61971e87d30a68bacfd7ae06aca054ce245d6be5a5c46ada4d249f3f3300d4c4

Analysis

max time kernel
0s
max time network
143s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0faf610413ab3d8be7bf16b876d551fa.html
Size

56KB
MD5

0faf610413ab3d8be7bf16b876d551fa
SHA1

dea4e9675f3af28b01ae799abfc13dcfd2e9abe9
SHA256

61971e87d30a68bacfd7ae06aca054ce245d6be5a5c46ada4d249f3f3300d4c4
SHA512

84a594fe7253bf97dec3959fce95856bf58bc23a1db1d10493b37b19558c435655447b6ab3477cd0aa456aa5eb9ea9b16725925d999d35acd63b833d281f51bc
SSDEEP

768:zLNpHvvCIooFNnWJDcifzW3Jy/HrgafRhRRVAs:zrHv7oSNnEDLfzW3Jy/HrgaZhRRN

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B1834E1-A772-11EE-B459-56A82BE80DF6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2856	iexplore.exe
2856	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2592	2856	iexplore.exe	15
PID 2856 wrote to memory of 2592	2856	iexplore.exe	15
PID 2856 wrote to memory of 2592	2856	iexplore.exe	15
PID 2856 wrote to memory of 2592	2856	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0faf610413ab3d8be7bf16b876d551fa.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
  2⤵
  PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
2a81393c957fcc30161acebe8658750b

SHA1
8efc41c8aab9e444bf5391d9219f61c0bb29ba35

SHA256
e49b47705c3625b4e140a42c6b7576e7668fe50f2a22ac0f318473e5edf6ee55

SHA512
76a07af206acec344cadca88b20e02a693eb20d92cebe2dfb16c60e267e74374bec3e010675912d015b8129beb468f176f317074294d56d61b87608cf7c61d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
740e910f330b0568799e7a80abf3af35

SHA1
603a200db5ace22ff37f9d55565f20b6b5652d4c

SHA256
df50b61f5bff5a694a66215b89f8e89dd3398dc8522b648167e1043d2464faed

SHA512
f47dd479fadaa9e3d65346e664f09d4984a2dd575fc69884573d7bed7eee4b89ec5ebb289499eb3685f8c9bcbaad1c6024556d1c6e20d9e402e4cb33e58a456f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39b4e58e4088c8fc53cbec5a7c815123

SHA1
49696e63dc994309e91fea4c094d13c53cc28a83

SHA256
98f78689b240dd7f89cb074df1801b5e75be0da4b84fdc9e277acafd1661a2a2

SHA512
297ddf9f26010c31964a4e960f6885a414543d97a7eb66a95a236262b23feaef8af9200d6fdac433047f2db7de93c94816dad9e11c0c888ad35bc4f894996cf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc0b0a4e807aeb7236c2210269fd9fe4

SHA1
8281745b0f3a3de99b5a8400c6e1ce2223d23839

SHA256
a492282053d5e8bdf6f19565adeb1a142175b651f066861fa75b02b5a08715a0

SHA512
8e7159fa3f2a9f6eb61708bc4471d47e4f1eccd49c41ddd2979426d328ad847d5287a4c1f667dbafaf3e9d1ee64340cd8208cd3c0ae82de1a08e9ff4178acd72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2de1588de3b2fa1db5feee15936383c3

SHA1
4f0061e8851e46f4c274ded0e61602822c586a8a

SHA256
63d62b7027200afe4922785bbdd2cf5584f5d9c3b5ac86c9a3e825fa5e684e9d

SHA512
d5e53cf94834fd86ccc54b45f64b48ebe60d435ddf8160f4cbfde36e7db0c5b9770c83bc50f75ec10ddeaf956e3b17c1ecda15459cefe410dc9d2edcb02bcf29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3312ec131ca46682b3d2939eccb0bee8

SHA1
b51dae48a1f812d82fb0a5e67aaff15d5b3253c0

SHA256
26f1ec8499eafbff4369a380c04e29feb2f501efcea6a92046fdeae816c9f0a4

SHA512
981cd34132b134a9fa8fa2eb97672f43866d02ed7a8b03e1c6d3ea2933d39654763c75de409b9da6ba393f7de0ac49c310c3c7631ddf631014e9976585c995e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe6fbb3c2efc80c1631470279d86d86d

SHA1
ce1636baf833d2388165795e0eff636e2b0c1f3e

SHA256
815e8dbd9e0cbb195866d996ea932a25f8e66c060056f2e895b9171a0c7dec17

SHA512
f58fcba584ee04223d8ccb7216b06f2b6df8711d8b720d93309d41b50f02d3ef069e1afd517fb1488536bbf54ff4051fefb8fb36d3433bb9788e5f2ea8408958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9240b37cdc3fa177c9c1ff333f782f9f

SHA1
581f91fa36d45235f84fe331f3c5426b77ba7d53

SHA256
654e83f8537831fc5f5c60c1dc005a18b421ec176b869db09db4641455c7eab1

SHA512
7f59429cb15970d484fe4720f0596b882dfbe5c8c249a0801a07573b69d9f750e36ef98a68d28abdb8692227f1991588bf6a2689fa710020a1ce254c036426bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A1C.tmp

Filesize
3KB

MD5
32bcde456b80402938ae30caeb9d48f6

SHA1
9581aa6745f1add2c9944028d911fde62232d27d

SHA256
5a78f99864cab22f721b448cbec391046a48cf0a29dfd8254e0bffe231669bde

SHA512
5173feecb3b90c69159a610bf0e00a91a272b184fbed00e5d8a4e2f65b01015cf5110966d753241e96ff303a851a298ac6966166aac75fe5e35c70e1c50d93ce

Download Submit