a8742ac85f7bd2c015e5edfd7bc534ee0f46d985a3242aa749a9b2757ec8f292

Analysis

max time kernel
122s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1524e188a09173dfeba6f3a8f23d9d51.html
Size

17KB
MD5

1524e188a09173dfeba6f3a8f23d9d51
SHA1

c02928bcc9672dd41593225b876b83c8d150bcc5
SHA256

a8742ac85f7bd2c015e5edfd7bc534ee0f46d985a3242aa749a9b2757ec8f292
SHA512

b79a35d89d269803e5b754e2884202c4414e21f01e6381b8a29f8bf7521072004c999608ff8a1d2a2b17df8c5b852866622b30a2a99222bcd76a5fa1c8e5d544
SSDEEP

192:Fqxdfb9NaElnnucUdlOAI11lLGAPhh47uEH2etZB0OQ0msNqdVhvdAYl8o4C:FqxN5lcfOAWXJhwTLmsNshlfl8tC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90835d6cdd3bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000008febef730c93070db60be147b9eb6cb980702a0325afacea84b535068723c203000000000e8000000002000020000000c8964b567bbfaaca96aa163728369dd96440982087bf1f4d9cd82b084b472280200000008e5385f7e9bfef46ba13832eac7f3e8698682b1cf6f5434b56193d6f7365e4b940000000abecc10fe9249da49cbe7fdc10883c04fa3413370b44c144fbb04574422ae5c24b7f1a88b25abc0977fa5e76655fb35fe0f6245d8f35b4a906f4c2f34eef6dcb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410184348"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000002009f058c9bc32f2f1c345f439f9cbadc9dc93312dccd31bfb1ff81ca6397244000000000e80000000020000200000007873a39af65dc6a0fc95cf89661aa79d4f99e57057db13d94038598e96136dee900000009fa822263b65ef23bd29bc37b35ab7a135560622fc43e18a51d8bc2d1ba380a18c66aba3e31a9d50444343a162554a1f1efad5712a12712cd6f13d8baf6ef6192446c600d6d16b4d2e5e0c49941606005a27966928cdd48b352d33c936e53c0112ae1ae8b32f821c0a9e008519c88fcfdd9c56300a7dcf41bc28148bf31bda29a0c6f7f0950b7ca85054f7aaad3925bc4000000030d2a5f39d9c785f92f3a4b4edc4d60e1a4284057cf5d4da6f9f7e01099e4f9ee187fcfe126e07cccfd1a53e62972c4c68e9b16ab6c422807c600649200f0cb5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90E3DAC1-A7D0-11EE-B0BF-4A7F2EE8F0A9} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2672	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2672	iexplore.exe
2672	iexplore.exe
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2732	2672	iexplore.exe	28
PID 2672 wrote to memory of 2732	2672	iexplore.exe	28
PID 2672 wrote to memory of 2732	2672	iexplore.exe	28
PID 2672 wrote to memory of 2732	2672	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1524e188a09173dfeba6f3a8f23d9d51.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
672759ad13e095ba1e72be97c9835ccd

SHA1
bfd29d0b1e2d69c853befdb8f3109bf98308ca76

SHA256
cb9c2f68abe3ed7ffdbb681556419fc1f3dc92f9c38537a08fb600ec03239041

SHA512
ddef73122ecd38112ebd478b728a0cadd813ebc4ceaff815ad8416e0de8418b350750f0bd8efa29a9e14f38c0fed76aac4094eda6d61500eb7c8387f96c2c90b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
678d6fb940f45ca2a37f7101383c71d9

SHA1
ca901a7903284ca523f7b9421b0d0bae4923338a

SHA256
50334b3b1d4399e835fcca6a62f348d819b54b0315baad84481c42de853cfda8

SHA512
054a3b5d5a7bb3cab16c8a0bc66ab1605b97ec6e0f5bdde797f081ac38893b0855d64c9ffce9062248838f82a4d0ed3d011c4a69292a2167b6c85e59c26455ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
040fbdad25860d435c8e4c0bb1014e5d

SHA1
567393108c770878a7d51781d2346a8c6f79ff1f

SHA256
12be1ac02a57b702d29998f63ead5ce25074aa9d99be53368062c43d433ce6ee

SHA512
3c77d839f1afe4ef181dd13e0c93c881b576ed00fc4767160d6a8ac55490d50ca56024b5be3c499aec2e932b1bd7f689df591ec32ed001c46bbef119c7b91120

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a161a32590dd6e5fba59e99bb4e81d2

SHA1
bb3426404563317feea4f40d340cf53e7b77b8c9

SHA256
ea57ad0709d82c7c9f2979431399f660cc7cfd143f2f39730e5040ca25690a1d

SHA512
65443dcf747f55900c60a76e1ce7134f0058e5697c2be137e2502db2833c2a94e62d5af8ad8a4f79020d3c926c78b7c92dfa1c349358a74631966f463961d84c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8e7624fd1c5377750966091d614f734

