ed10a1d13402e3f049a262c1d26acd9c33c1f15e2c40790c31371ee2deaaae3a

Analysis

max time kernel
0s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17281f3f03c160f3d4d8c18648782880.html
Size

17KB
MD5

17281f3f03c160f3d4d8c18648782880
SHA1

bfc4d5d5d9d5d8c996841ce1fa33f141bba2109d
SHA256

ed10a1d13402e3f049a262c1d26acd9c33c1f15e2c40790c31371ee2deaaae3a
SHA512

9d9509158568139524bfc339ad69635854ce49243d3b7d866a37baac43a50b4a028ef3c6d51083d91973efc1d397290b777ea1d0ee825db49ae26954f3c2d6d9
SSDEEP

384:HfRIjUDGO2G9kLL9j9F2OzngTIsms+sGsENm2gCXtkBPziMKxvgFBMYrt+g7wrJi:HfRIjUDGO2G9kLL9j9F2OzgTIjnZHFgR

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EF946D31-A809-11EE-A29D-C2500A176F17} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2192	iexplore.exe
2192	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2196	2192	iexplore.exe	16
PID 2192 wrote to memory of 2196	2192	iexplore.exe	16
PID 2192 wrote to memory of 2196	2192	iexplore.exe	16
PID 2192 wrote to memory of 2196	2192	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\17281f3f03c160f3d4d8c18648782880.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
  2⤵
  PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
100387c21b8fc564cebc5a8c99748f20

SHA1
7a4c9955f902348c2f4156f33cbd165b86999226

SHA256
0b38dc146e1b5cd1325f072f9a78b9c43dab2e702cb4f1db8c870f27536fded4

SHA512
c6d2fc6d3eae0fcbdb928e577e52e1f6d71bed249b38631fd8185cbf005ff1c17d64b9e713556815e8a26a45353aae9c401ce9aa30d39c475bc60694520362ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7e3009650400f005f18aeba636b9c65

SHA1
b38bc4f17e8201ca5e136d481105afedbb76268d

SHA256
112e5d10039603330fb184fa5b80ab05fc64bbe8fed974dc8c7eceffbe00a84b

SHA512
40a65afe42f21fc9e0f5c60ca77aecc7bf104f5e9c3e625e6f2a59f9a50b7677f56d9b06ada2151c8a070f74aea5f04560c8f798a1c3323666886d791bd5699c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
083b0c6f58e556e5d2df7ce262ee7410

SHA1
7c4461af1c022b90660131950bed61f3de4309f9

SHA256
2fbe927c3857f53d6dfc15b9ed50aed62c5e84c6f5db855a3ba5ed55436749d5

SHA512
5c8dbf96e1d251f85792bf2c1586d901e369dd7c56f07ff091649df49da54a1541741e56a28a1b2bbfd7ef667dbe04b0b9aff51f03d0d71f7b00401b482ee4f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a97c256c08b1697c9bec346f1d1a14bc

SHA1
f3a8f84ce8fb654958f69f2aae938a8c229bbe32

SHA256
a46b32ea0f5db6f4e6fff1f902772ac6c42b9e1858edc0ce2449abfa32ffb52b

SHA512
228afdb5670d7d6c126f2bd71351fc522ca914bc21ef5c347a49b14010a46bf24c328aa403eb73cbb371d0026fa85260d7d3ac9a87fad9a7808e8bc824d470a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1337130cb35d2adb37d5c546719c04ad

SHA1
d08bb0ae9594671e78a2e6de9b54aa2c7cb18b65

SHA256
a8dd3e465bc888e6cf18e324a3450636376002de3961fc2958ae9c61170fdb58

SHA512
15ca65da9fc0c23f27f702c1d88c9190ce7edffd727ed4e653b6d72c41b50cc6b4872ceca46a35d5931c07ff0f3594cb603f96e47a365b34ee798b031de298ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
368b6b2b0db752157d61750284cd12ad

SHA1
a62ba27e3913f723e6e63af63cbf92739ede89c3

SHA256
4a4fd60a5a5b7f55e73788530a1f980b811e7e2f545b187bc2d05135ee760e69

SHA512
c43d5c7ee4ace056870935ec00e0701098bbeed7db7b6f61e8daf1a54ef2bcdbb97ec72b9e761c4cbf7410136e8d26117e2c663db00a19b6cae7d99973662d4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1165ff1bd7aad7fa9cc71fef65e3064

SHA1
7905bd2ed1ca4809876352750dbf421a38f4529c

SHA256
bda61f3465bb7e418a5967d085f8737ed9f63b778a9d26c5328836c5bf334050

SHA512
f641f9e2e7fc59d09761d591035c9170ea68fff0cbff68f3a29e793febb92cccbc5ff0517f2cc19335316a4b14569e24162f183440109892417fcc7b1bdd45f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
117fc617cf5d25964f054935a1fd3c2b

SHA1
7752413cf6bc51bb33012d1e88a895f77e2fe616

SHA256
8a59b54d6b73f93f4bab133a7b85461224e8212e0f74c6dd0ae987d6fe85e317

SHA512
d860c4208fac8bb7900597ca83ef4d15a2f67fcd6785c0d9d4c453aa83561bd5c42d8cd85fc85cb666ac94d835fb9d31bd61ee6c90b62d9408db2dad905511d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8690.tmp

Filesize
23KB

MD5
649aa319bfe792a3cb282417a6121968

SHA1
6b1a47910fd718d7d1b0182ec02463cff3e9d53f

SHA256
1a8cb3af990598a3fe327de015437f79d28c4901644c684d5073b2ae5b8a69be

SHA512
9e486d1ccf25cde49a5904b2a64d03137e32a5fbcf7c86bb297530c71c220163e716b255b16224dc55aa7bdf6b5c70288d36771fe6d2a7a80e7b46564c057d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8BE0.tmp

Filesize
24KB

MD5
c3172c0195fdde5df69020d8a839d896

SHA1
58f26b97942c79dd8496bb3bc1c7dddf4544dc9d

SHA256
b9c4022a64e51586c3db0bc3f509935ae02b3fe83ed6bc334c2c1d03365f4aa9

SHA512
2a1dda4585b6cb023b81462405db03170c9621fd50a74de5db6a71dc2a0e4dd9b51955fbf79eece0b019848654fe3b0fd19e9bade7df71d4a0e1cf04db43ffe4

Download Submit