54a9350361ca315359321c96beadf7e8a8e3ebe887e82af57309b417eed11c89

Analysis

max time kernel
1s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1083cb14f78ca623b5aafd0fe79c7c7b.html
Size

3.5MB
MD5

1083cb14f78ca623b5aafd0fe79c7c7b
SHA1

91a30d0f7008410586b4d12587014decc0140462
SHA256

54a9350361ca315359321c96beadf7e8a8e3ebe887e82af57309b417eed11c89
SHA512

92440694f1d6633d4631e3ddc680361b2c8a54cc8c96fc4d1abe88d083e22b25cf2647fb76e8bf934fcd3d208a5bd61eedfdabe0f408744eeb223c143909f70d
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6N1o:jvpjte4tT6zo

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{72F36461-A783-11EE-AF10-EE5B2FF970AA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2036	iexplore.exe
2036	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1340	2036	iexplore.exe	18
PID 2036 wrote to memory of 1340	2036	iexplore.exe	18
PID 2036 wrote to memory of 1340	2036	iexplore.exe	18
PID 2036 wrote to memory of 1340	2036	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1083cb14f78ca623b5aafd0fe79c7c7b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
  2⤵
  PID:1340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fcc6711abe968586cb36af436e4b23e

SHA1
f55c369d1a684e5a073d60f20e364ec66f7912b4

SHA256
4c02999498f002ab68296bb8940543a2fd872e10bf92d8110958f2feade7ac25

SHA512
edf6b1d9f8f09eeaaeb8cc51384858a6783922f8d4ec2ec28b5b4e0b7f49e54e54c124d7c841dd7847c019ac56e72dee08ecd35a1261275a30820b12292f3c0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2918d572c6fe7d834789a7d8c28add3

SHA1
606b949ba121562a6f044343cf64962f4e5555fe

SHA256
ec5216908fb5a6eebb4c4e9602abbaf92603b4efe8b9dafeba9e5808ca50af66

SHA512
460b4697e7b09a1c0d7f741ca2360620c5a55b76022cbbb45dce53d2878a65180a7c4fe91ab1df16f7fbce09dfe188e21f8c61602dc0880dda48fd161faeb19e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
112584fc39bf1b92f668d0a96e614611

SHA1
29edb9c40b35cf0c1de70c1c4608e6b6104933c4

SHA256
55e8b7007301255e6e8d91589968f2083e93ce950c72966143f31848b81c522e

SHA512
63b7738329c2e6e9ed092b957de350ac4694d75b2c602b15e90d8e7cd5bef0bc912c9893507fb7bc5de760d567d776c9430bb7aa5b4bdce575f27168f2553b94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
850304532233ecee2d6cd94b044bfddf

SHA1
5934a41f718261bd5f6c0b1ee1398521c3b68f9c

SHA256
56c3e6d31848a21b4cfbd78a6eb9494061a835ea047acfeb46241af30908bbe9

SHA512
683bf7d4f39be4d8e37f4090290dc79e53ab23fc2f1b3644d79a02e5453ed187b56ce98c1521226ec35bc0c187434250fe4998061e9f132820fc73ef8dc4398f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e00214e63702b5b00b14fa6de4b3ac1

SHA1
526c72a08f8cf4dacfa09ef9c0a6f569c7fee9c2

SHA256
d961e1e0cee005834df905e5faa542e46fb7d7e5ec9b4f64216d9259a4068d4f

SHA512
7ab44c0dcf9046d65770523330f096a2e9b089d69f7f61af73666e5f9d4e750e9f0935da8b8c240221a39dd0c6f60bdee3fac3642b598febb79dfb86314452d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66b727e27dd603351492fbfe7cfbcb08

SHA1
f5a13283cafeedca586d2230e48f8503ae631c7f

SHA256
d77c85fe951f58aae4c91867eb0535cf189b7ac4a95a38d341474face442c6e5

SHA512
e77218dcb36097161f7dd1d57b8500f141b8a62b572f159a6706f658fb8e1454998dc132cb3f11ceb6ccb41bdab3fd358a93bd1a4db0011849efdb51d80932e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e505145f816f0932121ebe14166bfb0

SHA1
72777ede74e3d12f23ea7ecdfeba5eb3bb6775e6

SHA256
2f43578ceb11b0ef398ebc856411f9a9efc6c82dd7584524065aea1d947b7797

SHA512
5223c09daeec731074b5f32aaef43e8c9eb19a5287b34fb24a483b1b6b1ac293d9886d4fdfe3d40fa4c1b49193ef70e3872e2543aa7cafe7feec422ab0e19b26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13581223fda785d2578e15d44d9e9360

SHA1
254e2bc338a04f87df8938ef8ec01ac9b8bba483

SHA256
d32c3c588d8475d7fe82db7e10ebb36ff5aaafbe35e4bc1938632c80ffd5a673

SHA512
eb316a56d00996e1377afeab1aee386bee5da692a9579c4fe01c3cfd1e43c4943700268f72d93845598ba3f5727456a4dd0581410c8fbbae1779da0a30a89d9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b93165e17c7aa659fe8b7c762fbb13b2

SHA1
2f6520a3979ba20a47bf5e0b5ab681a3d3a696bd

SHA256
74afcf0d659d9f3629290b88551625f963450e54cdc6071815b63222049afc89

SHA512
7e7e560d30c03dc81de74a051428bd730b2cb33f3048bed8007e4aaf19d13a01116b36b334677ab0e1b358236999d1f968f502465588f84ea56133d32bb78f99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a23ab102081e3bdb70182a509b2d5720

SHA1
fb58712358f5dbd8f5145be6e06b0052c985c12c

SHA256
ee9d004cca26989e197525cdd13f07fff0b36e064979746648b853b8f7a6eb93

SHA512
d8b75db44d06d6ac5064ffc75e46700ef0d7adf749034fd66729ad97e4848ab2bead0ca82f9afede16eec91ba681c2cae437718303ef047596d03dbdb4f34071

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eec4c83d04a55d977313c5b16cdc239a

SHA1
24207468a96fabb10d6be0221487b4f217fc1e4d

SHA256
1f728501a317a983aa891d0f341160a6df3242bad885f80c7d239fd692b47a19

SHA512
a5bc9e9f3b47423c8d8d6583faa4ac17d05f7f8bc9858734da42c0143f592d19b1a7f35d9c8f93319b236bd0328cebae639db6dc4ba002471f5c10615a1cede0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69fd6dc5fc11a84474f0137bdfd0137c

SHA1
1fb6b891df1608b0a2ee3a46c41be4b2c94d8f32

SHA256
afb10c356e3cc827e8acda5ab395c3a15110e7f543bd0a6aaeef49c487ead0ec

SHA512
9a377ed1b0140deef8ba951a51de7f4bd6399b11978d8e1c35cd5c6846d2c4c1eeb4f50bd7f52523f6c9c46a194b2ea05e8a961fa431c770316a3901fd646072

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72218cad37534172d7e4fa04455c3b49

SHA1
4c428d7b1059b0bb9e053629060ff77cac715350

SHA256
95751b11b8179b42113019eee3547c40d6ac097eea1b31d9265e86152b7e51fa

SHA512
1c292c6390b6aa7be70bb226b847608d6a91c3d291c14aceecb7a36269ecbc80b582ce439e510eafdb9a42462920ae37e78c2853e64c9f0e1e10c8ee5357ac12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
236dd79821d12093d529d17014ee8639

SHA1
c0a011002aea5eb3dac71a3d5847502d42bd43af

SHA256
49ad1ee3d740453d3a5ce2099a4a421d42060c51e2f2cfe7054988a1b8150879

SHA512
c08077635b1062672d43d97611c9c85725ec9475c16dba946e7ac9c26eace79aaf728e72762ed092ca66f9d259eb9f865f0b2dfee4640dbb45e75fbf6cc7463d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
349192f058ef1acd3f21b4417c096eb2

SHA1
45efc96a875403441f9807c85265ae25062bf506

SHA256
090e81c61fd5150bab47726a37663c93e6c979afaf466c6ede5a419a6fddf36c

SHA512
4474c749cf537ed0c924e53071827218c0906d5305876a2797d5ed15d2032a06f94c0fb51e3ba17708f2e1c8504534db424e92980e8a347c9037c80eaccad7bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fb1f3e50420813ee31a2c7cc7fd3d84

SHA1
8698a693bc2d871aeceabd863be92d0d03d26bd8

SHA256
e2ec5715cd75408d27248936d0a2f9688b20c061584b6ae2c21c9e568f8fcdd4

SHA512
df0a7076259c067391404034b211c56e37944081685603b310b2e9fae5293da88461ca65495cec0742b94db5d416dfd9f03569a74c229e788a9db33a582b6717

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a05863dc63820dfdd1050c7844c2ff88

SHA1
cd97da76ca99e2649c853ff374c2b2856f186423

SHA256
8078ca346c0ebbd90793950faaa1004e9b239f6d417d167d5fb1a25e99fbeb98

SHA512
36414bb56c48886773c7168071c4213f9348944cd62056e9cc77922e2a3b64084c075f9cc1344fb64c2292b4a261c710b43fc8950e0af061238de0518b46aff8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c81ffa721057d695df6ec3c23b8b0f54

SHA1
73c54d9f6a5e031d490ffe77999e78b6aac461da

SHA256
c4dd11e473ca8f7dfa400613a04be5086af46a774c7a2227fef4e5a2a7513e30

SHA512
643d404b7ef3cadbfa502f08ff47bba70bfbee29199898b22f8b5455d4ad8dcb5c257bf3b3414914a0abd3e2ced06affb30c77db972ce713315b88bb30b7f65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\beacon.min[1].js

Filesize
16KB

MD5
6bc3afc2c147bc08ec8580b84e074942

SHA1
bd5b57b1efce4098ea50f4b06d0890a5e3cf0d5d

SHA256
57a02283206712863fc7d7e6af5bee5200990c1c83d3182d3f5fe5c82a8e16a5

SHA512
55e1393017fe756ca99b0be50cc95b7ce72689db8c4f0431978e475e157feceb35b4a538786608f7a636188974b7cc1b4f006a7e5b7d1a6c1aa59ea5aad67f77

Download Submit