SHA1
49d02773b0dc0c3030cedb4bc4ff8515110a0c19

SHA256
b176f7eec22870b3076ae82c98903360704f34f850e6a925842d3f0f7824ca3e

SHA512
b15364785d2410020cec21a0048bc7504df734e84cd2f1e9388aa0ee1dbb07b74b8c2ff9edf14b04cfb239ac4c7b55b8c55d101e7f7d57d69c90ba1b889d58d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0554d85de776d0271f97492794a0b828

SHA1
f3e0b880956e9695c5e1d1f5cbd8646379c97342

SHA256
65c6560c632ef62cdc080c7bb4d7ca6a84e3310bb81d2aae62df3bc43c0ece7e

SHA512
07c38f93dbce8920458fe9b6256cf26231ea7c3140a67eb9c3b47cf2e69a05a94a33655ec52c557bc872d66dba1814daa3cf911e116c106f95062bb88d08a7b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b760d3e8ffb94157aff9d4a768dba4ce

SHA1
1069f1abc9ff465758eb6f97f8f27b477e15646f

SHA256
8e0cc2ae09ce62c7e249b6df8096a08e2d0a21fd2873e2b20e89c01b8a8c52eb

SHA512
9f2468d707cab5b793d9981a8e23ad643acd8ebafddcc19ee7e7ba2959bc06ccdb64f82f07bfdb675b0faf0d42404b112993743a42076f3a71557ef1b5169ca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65f93e73744d646b55794d9ae126b67a

SHA1
b936bc135930952786efba857af80c7c1e705d0b

SHA256
fab135d4aa5271959a32ec1d1a242efc87166dc0f761061b0095eac004cc5a74

SHA512
064875ac7be1525df992a0cd7a2a435292c22b5ccd5f9dcb63c788c0d144a73a6d26c123d7d1a5f933781b432be61427cf4bb9cd0d515df409f78f69cef49c59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60368b0ccb5b28c7590f88da7d61ce10

SHA1
285ff85bf6270c93df733a6b481150efbf2e1523

SHA256
ceb2cb5a418ba8fa55f655e77cb6afd9d7bce0e66bd478b4959b68debad103d5

SHA512
358ff9c512536008e3091bb9d8fca932577d592f386a3f9a2a5eab5791af1d0b2cf824ab0891c3d215a3f1dd39307a7f3000f09cf56aec08b9ab04adf6bd502c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3fc3fcf4f0df9835f24256eac12c29f

SHA1
fd7cedb6901699e82548bdd31d57c05913167aff

SHA256
c1f98daab2aeccf3faaa68b9201461b65ca3a0f86a9b7a2aa3e31ce0bd1f9ae0

SHA512
0b8a065d65c947d8c1f85c9d336e3c22ee3f77ba6f875cd8063279ca375a80c7634490125ae66f71669c65c0b9a569b75e22b6f404508620fa1b797434735a36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
956de7c0900508ac353ca9d5b43289ed

SHA1
a3ac738e5c22067803e20e18ba497956337dc64c

SHA256
1282d988052eee9071c2d2c877d6ba280395e27323950774af624fef32bd01c9

SHA512
fca820fdbc12a45581d758a8457eb2e1f0078e89f2e2a47444754cdff1ade35e82fe21cc43e327cb2915827b24789653fcf0a2b92937ce57687ded463ed268ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f67415800de9ed8cbe59d62af1643e4

SHA1
f2f55db08e719b58cb035befbc4bd06e98396188

SHA256
f78aea4c4c9b9183c26e5d24c4e1acbe6d6f005959cde7f26003731a944d8c0f

SHA512
f9b6413dd61df4b0751d7c49319f05fbf7d80ff628c0f162f1794ea1edddc8c25ae07999629482e7186f533932ef99bd03474c36621848c00ad178b7e5fe30f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62f2322e4528f07e466638b1e38a92af

SHA1
e9cc900bb99796d36d789af09bccfe862d9a691a

SHA256
6aae8eed6db01f8b75f857431cd9648563766f7b7dd7d29456119075d4577249

SHA512
ecefb43a67a0ccd9d67d8def690af33baae8d9293454bef72b2a74735a207729972ad644dd6d23f17b40d2fde3b0b4ec0663649ba485947b1cda711dc95a1251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67c7fbeaeb9dc947a7bc6f047cd6d1a5

SHA1
5a60b9b6e05563544d86896767a77edad4b3f5a2

SHA256
0c6a785b9b544113c45306370052e9b26909187509536e820dd5e70d125678cc

SHA512
4fcd242b9b53add9fc211c40e1c21dca69089ad77e4e33fe6a4d6f5a33963c10b7f7e8207181f01d6c31e4dd36f72c29ba0be22b57f88cd23ed65bf628d9b49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab61E0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6203.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit