14db55c1e8d91e2b13cbf427a199a0ed36d4976e7742460b2e40d9820b74585e

Analysis

max time kernel
1s
max time network
158s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13f85271dfa6c97030e5d728ab14d30e.html
Size

432B
MD5

13f85271dfa6c97030e5d728ab14d30e
SHA1

c5c5327ceff2428744b8cacb2e0eb8e0d1b08b1a
SHA256

14db55c1e8d91e2b13cbf427a199a0ed36d4976e7742460b2e40d9820b74585e
SHA512

6f9ac3e028ff28b2614e2c8bfa9f195759e5b552a7b3b335e17d923e4db5f865aa91512683e1bdb9f87da9d51400c6c97685cf37eceefb913eb7e732c56015f6

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B73AF61-A7BE-11EE-B16C-EE5B2FF970AA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2612	iexplore.exe
2612	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2636	2612	iexplore.exe	16
PID 2612 wrote to memory of 2636	2612	iexplore.exe	16
PID 2612 wrote to memory of 2636	2612	iexplore.exe	16
PID 2612 wrote to memory of 2636	2612	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13f85271dfa6c97030e5d728ab14d30e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
  2⤵
  PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8b8df5a0f274ce6c4252bdd5e9bd127

SHA1
ce5d0441f042630d71e61649ba9c8108e3ce5c92

SHA256
eed61273154be011b2213961e19f3f08f039e0e361d9106ad87ffffa326980b9

SHA512
28b6accf659f9cb56288ed92df0b4c780a126ddd8a5a0bd1370f73c3fb1bc982f6f51343e2da8a558c5749a9d409bf71a5b73de1a65922ee10ce206af276e645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
393b87fe1a35dc4b082824fcd91b5811

SHA1
3faccdc881e91a05de0dbe74d898dee591530d2b

SHA256
31cadc2040f5ad81d9b33b81bcac1aeca86aa71204077f78947f86a00dde3f12

SHA512
5c9a8953be6715f9e14d34bb55b1b6a7b444661e2bfd95bedda90c99834ff1f91bc5bed5411dea933d7d56ff425ba05a7bf9627cba717766d1175b0401a9542e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd298908ca34f6d01ff4089e7198c8ca

SHA1
7bea4a3f0f63dd8565ed52a16eadcfbcbc44cc81

SHA256
13cf2dab430af574e13f58f093f750802a40fc5735c566a1366ea5425ee6e15c

SHA512
b38daf968d54cf0012bc2e1f824e0ed3aab5517bf5c734b293d33ca362b85d86aa799e6414fc97c8155835c4e644aa62cd45e376753d9428b436e27955bf37fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
015d4d78b5ea459324b2b069f7b3368b

SHA1
6d971fc29f1b0aa615bd6ac5d15313dd5d22bdb9

SHA256
aec9d3df30cf2a85af3bbf2b6ed7f225c8d4c69a817366697eff6e4a15056108

SHA512
4ae4bbde147f4c85fa884cbbbe1eb5da88fc66fe10bdf713a0a6a8c9bd6a92c4325a20587a9dda8f87b4ae9ce38f61634cea1a6c133803878404aa7aa019ef73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d131634ee7fcf524a4b3e90d54f0bf9e

SHA1
250c6c46d58d77b0cacfc1814b76ef76041426fa

SHA256
a902d94147d122b997d247740e0fb8aa21d938b674b51fb0d94f880b3c5b5f47

SHA512
96028cb7fc88e626d524af143be1f1b56278326b085c6fd4c02a666c8d6baf1d380914358496fab3e8962c855eaf40c7e9e93bfa2465f03fe00f6f3199a07587

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f08e047551a1ef884fa23bb15453ebb7

SHA1
e12f7dc74b1a1f82a25327f77e17c34c981b50e4

SHA256
9448fc7e998915757acc2080960db0d024e2a1a0ea9245f59a0b73f37a4d3508

SHA512
397d5d4b516402041e0a9fed4556715aae4c31958085ecd70071b8c6d9dfaa75d8d7cd86b473022c6aaa14005945e5130cc23bdf50c4f59ad66e9e0877c9e368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dc2467b0fbbc74ca2e0ab4fcb5510f3

