8b4c81e10bbec68d992ecead9daac80518c593b66a90679460f8cd0c0d0616d6

Analysis

max time kernel
6s
max time network
178s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13e7fd6bbbbd2e0fb5109e7841a97de8.html
Size

29KB
MD5

13e7fd6bbbbd2e0fb5109e7841a97de8
SHA1

0da70fa01d7ce4eec5c58fc2263c130f0cc942eb
SHA256

8b4c81e10bbec68d992ecead9daac80518c593b66a90679460f8cd0c0d0616d6
SHA512

cef086fc63fe5cacce6ced44b7ebcb3c8b22e6deaa913c2a3fe727201f5bf9eed11cbd62dedb2d342501b8fd7c3ac0b3a127605db31aa15faa9888b20fcce5f7
SSDEEP

768:1XHIrB31ARoptnDVeeeyVOKWqDkqMRPJTTn:1XHC31A+pFReeeysKWqDSDn

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1EFB7EF1-A8BA-11EE-9B8E-42DF7B237CB2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2912	iexplore.exe
2912	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2740	2912	iexplore.exe	16
PID 2912 wrote to memory of 2740	2912	iexplore.exe	16
PID 2912 wrote to memory of 2740	2912	iexplore.exe	16
PID 2912 wrote to memory of 2740	2912	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e7fd6bbbbd2e0fb5109e7841a97de8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
  2⤵
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70544e225ee142ebbbfa40d1dadb84c4

SHA1
f7f90f3f87099dcbed30a3711f2ee38f8d379fc3

SHA256
eaf6ef4eb589dc3ba4542010e2da79cd7b82b21cb12ea267870205ff07cc7300

SHA512
8066404b392c9685fedfec6c83e3e5829e9a882aacd4d5cab3c3ad445334467aa0251b47dd495b822e46c806d8b2c90546f3491b07ad17956204210479ba5ab0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f763cf0a4a3a076e4c540ca6d0149b61

SHA1
e283add74030e2f28a26ac05b963a968fe9b099e

SHA256
c1b403ac8547d2cca55a69cdc01ca05e70a70ecf1e0be9f9e47403f7fbd0acb0

SHA512
e00b96d02131e900fc3c65442d88a7e5f8f83295e55c6c3e4ebab6aaa24d26ac6072afc03ec37e3a4aadc17cab951422848e33d5184d169adcd8cd928fb736b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85a459b6f8f7345287c65ca575d89bf6

SHA1
5a9e83c0e66f1224151951158f5e26221a41b59b

SHA256
ff2b156cd96769cdd587dfbe1bc0e42244dd08f124352e9aa78de936efdfdb2c

SHA512
f2edd43e8f84a92d828bfbfb18d4eaec8432214850c697b4c7e3a82fa1c25e88a56aa92c12659fbe21d78b2169939a15ee0f46c0524686916c1ebac8bdc74a03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d012ba29fb937b9005297cf8c6d9f94f

SHA1
4c6acece9e25340d0972fc4805216f229b5c7348

SHA256
1674bb323274675495f932053a2abc6c5636d9a18dcc1b86d9102b9676e0256d

SHA512
15e3e6e90cdf0d02e77455787a22fd7a0f255c2d1bf75988c8a17b1a9a13c35fa0d1ac24b37d97cd33461cb19ebf2b54b894b0ba0a05035a9678f12a3357e77f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b434d803fa5b9994829da571c67daf40

SHA1
00011816cb4f12203246e128ad56a7ea3d2b76c5

SHA256
0697f3cd493d88cac5fd2520209215a38a2df1b831fc635d622f6a85c54ddbc2

SHA512
064d8315c2167f9af8961a688483afc5ba866614a1858dd106f43d81830cbb821f904047b5587d5cb9d1a79ab612caf513a0d0b714f835ed5e1a9167dd247348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ac4a4e3eb3802866a478e162d8a7f44

SHA1
40539b6cf6c4afb3936f4343c0701915e37fe65b

SHA256
262c8623ff15948cebccba408e868ab29a02e38f60f5c93aefc6f05b04100551

SHA512
76f51e4cb953b801c08ff59beadfd57276031dd11b314f6be29b3ade50203b3bca29c63ba95f1eef9fb4d151dea56b1969bf7ab4e2e7582b68ce99d336fb7847

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3153425ca6e9b11d5b073080a449464

SHA1
eaf130374a8969c9ea085570b7ace1ffcaec5dd0

SHA256
96dceb6344a749e0e1f8d4b00f1a9b8dfc44a197a1fc790c59f838636eb1d6f5

SHA512
9a7159235983bd46b4d0040d3938784813e1034dd561c3f9858fd052b60b1f1382c57395fc141ec7b4f9016342ea4f13397e0fe5c309c80ba36261e183d1321c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86db2b3b7e3270d150fa14ad8ddcdd3c

SHA1
fab5a710e76ae4811168c7f1cc823ba15c348a05

SHA256
3f94660a78467c3cbc29c4595e916363301816cf3b16161becbce2f487fb4d8e

SHA512
bc39f8c8dd840715a493c332d2e6b78bfac7592ea449fc0c82a7a69e7923cb3f021abc6b9aeb56a6ac012a675798263dc7e5c91758853c34ef2b51167ac27a01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e2d14a2e02eff815290df1953ae7405

SHA1
976a42b36f09a200489486b487ab045f114e9008

SHA256
c5488fb4b09e054f0a02f809ad7f9728aa1fb59009e0ad92d7871d014de43b8b

SHA512
3dd577c1ef54f35ce031ea8b998dd8a0b21c833b5137387e967f6e3026eb14bc96cfb9040a2d94572b7c185f7101e00202ef69b6cd992ee1da9302a84fd6e166

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a6bc5c925caa1cfe8153867987e626c

SHA1
450e3998e01b9c27f98b09982966760d288f4578

SHA256
f0c941f8ff8c2026a36111675ea2dd771780dfd36e461768b5e3adfe6ca89a0a

SHA512
5495bbdf5c78924c45706fde706eb6781101ba5cf2f2baae602a864313369587c7a949913e0b6c4f0e085cd367df6836360319c79030e08d1dfe43722a26cdb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fdea8eab7aa4b02efa68653cd7a1cbb

SHA1
2aaeee00fcf317320295546929a64e5aacb909f4

SHA256
d2655e4dbfaf7b77dff6f686a8a26beb1b9aa5caa4e631c95431082ce26c3da8

SHA512
c773ac0b4cf4e1771e4263ee06a1587aa69eea0f5be05b7914dfd2650a5ae87baa36bd92ead425eded079efef0b7620f44555ed4db91f6a712efb4b0921a87f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5eb238b5e5ae241496786231306d488b

SHA1
37963042a1f9caa679ef0d5bc5182d549bb8581f

SHA256
3f6a80459a50a8e4489acdda836f21c790c373edaf75c1242e7f29562ae6a3f4

SHA512
ebd0148e11b654e34c3134ae3cd8269059e26544f6cc7bff2299671dd4ebbcd491d6f5c03d7c905b5fde33fc672d93110ee004e05cb8ae0bce8d3515b480a1df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cc36affc6ca88ca340210c4f96de46b

SHA1
32d425c9bf6b65e297a4b27f4df93a942bc56b4e

SHA256
9626d96be7b4a4e380f5ad7957cbfb9061a5bdee6fb1bb6af40022e311cfb4aa

SHA512
70f75222fd4e184c28db5181b263f08ed06ca98541284c786ac273949f3018477d101f61cde4a45f486591978a9848651251e2ab79ee1e6975de9ce863def331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb824a53a315542a2aa03abf97f83def

SHA1
438b6a26a3815d634bdd1f3176cbf284109565be

SHA256
d6cd8c55693f22322cc422b3f634c4874dd03d1abd291220d6cb8302f62fe737

SHA512
0faf7bdbc648bf0066daf992e57e4e5d8ee70ea935eee0d4bb16b299c2c3208de500bc6f95a8c41ba36cd79241926fe82a0e721216f06dfdb507eb7ea4f0754f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93ec5b8e6be41e40febba962cd901b29

SHA1
37598125d62e70a1a0aeeb2243368d242ac53386

SHA256
5d707a28cf2951421f0feaf212c428f0e9d29e0fa933bdf3729afba84c352b5a

SHA512
68c850c4456a40c7e47d3c12e1bea9037f869f743ad77f495e205a2321f7065f93a48e73e499ac3a519f894dabe994e19daeed2bfbece26a587d239a904319af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\superfish.min-1.0.4[1].js

Filesize
5B

MD5
fda44910deb1a460be4ac5d56d61d837

SHA1
f6d0c643351580307b2eaa6a7560e76965496bc7

SHA256
933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9

SHA512
57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC081.tmp

Filesize
31KB

MD5
4868be14babd83a9c588ee67e351f118

SHA1
7912ab583726862f5e36b7fd65864588615e224c

SHA256
4e49bdbcedf49224ff78ea40588f475aff272ce64ece92c8f46d696188b8763e

SHA512
6fca8b0df9547f94149863693d3777b5e494a3b1e574cd0c72a311b7864677a3f2fd372f35f737299a40c19a0a4ab927e7c9cbcd247d762d0adbe4184c906532

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC161.tmp

Filesize
50KB

MD5
6d9f3b7f72b7f0c815daa5183e231868

SHA1
ded7ad3b8579a55af07c0509f995f5b6f038e861

SHA256
395c827db6587977b66137c078479b22b9bfd802b6e1deb1004fe5f4d82ffc23

SHA512
18a4f3967cc0f1bd445ffffe8347ae803012c3e8689ef116ef169a10d03f637f7800414ac97ec3c30801591019eece0db10e4bbf0f6344c39d088cb95185756d

Download Submit