17f9bc9cd75b6b6d6fa52e36432908bcb502eb9d3bcb62df211b5a6e93da47f9

Analysis

max time kernel
0s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1403a1ddb411fc5f469aeba137281f95.html
Size

79KB
MD5

1403a1ddb411fc5f469aeba137281f95
SHA1

9714570e402216a2caddda3da52a8fe2effac0e2
SHA256

17f9bc9cd75b6b6d6fa52e36432908bcb502eb9d3bcb62df211b5a6e93da47f9
SHA512

9f7fe49e1fbdb2487fa4e527191629844d3c46661e08ce2fe60328f811c23965ba7f37d8b7f48f82e8693b13ab96577afd662fb22bdca1f047cd27f5facef93e
SSDEEP

1536:ADJXAUeAJQJ1s5p+7bXR0j+YoeSel/epDb7pGCkgTqrHkyUqwlllS:mJzF5p+7bXad4Db7pLkgTqrEyUqwlllS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73752FE1-A7BF-11EE-96AC-DED0D00124D2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2472	iexplore.exe
2472	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2792	2472	iexplore.exe	15
PID 2472 wrote to memory of 2792	2472	iexplore.exe	15
PID 2472 wrote to memory of 2792	2472	iexplore.exe	15
PID 2472 wrote to memory of 2792	2472	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1403a1ddb411fc5f469aeba137281f95.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2
  2⤵
  PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
82ed8b474c2f82bf86a6c3c447389bbe

SHA1
c531944161cc045b0824a03115169dfda493199b

SHA256
47aaf109521d1a8070835d06be1061a9fa9f2c674a0861ef9459f5932571bde4

SHA512
6f100cab4bc4134e9626959094c4f0dadb2257bbf2cb2fea0ad825c6546fe70bdf0e066c2df425ee1153cdcc23b8f72d44772af3edaf624b849e3ebb69208d1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3c99f57e86eeb4c084f19047b5ff365

SHA1
23222362398e8ef6fffc1394002df3f0660982e7

SHA256
d2650e65efdb8b0745c7f53dea219f8098555a0d0a707ec80ec19d5232f1b6dd

SHA512
351d249625ee505f1a075b4e1849e8cedfa193c8f858bb2ddb34d9f52bb8c3afe84fdefa0cb26c4c121ba51f237c06ba8ee669cc9ee73995f8d90f7ee11bf8f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e18903fa6eb55ec777b59429cca66255

SHA1
0515977c57ec9212af763bd74510206c86474f6e

SHA256
57d547f58c706ee8acdf4e7ef94ed006ce3beebaf1bcc68da5051de5f76ca571

SHA512
5896fe8c93f8998a01cadf8540e1fcc411b4732254d140ac119e96254d84291f97b424f2bb620884b45dc2ec288e1740d1de6741983fcbd7484c0a55b3a17baf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4e13f3ad227b0dd407ce9d470b724ac

SHA1
34ba5fb906e4de2d414a9b0ca1f0da85f5677c41

SHA256
24c4c08ce5fa18a6a928b2ab46ea4e192c5021cb8f184c50276a187e48352f17

SHA512
5c48fb379248becb81dd712f109fe9a33d31cc7f971e54e5b35f68d35c3412acc6e380c290eba1f6b9e6d8f0fe4d8da5d704c84dfe882efcd725d0fdd4f1bb32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b96e5164039a0db9241733408cb13fc3

SHA1
0f4877a8134772a2a752f21531b26c6c23a18a1b

SHA256
c2f8caed2336d4763ea4fc862c24982b47cc63952147530a1bbfb5fa28cb113e

SHA512
5cf89683d0b486df233a8de5dc43e82955ff7b85f05784909990df026a838e09152c3142ed5974a6ebd30198d2fca84ae27f8f5ced366731af6c9789c9ce1a30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f69e5e7a9203cae3a6e0246ba99ffbc

SHA1
7ba971dbc3f6a90f9fa88037cc61f5e511835733

SHA256
e525f106fbfc66682e3a95d295747c2a1fee49dd9ac7bd0d4fa1356583f421fe

SHA512
408ef13165d0bd3414ffdfe1a1112beb64c9c62d8779217674f086dd2fe3a6a3792f6708bf31e7c6532b63d05a0f932deffd996b263413f17230b56b38cb323d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab18a0d05c9fae9145aa2d65ef33b6a5

SHA1
54a37edc5818a2600f78babf7dda580a99d1a6b9

SHA256
cb1623907d8e2545df0fa45bb1b3098d67f5fecba8435d21e3761430acee1eb3

SHA512
b4fb689fb63f977ea004c28b59e83249d956188a1345dbc558cf0f8e81ea2c207891969356d903154500e9b804f3b3e939c63de3a36fe6b1a29056b47b14cd5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92b3eabb4ead79a3b8902f9317e4dbad

SHA1
1d6a03a770a6d7716aca0025766096d64bcbce89

SHA256
b37add5850399ec257377a1e2c6b6d296923f082b86f397ad1218d0f0d588ea8

SHA512
e26ef11e50ddcbde63861e93d9c93bc322b807b0f11e5a8006337aa8ba50949e995b4c9d59772cda2edc87becd652e59b7fb03391f1585793509a35bf33ffe0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
719495dedea041d70798be1cb7006373

SHA1
045cbbe7ea38904fabad8869f5399f47e52f359b

SHA256
6207e3fb4028289a64b9b8421626d4d5dc07d4244396e1b6f189da87f97b625f

SHA512
0e6d6eb39d9697479f89de994af66aa9a14b03fce7a7b50b8cf063a38c234fe3e532f9b00539c8c6d8c73641d5bb2e3b24faed41135f7bf2292dd6db74cad6a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fa7a455ae92d22e50250125840203a0

SHA1
05a961f31a0ab311bb42b5250a836a309776e1f8

SHA256
78da37a96dec2f2b6c5554cb20f2a81bc2f41292566e7d55a230323eb2d0ce3b

SHA512
3a8143b631077e60bfe709abf675182c1b61324c507ab373720e3f080074fcec6a704ca2b98411df119f87b880897395366d9317927820b7f22d0e719a44b879

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7ffd61e66fa4c550442dccc72de9a99

SHA1
ab1db239ee477137306345221c9c3906fc8825b2

SHA256
ee7e1fb083610b283c0126c14136624fd225dec9b92c97e03bb9ff39455b38c5

SHA512
41ef58fc89a7bc90e47f195f5cfd8ff0437c6c1a5d1685693032b3af0ef86269c89665473dad66583c3b14698e968ab6fb7c70300a2384378202388076ffe066

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44b859a900190470685d94f2849622b5

SHA1
f3342008e26a20dd81e3966ae51a1182b325e04c

SHA256
fbda6144c09187271b9abe0dfaca54461cff0e41ca560ebe9b4fe604a564bdcb

SHA512
67fed346849256288bbedd5465d785fd73d6a1d534034d50fe3f483065a17c71052801229aa0c310b9a0a2db271a8953376c556e0639b95e770b5dadf68b2a45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65fda5cb90eaa81e4d525484dde4cc89

SHA1
fefb3f97451e10c3e20907fa993c0232d7c05bc4

SHA256
c7e72db7e83484daab64257c3bad84646baf5a4ddc3c6c96af10157fc3490d58

SHA512
05a0691beacd653a66de5a993e326be495a7e1eaef72a9bc8a42dd09d249167303205ef279ff996b157d6c89351a3050633d9dcc572641dfb13c70b847a88661

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bc2b4a639469a5b4ffed989c4e90704

SHA1
677fb4dc39780c5ebd59c95d59dafb626278f61b

SHA256
f5362852b9fbab4d6729c8daf774ec247eac5bde540561c57ec363d1cd82523f

SHA512
c0d98764bdc78043fe8d9204819847d11169283a93507f622d7c6ae2f131960d83a1a1b1010d0a38e1799965d687ac7d4a16e055db027546088dd713f543d7e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
610d1d02b76a5fb233c881079e715130

SHA1
6f685b147ba227db8d76c91f03b98b535b47641b

SHA256
af926cf1f63b825d095279ba6738192486006676fbef7b818fca2ce5159ab1b7

SHA512
a259f59a5cab3e4f7d01e005eda37f03d2499b74c166bbdc96f3d5f71023cfebf87ea0607030d25935ebd4a16fbee0ba65e640ccfada27e4bba16d4783452ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2BKE9OPT\www.youtube[1].xml

Filesize
23KB

MD5
0f2be6d02acdf4df6dd35bf0a382d0cc

SHA1
1bca363f544a983f3f36a8d13902c8050bf61952

SHA256
cd6dbfd08e2dc2cf7b752216d85bd071f17f329e573c3319da83b3dfff32c609

SHA512
c058c5e96e43b186451302b945cbc770487884ed3371bee331f09de3507e5011b010944e3eede325b73f2757192bd54f198b364c68c4737fdfd35fb0acee569d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2BKE9OPT\www.youtube[1].xml

Filesize
990B

MD5
6b8a54dacd333a7ccd60161a55c580ad

SHA1
aafa80c5c410a3bccaefd71f232a2e63f8e714a2

SHA256
9ac451f891b743d0acf07090a29c913b4a4ec7e451b821e7f864d19486e14c61

SHA512
cfea6552122c45d03ed9660025d084cb4573f8959d738a582a1f5eb2a6824718508944860bb13ec990d1e33ebd003f95d28478d78ebe718b8d2d0d072bf562f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2BKE9OPT\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2BKE9OPT\www.youtube[1].xml

Filesize
229B

MD5
9cf11ae164a70016995d9e21fc46726a

SHA1
c71e7705c5cdbb482c7a77552b042762d0a88249

SHA256
7762ae4df658ab81638a5805b302b95899229aadc4bc96cef3c065c33211ba41

SHA512
8476c8724ed1b94d1c5616cdf352f3929d63a5fcdbe95d5254e755dcd0077383e7687949f3dd79a68a49d02770c0a6bffddb12d65da3a536547ae490748a3bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\cb=gapi[1].js

Filesize
133KB

MD5
288c5ba5b7001fe841c32f690f62cc93

SHA1
29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

SHA256
c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

SHA512
e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2992.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A8F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit