28eaaf52f80
SHA256

02385c98e02f1bf0267378b1fe78448a0a60910f252bd921189d93240ac46222
SHA512

f960159c82e618d357627f10ef20b648b14b0f217244961e052b86c1a68d334908864efe99e9f781d6b114fb5ffb0c296f34e36d238fe808e82d4f0211c19b76
SSDEEP

1536:/Y8lzcVsfsP24HTyRQxDkPcXmNRS7OflM5qo3UI8VU/m+FATqivNJfNq9jJ+PunC:A4sP24H2RQ4cXmNRS7saaJfNq9jJ+PuC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE65BC71-A76E-11EE-8CEC-72515687562C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2356	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2356	iexplore.exe
2356	iexplore.exe
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2016	2356	iexplore.exe	19
PID 2356 wrote to memory of 2016	2356	iexplore.exe	19
PID 2356 wrote to memory of 2016	2356	iexplore.exe	19
PID 2356 wrote to memory of 2016	2356	iexplore.exe	19

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0f793631a22519703a5f9caff537d575.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1563ab648619320d4f884d80fc80b8a3

SHA1
ffb3707648c50d984e68da83861c8c4eccb3871a

SHA256
cb6a737caf1a9458c52b84e1818787af1cdf51710f938559a9d8568410f18729

SHA512
03738b6f36c473e6a01c683c9e46d56f79a1cb749fdb3d3bbba56de60179f130dbf96f28d3f4756022d8b5dc0d2840019b52b06d9c583ef981cf540560a9f9d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdd141fbdbfe21be7ce87371f0d4ef60

SHA1
204869a5e45468866fa27ce8d53f17fe98b517e6

SHA256
345c2d7c0ed1bc0be37e63341f04b6ce2c333ab376f7aad4829af25940af84fb

SHA512
97f854ec50cc98c5d955c4be707fb96c3e3f5f3d43caf61fc30a1f0fe83ea7c69b76dee45f8b1f3c2d75cea43396cf92ae6c4c3fdaace4731c92f6d717bc616e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6fe95261922800df32d18045553ab54

SHA1
258a222c21f151c79d64dda6c2bd522cd243307e

SHA256
07ea85cc2f20e4e7fe0b7d2100dd7be3d06aa5288bf67f1bffe2455da7a20424

SHA512
fb6fc4c22280d7d3b0592e1d73cf595d5fb2d6fdce38469829c00dd45bda9eef8be9d19a223326a0a842c19390be3af608d041eeee28b31f9bd3c2b8153141c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
482552018cfff9df86a2afa943f745df

SHA1
c9664679ebb21ec8e7687a852701ac70ddf8b022

SHA256
8ad47f9739a710f21dcbe125f55e4f548e4cc04b2ec6266a6d7a56e0b92aef2e

SHA512
6f7828a6964a791603f7cd15984380df168165ef870a1c92ad6793c0729ab6a0c9c5b2093c42515ee09ca47c69b57ae7fbfd54b23c91c3d7f9c642d755329685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9602c40c9295751848ba222d30a7b381

SHA1
a567c767d74504488816b4cf29d2fb11136126c0

SHA256
2da40f05d476983dac2df175ce7da7395a12bcc09c18ff28fd6fa298daf3a1c3

SHA512
f2356ce6e48c2ca61ae90500b11ab5cc9a0daa70340798ee2182c3e0c5ee8b7fc20bcf3f45f8eab8081f866674b4bcc455aa3792e400660bc02072633b2b60a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91e668d9fdbbf96cae77a394652d2cf8

SHA1
89bf65c34b7ebbb1f265d2826733da0e07f7319a

SHA256
78caf6e2ec80b12a9538fe612e7deda7dc73fb0e105aa333191a569381fa62ca

SHA512
6658e2b84584e2c18fbfefbd6bb1716547eeb80bf98201b9b35f65b12a0abc7d5980ebe3cd7d84a0e34174084cd76c83b14d2f200c97fec15088c03947e0e7ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b95ba8ecbbc9647fa3974d8a5d4f25d

SHA1
af951497a4d459710bb6dafbd74b64e586d2fa99

SHA256
27b357c921d4db54e0bef32e5b72bafedf023ba875d4b134582f9d222e5bdad6

SHA512
25511e781f7634e8aab7241df3b7c59a1bd7c609851652acdd3f32366ab0ec46d5c1078f0cc7bb3e13198aeb420330b483eb663f8633baf6751a12e06e3ef4fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d046013cf41d44927ed1f3865a116d9

SHA1
1d6615a2ac369d547e467297fddf5a989312a57d

SHA256
a30cfcc117c839936334fafb55f2c84247fa6e9c38ba6585105ec929459e89f5

SHA512
c49480bf06e63eb4d244469257d0a9840efb27a961fc4a795cf3e6a8f982e9028e747eb41c88074529df601c9e4d8e42111c9669ead0325616338af88523cc62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12e571b21946ade40c5af250392a4a98

SHA1
277efcedc7295d3ecc2de6648eb53a5d044bed10

SHA256
ede526c16cecb05bef029a6422d24f10a588387d1c71b1f7fad426fdd6a0e068

SHA512
47af032e881b38bd2c43f029553292c16bb5519afe357344d9f19eb11ffac856bb6100b8e3c1dfb58af737758f83df4185c408793d69264e37372fbcbfc4de87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1950339107f1f95ff52f1e97685f86b

SHA1
5d4d5e13d7920d946b65650499d81c8a439c2c3a

SHA256
52fdc13a78540eafe054491ff038893e33629a643675d1617f10ab40497773cd

SHA512
21e67fd672868d8fda3ccdc6e45fbd5479cff1b6bb62966c42d46312fcaa741b5bb95f64477031dd5ed4e0bb562c566aa7115a3ae3e0d0602546849afda7d16d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
93452c3ffb6fa409b857d957e9b4aacb

SHA1
de619f38284c41de52c9835e7535d98253440cf0

SHA256
dd731c62dba9238cc86d3c5da8dd3d2b6e67112c34f3110727498cb038c79abe

SHA512
c9b2e2874e4df487dd99a3d71db782d3595f20d71b735b358aebca16c1dea37ddba7b746f46637b0dbbedf9af9ef662ea05afe76681575cde56ed1120bb1c92a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar195F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit