dc4af828267c698382d3ad24ff449ba8ca3318da8ea739d7abfd86ef7e25a009

Analysis

max time kernel
147s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

198363bc57c1d5135d21c48172a226d7.html
Size

11KB
MD5

198363bc57c1d5135d21c48172a226d7
SHA1

66810c633e8c96b738b641079e02f0f1cc05e3a4
SHA256

dc4af828267c698382d3ad24ff449ba8ca3318da8ea739d7abfd86ef7e25a009
SHA512

71bb30850e876e6c998c30b504ea082a3b9bb005b12bd5ae23cf3abb26f91d0cfcfeea5c4c03d9a5603af850cc52ad35a0ba777f4a5d1d51839ee157e3a3368f
SSDEEP

192:2ValIsr0r57M4zxaCT8I9/w1wvqVkt1SZauBuLbdU8d:salIcIQ4zxa09/g8kaguLZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410225072"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d043145b3c3cda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000548aef18998978fe91437f1367537c48cdce0f66e775d97c4d86082bfb4f4b3d000000000e8000000002000020000000283e433d9d47628bb567398371e075b12625c3b9795af725b3f9ccd3f254087f9000000030007ab80174efb0437e4a76bcc15f9fb005980288c9aef2fbb59621af3aa6120afda347d1567540c16ecbef34abde5873268a6206acd3c898a7ec7234d29d3be5c9bfa1d4963982a98edd231659a5ec157dcbabbac288bc3e86414553ae76eaedbe682fdb48005c2344bb6aad674b17b073ba328916832bb2d434b6767d437d6dd4cb16a4bccf3c3e0671f94df512e9400000008bf8bc6f624085077bae287aa5128d6d33f9741b557706241cee515d3aa05229b03f295e556e155d81baff183e57aa9f965257dc438341c3de999d0de31c9a15	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000006d1a61fba7da4fd2d38c30baa7b2b1b713254ad58ecc4b3eb524ef92b5737948000000000e800000000200002000000051fd09b1de80bf892b804ccdb9e0adf68bbc8440e878cfbaa2d89990664013aa200000002238f21c0c2060eec629f4e51ae73a943328a7e8edb6d6cbf7c32d39811c17fe400000004fc4045d64b4b736974e73cad95a75c0e6ea46f27b4fa8022c8e91d10d5ee2b26b0038d9e952d9c2364f6b4e33c52032fd29eaad53b338092bf16267d15fe184	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F603D41-A82F-11EE-8AED-E6629DF8543F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2756	iexplore.exe
2756	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2700	2756	iexplore.exe	28
PID 2756 wrote to memory of 2700	2756	iexplore.exe	28
PID 2756 wrote to memory of 2700	2756	iexplore.exe	28
PID 2756 wrote to memory of 2700	2756	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\198363bc57c1d5135d21c48172a226d7.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17ef6b6b28ef73a3c97fa55b6a903291

SHA1
351fbbc78e3cdad620be8e54c84ee38db06dfbbf

SHA256
a66ed30a79603369e94e6e6711008401aa1dae71f604f90b7376f42b250ebf0d

SHA512
54bdc9948238c686ff0cb56246e0487588c0a46286f35013e211cdac5824ab8d1fcdb96b9b47f02165db0d6fa8d86d47c78ba4dccdd2912a47ef5ce207f0980c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34dca517a4fb0244b076c9aab2e6ea9e

SHA1
0ce50f73808237028b5ea47c55564a366a20e897

SHA256
4fbf477fa8448f4ed449e0d4ae792b8319c324dfb5b1a85e73eecd045ab71f07

SHA512
4b3b55bfdc8601c1b86bed27f37556aa5025237d1d628d94ab2915197a6238adcc72fc1f9140bbca26f3bddaf5f32e2f150d073b12c6026f51863a7a17c34696

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b8da2dabee5eaa40be763a1d551ce6f

SHA1
ac9e5843f83611e5390bf3891c2c1fb19e45a09d

SHA256
5899b364819935c4ebc7c6fe756de26bb88f5aaca5a42b37875b9877421c260b

SHA512
a1e8d007a0bf9f4ecb2befb1159249568ff28c36e1b0e3a8d6b7d7f525a466d010b09655f39be8e20e3b71c58ffa0e0d360626f23075977e158448bdcd3229a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25ab69a46b17e5186b19de47d946cc33

SHA1
a78cfe62905e813fc2adc450b903a2a938c898b7

SHA256
f44ade9115ce5200abc7ef7339fcf87649ff0f43d841b7bb0fed1444bac4dd51

SHA512
90d3d6dd44f6dfb5c6c95ee3c1449c580c22ec73aa0bc8bed93e07dfc64b1af582ff043c28c066c8ea72f9b7edcb7b39ae48b5045ee94412e80562c2564efde8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15d6360215347913e1e8ad0fb7b2f96e

SHA1
bbc9f168b0353dba11f05c566e291326adba7e6f

SHA256
4a9a7256881d0b4bda741d10afb8d5fafee576cd7cad783467eac31b25466121

SHA512
1f43e176b220994bdde3c96d6c71bbedc431a5e980eba6ab5751087caf389f86ac36b1e0b418dab9c8d1cfb4b4965340198a331fc936cb19eb6e783931439035

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e93468c4be97adf349edf73685e8d2fb

SHA1
86f2d0e549231d9e04ebee676666e5079f2780a9

SHA256
7666965bed373afabc5ca1858ade68cc6d80911cae8898d5fb16847f675e25c2

SHA512
443e67ddf9da39c4736938a87aec14b5344d1f73109e7e24068f44ec4a102cccd9ac1805ebcfc0befc79a87524188e3ff38417d05d2322774c63542d7c1863f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13ef488f0800973966b243f5145c2323

SHA1
2f37f6661d6c3b138e9073f256c7c3ac9023fa7a

SHA256
d1abc71e97752e7a442d937abc06e282ebf7953d6d0920a18862df900e0d70fb

SHA512
ad3c080d3c6b7f16c9640f45f65d3020da9fd40a3e512356c7b6e64dafd8ff18170b60150f388e0ff1427607990e7115ac541ea4698f8635e9dee1fcf1447a4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f11eec63d60e04ba257e267113b62146

SHA1
5b76ffa84f2426ce792993dd492d3cd085c261f4

SHA256
795b3f9e4b1738520d016032ab5fb6a55ceb6d3e247587183912933208cea194

SHA512
b1b87071188ad7c3faed9e5436b14bb5decc2745c88583b996c33b436b0ab2c0e0583ac2ee9e21d34c8feffdf37744620f731419834d50e49cdb6ab88a6f271d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e62a554238abccdcda00abebf2bdcfd7

SHA1
5d476c606f1c4703b4df48f3191a915a6c342cb2

SHA256
d4b049473efd282e15dd8b21504077024758e946d0d4f1e785973682082dbb49

SHA512
6194f63548547853017f89e9c81ae16c12c1ef070052549a8c9b016ee41fac090f4ee6b65bb0dd10c7ba15458ea48e156da8ffb4f2124495436570b7d4b9978b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7c709d0529047416f26e5b192879959

SHA1
0c1142a0b01ad3fa9bdc9cb9b9bf9cb5f03471e1

SHA256
f1c27814d9f1d068f62f3276adfe0171187ab5862ddfa540630f9d6baada6e10

SHA512
07de04cc0157e3aa472fd9701b25fdc204269f1d7d206a8434b15f2bd37a8964d58e936b2443d4508cf34feb08a3ef860c6c3dc5a420bfa6e93ba0c671445aa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23569da100ce2e01a662d60aebf76ef2

SHA1
258ea0983f702da3fc310b52bf9bde5218b16f57

SHA256
3f417ff040d12686884c2e14fa97925e63fbbb4da27b5d283d1c8b5772d0ff52

SHA512
433e200fda8f1239b32bfdf519293087f2e42710d4f8f775410c9146f603bd8971fa64e732112e7c486ac07e94022e1989c0d91e77d4de16ea65253157359c19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a81ff78afa47b4aee823a0118181e7c8

SHA1
4b00e04941ed47b9b00087fce03699b8f7174f48

SHA256
0657efd2c4ffe91041bfd86bc920f554e9ccd6fc02d7ab4004f499c9a99e6421

SHA512
da24b128ad5c6981723b8fefd3c0bfcd668f7413ad97af96e47b28c3fd7a0effa9a45c3882cbb20482a922ba414b8c056944beee3bf58cd53194d732b6cde347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b1670c0561f6746f67b56e4d7a52693

SHA1
98ef4ec95e6b930f3b433ced7b32375535ec8c7b

SHA256
d4fefb5db66eec5af4c28e5cf4dbb07a567b504bac5cb14b2632c9f23092c16c

SHA512
d928f0dcfcac7d2ad0899a7f1456423c09ac4b27f7cf5c72e88481ffd1de470cc44c82493d627ff068e752dc1b6462c4aab72ff0b567b2e697b3db138d079801

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4b5aee56f8a998afbac464d7d4f37de

SHA1
ad3a2bc1d190743b7d16fb36d299daaeb20fd096

SHA256
fdb38ff95036e0d5338e9a6fb7a5b66294059078628aa7aedc8810bd439d77d5

SHA512
f01b143484ad59fe71d937944107e1f72348e72ee784f786082388572e02e7a80c7c6eb91e6076d21f46cfb708a3f18930fbfd47162c85cfe1dd119eb368dd6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80930a7c300299c92df4f3a0a13d76b3

SHA1
c6fd76e0c700de8e653c1225f8de0ba125d833db

SHA256
dabebdac8bbee7ecc7c5c7fafe57e2c489ae340cee070f04a65fb9c882bb3ac3

SHA512
74ba128df8c479db7d1db78c454b456c2b74e6d241607467b0a8deb728615bc8ade13601dbf691a2459f9a1501fae5f0385b6a550bc88b3f106091d4eef8445a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0baaee23fb755ca2870326cd1d61979

SHA1
94811e755288984a7060685cf3e4ce94c9b99b60

SHA256
e0a45fbed6a08305b16009c5ab844f4344624a9c6854609a142c4c8c2a96cf94

SHA512
31011eca4b6b4813efe768032f53cfa430284e66adaba0d55f7e866477bb1ec086b0e6f8e2069c13ec30090287958b5949275e0bf07fe21c4ff4d3c44ba5577b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f113b6f19821bb629f277598d88c863

SHA1
f7bf31184faf55a86ad3899a6b01142de81f565f

SHA256
c7707ba81a0ac7a03d37ce2efbd6bf15382e9fb92725b135214e9658b9298fc3

SHA512
d21d5166c23a0cde4ac41c5c491e0cc2ae76bd6a12e50b165981276bdfbc7f0dbe9035f357fe4c7cf5845300d2c5edd1a22fcf3f06e6c4af8d11f76014e9221f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab73CB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar74A8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit