aa6e698a2b1b7d0347e9ea10ba859ee3c7adad2e82612138deb2331fe3fe7042

Analysis

max time kernel
120s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

163440f219226d8cfa286176e18e5f54.html
Size

4KB
MD5

163440f219226d8cfa286176e18e5f54
SHA1

04ca3d1a1f0fae7d3691f06265553532a9a612f9
SHA256

aa6e698a2b1b7d0347e9ea10ba859ee3c7adad2e82612138deb2331fe3fe7042
SHA512

dfa9cb58ebb7a979fa4f3aecfa8200e683273bcfbf6efcc18e5872610b08dff4882653d131d38dce3a19a6dfd9e9e052689e56759f9eda82c31e01a689859609
SSDEEP

96:rf9seakGiwLsvfpFFOxUEsvBUqsOeN0Eg9jag0MwU:rf9FaL7LQFIaHvBRlVEg9+g0MwU

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b093c17bee3bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A602BEB1-A7E1-11EE-B754-4A7F2EE8F0A9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000dc9020ab3f70bf28764e9cc9ec802f4f4cb1c3d175f9d42324a1e804cfb3dc04000000000e8000000002000020000000f63678b38e049f91e8878d1f8c752ce6c9e334d5b988dd0500877f6394cbda2790000000d54e29a7e1b27e673670420d2c03c44fda9f81fd2c6e23897fbf9a0232eedd464fc56051c45993911c303f8aa824c27ad26240dcb2135b20d7c9272238daf268a7c5c9734aa4db19cb9bbf746fd78d8725953312ea6b333a097a3b7e7f4469a45b7b6b2fb40c62aab5faeb4ee88cbbaee38aa0401683de7f464b798b28e7bf278d694f6bef27edb64fe9ba106920296540000000446744a84ca5b9bad2becddde28bb0c699f82b99aa0dc85df427b7b1d04fe017ccaec69745297b96a8df9c4dd624f88ac8eba095aa5ab50b00457c52891cf642	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000087fefc9bb0c4e36fbeb44a99a6942e1ee8a838efaa820070d3b850627c8fa994000000000e8000000002000020000000303020d172216b23f7414562efb2843aa37dfae460606bedc279598ce7a67bb12000000034387ad79add7063d288f7ba275fd122b7e2417977477546df35f0a2a3b1b10440000000d4572e9ce22ba1f8445f84638130c8b954eaca555b6f948b1571421c4150f0bc58447b4b29f17300504ee2e1beb1cd611cd401efd200d9f511177dd017fdc3b4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410191682"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2236	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2236	iexplore.exe
2236	iexplore.exe
1168	IEXPLORE.EXE
1168	IEXPLORE.EXE
1168	IEXPLORE.EXE
1168	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1168	2236	iexplore.exe	28
PID 2236 wrote to memory of 1168	2236	iexplore.exe	28
PID 2236 wrote to memory of 1168	2236	iexplore.exe	28
PID 2236 wrote to memory of 1168	2236	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\163440f219226d8cfa286176e18e5f54.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
369310d53d38005ccc868308fa281668

SHA1
70a904e8cb01e0a79f0d6be292b5eba1cce38a6a

SHA256
7085deff2f74e693e61e38d2781066b057b813cb4c357a7adef3817cb037664c

SHA512
88cd3b2ab5e09b6cb0520911dfe7f9f407fb0bf5b4be6288374b2df6c3ab96e7fcd8cc08081d4728d0226ec2b53102beb094fdaed08143454c97284feb36d830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f19ba59f225d8635262dde2d50d207e

SHA1
514c1c15117a951eda8cb1d8f90a4416314c3d0d

SHA256
46ff23b58f71aa0ee3cc94dbafa1be294fb1a04ecc99fcc07e97713fe6793790

SHA512
a98188c0a0aa997967765a4307b5d753b92afbdd1a1f21d969daee2b560377347c006eda211d5950c57b51d98a6ec8094e83d4817ed5fc13e06e125a99118529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47c7507d97c99be8cfb060e4a5d48933

SHA1
9e311737a0f89e0a6ee6647e5e70e4753dec3b7c

SHA256
e8cfef29a9be03ea8d6692ac2530d38422790540aca2b2448c4187927f0c11c6

SHA512
3be017836400d5e0536c9de3d79c238f2d62a69266e57855eb20f15ea8d109d0c244c12852b0800ceb5c1cf33083bf648843069a5008635bcf8a2cb5ae674d3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2cba76faeffcfa816b37476d873c0764

SHA1
2c23d838146593a5a2d5e511841548fa1cdb70e8

SHA256
d1bb035ed33115aa31cd317667a2a8eacfc0b5554d54bb8976cc44884e66bdcd

SHA512
9c4a5a50f5d50004d2d33d1ef6565e02a90982fcf81469672763d821eec899e0f2f45f227f75bbd003129fb04623f3b45ee7b506025fe19f1dfdd2735c73f97a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b49d7fd6027353885bd57ad387dce7de

SHA1
0365b7aa1341afc4fced097389899b78c20754f8

SHA256
bde19eac0f762f2d31c93757010681e8ec02a5ff895592043c27b899e824916c

SHA512
92ba1d2ffe4e53ad01bff319bb6d5a628936de4693aa88949b176143427ce6f2be4f79a4293b962f95c60e24ac924b372be3409290973b5290f37a137825ed1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
554445796ee35047a80de60dc62aaa43

SHA1
39e6e7e8b8b18685a2d7d950d0abed54378941d1

SHA256
e33e50df6b4ac163e32edc5fbbcb4558b277f610beccef5da3d3aef80d5a88b1

SHA512
298480dc5f7dc6783fd9819ad336f3b72eccf8597c0b9b5747b762381d6f368de6387cdbfc79adbac8e9b16c06b680f7c99eaae13b39a250ca7d7d90d189ed07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bca6017a1f6ce758fa7cd79aee273d92

SHA1
04ef677817f213b87969e134784e662a498c70c7

SHA256
3c5eb9545261de41e6cbf8fb6309a27cdfb3bf83be5d35f06685f4089aa0d0bb

SHA512
41af6d2dd35e84e15c504fe5f383c8c87fbcf6e40914725bea976da9abc1b040f4c43a615acc3b65bb7109668a63b6208c7144870c4e7d76ce6b2be9f413fe86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8473edf3dbcb6cfb75069979808145d6

SHA1
f3dfd348caf6d9d065f7acf45741124e5d1d0e27

SHA256
e04dd1fea5202ccc8514677221b239c6ff12e9060613144364872d2e819a669d

SHA512
fdf3189a03e3d492450e11b6a5021fc6affd34572d4dd0fb0148c2329c84becc5334629ac919f7f8a7ea6af8a6bc12dd5a55bbddedb55edca182f7ca6b54ebc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e150f8298ecfb59f963dbb273d4c831d

SHA1
18a35b3d73d38c7f2201d155310175496a02c017

SHA256
4d06e4435085ee296593e9df9cfa2c1f26453c18adc6f054939d5b4b0c0fab9c

SHA512
5ff4ad8897dcf2d88f1291d9342f7e9c4c3e2bfe1d754d5fca11b59af9f0fb93959d7c365571915c72d272d52c6a248ee7a652605c5e1a30018cc5dd0b01e292

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
183569390e398891e3e3f6e308fa386e

SHA1
0beffd03cce2fcc2b45971a6aa9eb2d93532aa2a

SHA256
9639a482f876992fce39c164405da4bcb1786cd756d30a5fb162faec507ebf6a

SHA512
36b04a9618dcbdafc1a838740935a1db7e8eaeaf438c23eda1cac8637aa02130c9346daef3d6f04160a65930292658bdd7fab052f609c6ed11045a27ada7b85d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e4bd4978f7ff9ad173f3521db0ca395

SHA1
3f3e448c20b98cc7bd89e08f31acc2539d49c13b

SHA256
26b9303d1742549e5d9536b43263b9d8223b5ed05682b24fc9e475a1b05e42d7

SHA512
994595c10d7666354900d3af65f7dc72bf8156ebe8dc4a3ac37386785f9bf859b20e7fd115fe956b0db86e654d180c42712ca7589ebbe3713bfd713d20adcdf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04bb2007ca7c826e479e84ccfd6b9334

SHA1
123820bbc185a3b261c536d8ce2c2f4d78f5161d

SHA256
d7f077a220ffe087e7709c9593dc2f35d2318edd66d8832bc708ae60d367433c

SHA512
707633ce7aee08e47e03fd8f074f3fd7c44d408b8247f60fb77ae9df07aa53455cfa39e563795810ec32765baf495891ea69985348f3516a5e4b912e7d4e79bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d338b286661e601ae834b5d83376dc14

SHA1
3b98995307f1e1cc49a502d1b723eadb663d0060

SHA256
f3ef6f67a788d5cc9a74ddec8bf7d5f642c4ce676185b8a4b90ce611ca851eef

SHA512
6e86fd56b04931af2e0bcc092b5eb51bdf34df9b6a5b4ebc6764d2ca9dc0b753c4c66ebfc2fcff74ea41fdad67636db552586731902f35a2513fcfccdbfbdd41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d601cd36c3988e1138b80c6bfe642e0

SHA1
c8c5d164d0f376a5845f3ed02a5abbf306d67723

SHA256
7200fbb8a8a10641694c51625a07da339be084063b6049e479939b594c48f650

SHA512
58889a4118494d1a6fb95b4f46f3e04932b3b8b96f1f4c892ddec95752121df6a838a22bf2ebed67fe26f10712921d381848da716b6d53e363e7b60a5326b5e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4dbd32c79e6cf526452e178ada1af89

SHA1
7f5ed2673ad89fb73c77e3e992c1e80371200932

SHA256
b64c5b2a810733c1cf9f4b21c0f471898f9db0d3b1bedbc84381504d23b50010

SHA512
e04dee9d000f1f2e1788caf948e38e691410a386d2d407ae2a9c1078c3dc9ea42711197ced0d3ddc0ee117f9cf709a01348a2e72cb8cddf623ad210f92f1a8b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a04ac846114626811dcca152b57dac89

SHA1
36e0db22ce8955e793d41ed704765bb70170a4de

SHA256
7e7fb60c353552d4ceee285eb304695dbab2f868566a90c52745490de89f47d2

SHA512
d04d448893130ede6870f8b28c262fac46280e5c7cfab3c1f619309c6f5afa5d5742bcfed309a7dc92f4cd0eca502a27f1d81e1d6583de31e553e2d83ed71953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3502e8f49bda160e3dbee6308394458b

SHA1
9a6d5a3d971a08d948336057b2958d0bd5f1a6de

SHA256
505675eafda96f6ff1ca1d1269c58a280d9f476e091ed070c2f309a56ccf8e36

SHA512
f8ef816bab5e51562768dba90c12ec4714568d350b793eee046fea4f3b642861a5856234729b09d6ad45f02ea6f604770d2aa7af86b8802f68e24a14c12f8c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA17E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA29C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit