4bf82b4051c8e5aac01518189c32ccfee71db57668657cfb53ed0ffdc96ad614

Analysis

max time kernel
7s
max time network
166s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12ab71e7b54a2db3c6dc083a36811daf.html
Size

895B
MD5

12ab71e7b54a2db3c6dc083a36811daf
SHA1

10e980496be21637c6f83de43341180bfc4fb0d7
SHA256

4bf82b4051c8e5aac01518189c32ccfee71db57668657cfb53ed0ffdc96ad614
SHA512

8a9705d6b91a9ffe2367de2fee79f87c25e572df348134356b4a37fdf57733f17c17fd754ebf9a31e93822624e1cbbc2fe62773461ff18f132d6f609ba45d65e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E14CA141-A7A8-11EE-A908-4AE60EE50717} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1752	iexplore.exe
1752	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2416	1752	iexplore.exe	18
PID 1752 wrote to memory of 2416	1752	iexplore.exe	18
PID 1752 wrote to memory of 2416	1752	iexplore.exe	18
PID 1752 wrote to memory of 2416	1752	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\12ab71e7b54a2db3c6dc083a36811daf.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
  2⤵
  PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d7af1371be9bd8dc90c2e5ec65b128b

SHA1
cf980e6eaca7625b970e13ed921135b9cea5e11a

SHA256
1542de46f2623bed7aa13de46d312696c9103355afb051301d5d5064b97d2e3f

SHA512
f6146402c179f759d1c8bbe313d3e99eaa59c59708ae9a998cfd3e3fd220542b85334bd3d2313bd050fb2dc6ec8672a409a3be9d0b09c2afb0ab814b142839fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e963e055ab8509483169a260cd560931

SHA1
74acec5ad0bf7f5fc2530231da55c861fb3d101d

SHA256
c99aaeec2ec72b5f263f2caf01553e8537fcbdce2300f6e4c95816837aafb1ab

SHA512
b8608aa3577ed11df335a121fde9cb7943748b247ac37cb681f8deff225411a4d90d697ba4e78b3684ad4ab9b0a5364554da26708700fe2788be65ee8a9b7acf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
656b60dddbf339df8791278ac1554014

SHA1
1edf58b8c4b38c72438b01f46cedcfa81459f79c

SHA256
74fbb7680c15b9173376ee62957bfb333b6b1f9a7ff92e22085af45a3693d0b3

SHA512
a0c42fdd776e397f2525d94898a0d2c275793c35a3811c7e25455e2ad3edbb09555023951dedb5a74175fe1760ebbf37ca89f61bb5aa28c055a214bda0be801a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41dee4faa279ee292fd5f08c670d3e44

SHA1
d2ec9a4ea5b81b6d8d00fdfff8ff088c8cc25886

SHA256
924886d3a9991a70fb6841f436e339e90a6758b64ebdca765cbf8a78d87ffbcb

SHA512
13a835cd4f8fdb47504795ed42e59179c52ae8706aaf24be4ab0446e300b6ebe0d32e01e4efd743f397b27e608305c39e189aacffb3754bd5a1240b7b71de02e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65ac4f21d6b0863367e6679b32ef9845

SHA1
331a69d2deef289b15f320c87ed3700f310e1427

SHA256
b7c247f01d60288d722db2343c9c55897d1e9129a4f97ff4eaed7314ab7f30db

SHA512
c8ca6be3edf1a1b923571c6aa6a028e81cbca4303b2653c9c2824164ac08d653cfb8e27f12b75f73d68f04dc59cd2afa5e4d11b588fee0a0e77422c6b54708e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
413989f2abad7bc8d408d7457659f87c

SHA1
44f969f947493f836603f5a122fd47cfbea9b0e3

SHA256
80a6ebd06a3cd0ec36ecc76275508187f353a51573da5d0aa929660aec824dae

SHA512
c2ae534560a984ae11472164e23362747411ed5133d32745bf8fc74f28aa262c4f4eba4aebfbb8765acd862f7d943a59ac14e492862cc2624ad044971cb608e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ea27a88b63f634deff39d5647b75147

SHA1
9a1ba2d31d3757355fccd8e2c0420434fcf02285

SHA256
80d5bbd22ab0fe2002f14390a76e8ea07ba9fb41c3074c224685af86387534c2

SHA512
cafc5b7490487406aa602e6f6fe7eacb6951e9cd73495b0f700e2cde58e2302626f2acfb7dc8e1cd5b28bceeb0a29371bca1f601c108d2dc220ea7c95ad1b4e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea836029596ca04f9557b99966b4346d

SHA1
e1b5894a6bc148aaa3c7b9842f3a776415319014

SHA256
384848c71c95d6a3293b89d58fe660d00e39373d3d31d1da9740325c8187c4b1

SHA512
5b3f6d11c078c0416c365720c38ba86981cde5eccedb9ac40461f27d1b033b4f8a95f63dcd61d059b4dcfc403d815918368c4d6933cfb271f6f71359b1ba0f94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b06efec1c8c0f1d55acbffa02723433

SHA1
4f2bc45c38c8c45407b9ce2181e5c568b0db2cbe

SHA256
03cf26893dfa2e9fd7521ddcdef9e5048be7988a854518a95ec31ff64d0b8bde

SHA512
29a72c4f355b68f574117e8e3c1ac67d9f6faf8981304ea9621d05a30b02aaca52cb30e1495ddeff5c0338eff6d0d433713d5bcb5b7d16b4f55a3d09f4c265fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b55ee3e0442801a8fe9d21bcdfce1354

SHA1
38ac7d226d9255f11ab809053e0b6e22a16298ec

SHA256
a5946013308ebd4e11dd9c7c2e5d2fec39a115564ee8058b39d16146989a6e3c

SHA512
d73585a9235249d120c22c6758ad8a0f0ee6692ce5f0d61818c244af8f9a3eb1f8c128a05ff2ce32c66a1d6f281d59f9222778312ed75f2b72761d44c2036c88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5b49630af3b7b0a7c7a837000c8dba2

SHA1
3c2342a101a8651b5708dce7c6d88e22bdb7d2b9

SHA256
4724f8077143af90686b074237b6713998cc64a061d82023f33106f4e605926b

SHA512
dc24f60027c91505429f4f0fa99b2f7db4bd50d43daeb4dc9445c0003b565e8fe47058755f2cb81ab49dd6bfb86da6d487e2508905b789143a559853bd724660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d35600463754c9888253aacb8157fdd

SHA1
cd1b0767816473483b50f9e79c2472f8d112e7f2

SHA256
95f102ba67992ae98908fd5232bf89eaa9725282f65c7d703efe14c438042723

SHA512
f0a7cfc9e8540ee6181cbc37045b6f4839c4b47150326c404357a6b2b0b229f3855fde8e4038315cd868de01d23861bc0c0c2893189b92aa70e009f70f45d5d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a9b106068e10429127a25c8a732b3bf

SHA1
b5c80e1603fd6bf29a151a1dd8ec38753cf01db8

SHA256
43b7daf8bb89975fd36a646eaba33da444734b1a6ed374d002bdfb436fcba96e

SHA512
8ee34b48c76bbdc555a4a31eef243c2f819418a6de7e4d7cdf299c468bd84ad9d7068dd3d917d5ee9c244ed2ecb96cc1e4b8592f47c13c9d6f53f2bea06406ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD1E1.tmp

Filesize
4KB

MD5
84a4974c2d22f28abf6e058f8485b9f9

SHA1
397635c06953c1b55290922481c9af07a95a45ab

SHA256
baa03ff90c1c45a132de3de72c8352e1b5eee5bf17bd47f2b42dc460d7225d05

SHA512
6545b960ee236c9ff8378052a673b90a38e596eb5a954900022b2b2d6a36593f927b3662135e480069fd5646eab23849bcd035bdd7882ee3e85cacc1be2416df

Download Submit