c170f7c2dba68574aadedac718627fa1a8d49aab1544723b27a34eb94167cd05

Analysis

max time kernel
0s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1033488939f9fb7b5ec7d7bbd042b045.html
Size

2KB
MD5

1033488939f9fb7b5ec7d7bbd042b045
SHA1

9a449ee25893bd1b9cf6efd83bbdb0e0545b1b9c
SHA256

c170f7c2dba68574aadedac718627fa1a8d49aab1544723b27a34eb94167cd05
SHA512

f5f449b0e9f1b74f6dd03e0998fd133ce678c2001c9d613a844a1bda611e826c87da552fb42d265b73d44a1661375b774f2558e78ef751289449c39ca40e61a4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4CE93801-A77C-11EE-8CE9-D2016227024C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1716	iexplore.exe
1716	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2208	1716	iexplore.exe	15
PID 1716 wrote to memory of 2208	1716	iexplore.exe	15
PID 1716 wrote to memory of 2208	1716	iexplore.exe	15
PID 1716 wrote to memory of 2208	1716	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1033488939f9fb7b5ec7d7bbd042b045.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
  2⤵
  PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c0a79039724bd07ca4f7defc8062007

SHA1
a8cd3016eb3f0357813e61cf0ea74fd14b004145

SHA256
0fd8732f3d427ccfd287900fb7ef5988235c39b94c5118ddd2fe2bdc4ddbfcb4

SHA512
2e7f36695a260030991a748c93ab8182ee67d09cfe899233ba49a91fa1d19b337ecaf23f8605aa91bf2eadefdb03e069d5f2889612c80145df81b079fd020f3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea5ec37f11dcba3b6ed04f77344533c4

SHA1
90ad75f288529d4e1c586a8ffeb9d9243a264fb6

SHA256
fd751f193bf1c3c6987b393cd534f68f9b3dbbdaa0584e86a0d1491014462288

SHA512
99bfdaccefb4736bb1364568bfb8ded297e01b5e8d0c326c658879eeafd0f454175e2e09de12c6c37a2933383476428b1b439ee9fd3edb556fa2f03c3f922927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41819ead3b8415cc824beb432c74079c

SHA1
cedc80528684e9d71f24872b90b8971b9c331290

SHA256
739cd8f633128f07143b0b809a79cdb012af634d20c45d1c3ccb50ca587cfaaa

SHA512
7dfb06ca283db52c2f79de5170c43473db67007f2d504c86155866643d4472a00cb1d72100c374e753c5218dd51b46f66b7d96b3e3ced79356b17d1e15efc4a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d0d3d2125014f78103293fdf28932d8

SHA1
16994db35b3507b7ffb372469f35e6f7d546a3f2

SHA256
db87a7628c1eb0f9d8778e0f3cb724f34297396eba99d3859e1fbfe59f9d706d

SHA512
ec9f9a7b1a9a69a85bf9379f7a975d6d3ed2a901fb5b7d79cfd930e86087454c0f2f4fea9306f6c21e8e8395855e26a3688c942dde9c5624cd15112bb347c976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32a7e3ce6a3f8d2c73468a9b7fa5485a

SHA1
576e6d86242f4b8c04ae1261e654d368b0de9e4c

SHA256
fb65eea511dc645cc53c76dc2d2501a933caab3fc5acc95beffde55eaaa678d9

SHA512
0e72c0181796592ba19ce097f95b7fadee4e44e479b865ad456d2d93ecfddfe59bcd722ce9fdd6d82a40b03cd308f69fad912f2ce9bf0c0bea246599c7c5c3f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f08b13da3bd084bcd3b6b6eaecc9833c

SHA1
ea7a08cfe8e18898f2d4b84ad455707125103450

SHA256
9e323e197138ddbf2617e201f461a0f290a4cc5a4ba56fd3932fc7f2697b801b

SHA512
25cd58f666c471e2816361705dbd82aa47408097b9c5fac4c32226032826fb9cb4b2d6cbe10daa77bc78a560c855e10c925238ab39021b76a50621e227222c3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2cbe8739ccce99c7c361743293f3639a

SHA1
62283b1e9d237249ec1c04feb4f0191ae4eb2a6b

SHA256
7e75665e0985951da2a100fd2bb5172fca9b8ebde7714c247c86e88df658250b

SHA512
87c58c760b90602796d9e18a64413b2949bbc7c72edb2088e9070a6c593286641a24cae233ed9aa1c99c96377ad19d925a873829380d6a4dbf2c9de6da078c58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab31CC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3E1F.tmp

Filesize
102KB

MD5
36dd17cbfd081962547267bc856a3f0f

SHA1
0887f87d4b88bc66bf399ac9018ca8fda145e01d

SHA256
9c5ae9f76f846a97ee0ae9c8135d9cadf4937448641485f3effa09f214cfaf1b

SHA512
1a47ab39a137d4bba9df2c192e04393e2e95f3c956ca7b51d89f9077112e759b9ae7af55884869fc2db5462215f048f1b71ebaa7b9341506742ff25f42f98195

Download Submit