SHA1
380b19f3949c1247788534c1c6fa3ca0028cecc9

SHA256
d50d77a8bbf6bbe56abe97939456562e4a013f44ab28e63c8471b9ceb52455d0

SHA512
dfd40a9cba140c6c3854d62e5622d5f05453bca8bb8e6f49a31953c8f56f004e80f38b614d70a5d6b1afcef12d8ad4339962adca08510acb5f0e7d96999944da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5e4f1d2745600e12496ed894239fa89

SHA1
aa5032a804a89e2b6145c1dd1c55baf3c658beba

SHA256
944323d9ea9ea911fff323ddcb20b5afe5301742161442659d25c6e78231bb0e

SHA512
46833c2f78654b667bb67d42fb7b223f66657416dcc7fbf3cb286cabd4bfc9e2acbdd853fb28455e0ae4ca7d58555cda25d4a71d331dde15ffa8bcb80c99343e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7fce40e62dc793c37e54c198a24de72

SHA1
2ae7383480ba3aaa93ceafdd600cdb814de9dbc2

SHA256
f1b6c6ea38343db188f7466ff33f95c990fe47115e7589b00cfb03d97f42f63c

SHA512
2b86f0cf37edbd05f1abdde3c77a2f7316ec39327ee2e927669c7f4ef54b631f8a881914d78e26a3b8d758cefd00c5dcb17e76475a9b310b0b5c0cd9fcd57abe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d45a90a4322ecdb6c989c1b3689aa1a

SHA1
2da166867d833303d2ca42a338debad23a9bea61

SHA256
30332d728f4e5942fa4169d76205c2bd7831d20710f68948dcc2ad2e5d87cf41

SHA512
1432cef57fec2578be4584523014dcb0b02a59878298fbd4da7d78b7688adf9b578783f65293ea63b30f4037c749037ac758fd21380c1bd5e6768e21b8db31a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c3e629af5822f4183c2e2f015ce3b9d

SHA1
46a4291dfd3e94b0a73914442dde45f5f87d4509

SHA256
c7a63fc6ea8f04addd652543ee8712bf1c40cb7a2d87fce30571ec6ec8cadf0a

SHA512
1300ed5be06c97defd2cf7c46c0601c9f2447ffec89fa33234e3ad319b17089127bfa95027ae9585223b06251bf339e99ac462f1c2bbf0c55ce61c9bd0dad9d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8253c6e0ecc03ded2848f3ea48531a78

SHA1
9c2c44bc50ba2b334bec3c7d6a99577a254e9b0d

SHA256
dccdece1cfd9578dcc7c105af2f1685dfdb4af53df99e763d569f4a05927305b

SHA512
a3ddb98442ce798561de3adfa1d8c6f1fcadaa5848a4576aa5edc37718ffa86ad5795b4a528cae3c0cf214a4614e27728f85d8a96f66f97bb871ba63a2c7d013

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0afa997f0458431a0eb98240765f5bae

SHA1
756887f341754977d1f1191de942cf5f8472c5cc

SHA256
269521096acf08a33f4082da42e82f561f73a94c2849ec4595547f3900ce25c4

SHA512
bcbe8cad5fecd9535cc775f47702d08a5d1a52119a73ddbdce498c0843b4b2e3e7c14e392bb778c7b6d30243cbd8743744d853544856bcda5d091632eeb26f13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb88d036ccb6e3aa7e6fae5dcffb6f06

SHA1
b0bc9685113e2f11a46e3f6bac28c81f1364f86a

SHA256
5c8edee8ecee512879386308501c63ce141f3b440218c83df102ef39625edc5b

SHA512
1d706f365e60fcd8ca8c38827faa81505675a66db67555ca6a9527a9744c367b56b369939b0c5faf502a0120ad1c8dc1a5ca90c1c7c1b1c931222a63e2ace566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06486c8c15e631b54f1d3f37bb4b81da

SHA1
8a0a4e52a7c781daa31a4f37c8f8e80f02b760fb

SHA256
dfc6cf125dbe80f2a1aeb08f7242c67924f85ed731a4f1446c633c8c2b4c1fe2

SHA512
f8e7836effcc994c927db144703c99a425e30f9cb2cda896b12911b5eca1b9d8ab2597bc66f5c4589a0358cd0af5b2b07a883318726c7949597c8f66bb7b7147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8838c054a6f36442565d73a7c51c430d

SHA1
998aedf153c78918c8b962412e56bc78e75d19b0

SHA256
4eecd9cdcf313f7ac4db181273fd3687a5078eccdb5822c83de82187ed0e3deb

SHA512
cf9bbe2c60efe658c5cd8276799593f1253cbb333e37b52bdea10bce9e5c7d61f6b19a20e94ee564544f537336a4c6cd6621a8947877109a96770167b1810e85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c229c4017bb504eee471c801d02fe9c7

SHA1
6a9895a831f7037b5280cd3eb695ba28a5e36a10

SHA256
0ef3526992aad9c41f6cf9cc3fae98a9c91587aa09afc4e29a79583feea3e659

SHA512
3a605ca917153ac4e3c4fc2a2960b7f3d2efc38e64e1f371e2e3bfcd2cc41745ad470f40297cfb77f493bd4ab81089e8e0f246526f27ccf8e2cfd649bfe56eeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dbfbebebbf7b45bafdeaaecba2010df

SHA1
745f2397a6ffa422c629c8a7d0f8cb5774f540d7

SHA256
92f2587ff2b8ff60b71aa7a9e102b0b1aff4d2891df825a377ef076c4f5d818a

SHA512
c983fb4512d9c5ff2354ca95ee20a88c673b9db3388c45603fc9caade7bb68787a27e40112bf8543850d3740500d71e601c3aa6e776bb49dfab4e7b54b90ceab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
3cb8d610e7c7e1808c80144834ac06bb

SHA1
b9df80c9e04db7b2a8193af7f7de053f039d2a44

SHA256
eaa30796d593195f3c2a080fed146047ed7a21139e1805ac941061192ba0d9b5

SHA512
0c702429868ac7e73dbdee12fcfec5cea88976073d3ddce98e37827a4ef313df20f59e9cf04c03c874c9bdfaa5e6630a9010d1ce145acf41a8b32c31a30786af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

Filesize
5KB

MD5
d37424ac436d6dbee3ef62256d14a6a2

SHA1
0c2a14a5e3c31da9f069d031f673089becf0b105

SHA256
80243fd225f6b4181e59e123d0abfe5a55e580f345697eb7762382db97ad5ab2

SHA512
991f4f139751ad47c1e3571b8aaa36e8218f3293e1f2d195399d27927ba272932f6382087dc3f5da6a6d2daf21568eff69c03f109d6334d6c25835338fe27b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

Filesize
1KB

MD5
2e8e5779027bac7b9cf451a257b7329a

SHA1
f75fdb9a0be9b1d7621037e4ef184b66dd907a51

SHA256
b1177d3cc4d5abff26b078531bc9bb5011967b22986c5a856e99865766a12d10

SHA512
a4e2b040da27f26121e069110f9072ceb8f288d9b300b36232c5fd9453c2d469ce0064724ca804281fee314fb827f56b7f1b7c895753c3f46ae03c160b144177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\favicon[1].png

Filesize
3KB

MD5
a75c230f34b9296e6fdd8b0b855df5d8

SHA1
e0b9e32053d44532fb4e8bb55b54c3211965517b

SHA256
8adba20b1dd9747ec8ac6ed5a26a8dfbfc7ab82213d8051b76ac771c76b87920

SHA512
950b94afc397ac760f38f4c68691bda6b541832e1d23f496e36568def2b9f9dcb6984c6a42ff6b5abef0e19b76c37e40baab22e9dcc9360091b609333029b24c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7448.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7499.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit