26a77f6b49a03629fce194084e88ea2867f2f7fa07434c1a0c8e622cc3a1bcf8

Analysis

max time kernel
0s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10306bcdd84c6d8fdaa3a12055ad1e71.html
Size

426B
MD5

10306bcdd84c6d8fdaa3a12055ad1e71
SHA1

0a19a3ae837bb39f5ca5dfeae224d90e1e9366e1
SHA256

26a77f6b49a03629fce194084e88ea2867f2f7fa07434c1a0c8e622cc3a1bcf8
SHA512

dabbeadc6d799d2f6563e9a1d1f72ef8545e2c85b99911157e0b6c50647c6a3af6b8a0768ce226483b61218905bf6ce26b111b3fd543863596cebef3791d40db

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E13B06B1-A77B-11EE-AEE3-EED0D7A1BF98} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2392	iexplore.exe
2392	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2828	2392	iexplore.exe	16
PID 2392 wrote to memory of 2828	2392	iexplore.exe	16
PID 2392 wrote to memory of 2828	2392	iexplore.exe	16
PID 2392 wrote to memory of 2828	2392	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\10306bcdd84c6d8fdaa3a12055ad1e71.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
  2⤵
  PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d71a55a7990206d9c52b7b0f1e3228f5

SHA1
1b27232d50cee1f4387b41d74007dacaa3da9fde

SHA256
eb59175cf4ed68a3fc1343d60e1844281b8a8b7aba8fcf420b4871d5f22f213e

SHA512
46a74082a8b1d043d87ecf4d0e99cd0b550dedc23b0e3e1c61c7d6e363364cd3600280b60fa9bcbdce61ab8c9b8a264cd849ff395b6058d1e106c1ac7a38ffdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74318f8bc37d525497ad47245b17e090

SHA1
35cb191ac5f7f26c8426cc1f3a60efe978f3d3e9

SHA256
8d8d079041780af574a76e54599837dbe6d15628416ae9f683dca76d1f1aef95

SHA512
f789ac94b0d400ce0f2e5f295f364ba0e84a637a9ea889774e6a19e58b96db34a3552cd22897f651ffdedc1a9d1152928ca6c58a5d8f14604ca8747bfa29aa70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3a73b03f87c48160dc03a5c4bd76b67

SHA1
8e93ae6ab938e6b1b2d8b0f27de15686c9dac9a1

SHA256
f7949c7d78bdec0c97141cd858feebe0262a100b3f237d05c66447cc82b042e0

SHA512
a75966aefa6cdc347f7f3d08f2d65636608f7192941f25f634a8326d1cafb4aaf1e802dac052b6783e1260d12ae398cb9e3c976b88d265abd3dcbe5b4a4a36f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7ccbd65df8a2fc4ad482f66d490f0fe

SHA1
5fcf724899704f320d1eb856de77e74ce8fd3741

SHA256
0841cc139b6495fa5e721827278bfd602a4422559ecfedea81ac4a56ca0c60d7

SHA512
eb734a2fe52805b97e289dafa0901294efb1c54ce80a11d8b91bc738544776c57a17dfafb19592910249407baab8c52fcf1cf8e0be1eb0a266a623a7218a585d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c277449faa2c611e472dc77d10b8fd5b

SHA1
d3d39a77a48423ce7ddd8ce29760ab1a572b7c9f

SHA256
3a7edf1b67d1426c4f4e1ba229265c472aa22b5a061ffd66d5b964741b5b7b77

SHA512
8c2f72e6d092f6404eb4dbc319f2b6766a01867d3a90bc6b30f53d7e081c4a5d64d391bcb65c53930d805cb70283d094d72ba71a21810da91a301387d9d72091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3fb2689b7c5d23b567f9e072259edf2

SHA1
4103b1c95280b9f425d572193b296389b2da8710

SHA256
89510fa74e8b5a2b3b3e70f5ba7758593a9cc13457c57f0f938bc4a06cadf51d

SHA512
68501a530d789d961f108ecdf9d7856a2e99f4663733fcf5d9a05522493ab6be8d3dc6019bda5afd0046f2ab626f6d7abae798d13f06e47d9105411244c3d0c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abf655dfdffb8f1432279b08226aa119

SHA1
c9231be1a54cc7a5cd52777203837e438000ef45

SHA256
85241b0cb3d13d8cb0789132014d13bba71c53186772eeca4485ca846ed1918b

SHA512
17af36fe423378ac166ef665e612d39802624c3150c4955aa3acf49d191fee4607b84c139a57a8b134595163be8a09ea5a844c2572da24d12c88bc77ef832414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91087392cdf3fd626c6866c7db15a496

SHA1
4741635ab99c886ba3040b41e65820f69257a9d8

SHA256
ffe12e005e2b639480239a0e9448d345a15b21baa49416af00d83595cf61c795

SHA512
990686646d6c946392d9b4447a4edd0fd4eddea84900279dd3f373682af19c2aa28784939b7a4c02983c9cc142cf7186f005a36cb5adbf6ba43fca227feaf4be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de60ed57f14b657a391367dc7ab13811

SHA1
9809aac679fcc9136c4e4654ab79c9b70931d007

SHA256
f1b1447c21a0232263c225b6e5b1afde15c5f8766e9e911358fc06cb9664590c

SHA512
f18e1cd3e2040d65ce0078ba6971b9ec6a02c3d421fcfcd18241394db0fec0ee9105339cf526f778e2038a7157a0cd839fa0c90c87d9d61ba96a844b475a5a88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ebeebd7d5d0f7a01df6ffbf3e779bac

SHA1
84bbae4dccff84356ce973776f79b5a1b626c3fb

SHA256
12921032a9d7baf868aa5fc5484fcbe5ea0e0511ae5c6020019091f72a273c59

SHA512
0d5d78211c163177405e6360033736917f5ec1332cb9f73fbc6de6a94db64685434f9717231cfb0341b012b377baefbde2aee0a983c20fbee0b57e47ba5ad43d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f3f5e97eb19b67fbc7c8bdea5df2208

SHA1
0e85035d32051c9c4069cf92bb4818d35c622875

SHA256
e70fa9d54de91755e2fd179ca0c5939535698eba5464b59e98463547e4c09b5a

SHA512
cdc73f32b060092b5e58726521733177feed87fe71caab5072346b1c074cc0cb381b0b43b9294a6778a90839ed355f423d0f2b446b810b9fdaa19d0c695fc625

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7eeb5e4a68aa37447216e32dc3132c9

SHA1
7b08e12a5bee04e723dafad9d965673c67fffb1f

SHA256
25ad441d04fc5cab14c0200270f1aebee93e877b2a65a8d32ab1e525e192b7ac

SHA512
95c9f9d05ca514cef708caa133ca8e0dbc75911a1455094c9ed277533e7a556f0a007dbecf8a0b0f710bbab805c747897e5e2aba25948f9d539e114d3499de31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f3735059f667081b208f648cdeb4d69

SHA1
99a272b8189136ba56e04a782414d39f07b75639

SHA256
bde14740835e20e8282a3f9d50cd7cdabd387076ad3c78144b296f4938f2d5ff

SHA512
48771a4739b05a554fdabff02b558c7b19d04a84f36c87597b5af58925b6888cbb55b12e0f7b091fad2b5c4b4f3d9e14c883f191759a4c23cd17055ef4f1d9ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ebecd1a2e52c85be330e0d99667528d

SHA1
ebb62283672ffd7b256e4b34e34e6088cd247c08

SHA256
2ffae4af17ff81573007991acf1734b408fbbc44184a275e9a96a90f27855ce0

SHA512
08764fe92215b1ac9ad63439ab32097c91884bd9936015bfdc84b7f454347801a8bb4840c0d82561a0aaa2ef4ae44cdf3f3b0a7d3180623ddcfda8ae76aca4c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11146a99698aa70f2885da42618ecf1a

SHA1
7167fc6dfacdd4dbef0ad516ed637f9320beab53

SHA256
02a5c82bf023aa39f58d8bafdbc4d912e9c3e0c41637d8e39f68c549b896d7c9

SHA512
f9e008a1ae984a627328249ed11e1d66e30531d8cd688a5c76c06fcddfd867fbb69b6ac0d554d639aa777c565b278a14d7ae275beb34a12c4a19478a19e4957a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c273eadabbb9016ef85a8a60a3b84b8

SHA1
770ce30f5b78531d61907485668de345bd2d8531

SHA256
3b170bfe59cdd617b9593c498f6e549826a8aed188d56f09c6797be98a1e4c4b

SHA512
36f55561eaf8fc3de91b4c69488a7c99b7b889df4a10c0d1548f145658fe8543be497fa6f170b4dfa39bc3217bb2228b8d7bdc54b347964c4442a970f991525f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b72adfccdc24d7f10f0fd3c3e9cbae16

SHA1
21548a18bb1e502e92d8ef2b3d54e6de77c54378

SHA256
69c793be4eb47b187103c3fa32a3043c19ed2c377cc36b569ab4b7da674b965b

SHA512
9a07eb511cdf10b85c21ca10b0c1e61092c98de41a1c2061b0e2339b9a726498428dcfccd616b4d1beb00d7f84bd7d0394b2ac3056f28af8c582bb732551d63d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat

Filesize
1KB

MD5
3fc48d9156d20998192d89eb6aa9a664

SHA1
21dcc5a3b4c0da1535b50a4983f9dfb21f9fe76d

SHA256
30a0d3ca3bc974d4c438c01a5afc7e7e6ca93a44a7a7b4885c9d39d8ad4e04b3

SHA512
b1f1ef561d00cd0829d19c27f33d1043bfa71ebea185a8c15107c42c84da05eea9ec036475ab4d12e7e5439748f41a830349011140f89d0f343f30152e207f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSNXCBKV\favicon[1].ico

Filesize
77B

MD5
c8a5d9c46d31e442f0b2c976e35baea0

SHA1
3b4ba1a86b7dfa84e73ec5d89c29034bc80f205d

SHA256
e78440ee486433e9d001c62160e9eb0cc74c5ce427e48b3a64806d0cc4a0b95f

SHA512
3906b2189ee7b6e67a59dfcc92f3bbb098231af8dac487a526a74c65b0439d4f25616bab3859a191394aa5a180d775e4d8ff5b27ad05a23ab7010e849929abf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab625D.tmp

Filesize
22KB

MD5
b347f3e8dee05b55602c69666ed383a4

SHA1
27c0ba2f4929edfea73235bce2f11ba2c841e711

SHA256
ea728794371fe7608b24280adab6162b5600028462e77fa91ba78af24b62159b

SHA512
339158adaeebd6cb8bdadaaec9c38bb79e4204c75c06c8eea8bc049da580b13bfc0bb01422cb3907e6a60b4f31d895af0924ef6a654edf05e2fcc4786a5dcf66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar62AE.tmp

Filesize
15KB

MD5
84c0efb72f5940206e9c9bc016b7224d

SHA1
b9039764f1235b931ddee160281b691cc2950ee3

SHA256
cc4c5e89ddd7daafc95725db60fa8f3001d9c1d8a65cbbe8fcca97a1c3790a7b

SHA512
56bbcc3168db7d522c2aa502b416df6aa8afe50aba62d53a642e84320eff7514c8d5b08f78a9bf027070e78ec627e478b83546f4fceaa9ec64f337825dfa61f3

Download Submit