039461cbff1063a8ea8ce38ab9fcdcbaeeebf684e4a0bdd8f0ef16bf14828b27

Analysis

max time kernel
4s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b9fb1f7707d6bd4d9bfddd01fe829f5.html
Size

852B
MD5

1b9fb1f7707d6bd4d9bfddd01fe829f5
SHA1

a4f1ea5014fb48bf778913a7d0b652ebd71ba043
SHA256

039461cbff1063a8ea8ce38ab9fcdcbaeeebf684e4a0bdd8f0ef16bf14828b27
SHA512

533ae194bcd6647b3171d783806dedfd4f7667fcb79971d2afdb2c99824c9603df54db957777dc229506d04ae4580f45a6a9e640f6b18d7667c03968c9f62f63

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46F9CFF1-A857-11EE-A00E-42DF7B237CB2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3024	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3024	iexplore.exe
3024	iexplore.exe
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2660	3024	iexplore.exe	17
PID 3024 wrote to memory of 2660	3024	iexplore.exe	17
PID 3024 wrote to memory of 2660	3024	iexplore.exe	17
PID 3024 wrote to memory of 2660	3024	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1b9fb1f7707d6bd4d9bfddd01fe829f5.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f09b91d00a049a74bdcdebcd00e11fc7

SHA1
39a0977d179bb8c2b7597465c5011475707efdcb

SHA256
de0f24b20b369d9f6cf13e5275ecb452e779c85e88edd0497fdf9e7b060ab811

SHA512
18f3aaebf173f55bd16e8241929cfcdcc8aa369599c72f7986b57ece458894db10821347b24d1f5b218a906dcb96b20e4c2d217403c48ae74318c1afbd5c9548

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69b7f1b2b93d9e51e6f1d574c4a5fd8b

SHA1
8d2b49a54fe51084340428c906b4ebeb7b8e2a8f

SHA256
484513f034ddf66fd3f73919207609f0d3061ecef7cdd23b2c39ce368f1371b0

SHA512
bfddca630aa9d6a7cf44649d90bfbb37da09f50f62828cd365c2d6634d84183b89dc513e73f5a88197d0974ad5c5c9b7459828d975d040c435b6d9889c31e44d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad0c62b0d520f85bee6e1e1b074ece5b

SHA1
7b40d3447193b74436a7d4a2b72e042165a81678

SHA256
36fa953661dba7bbb01d37c0702af3ed897a2133e5554194dfe2cb4b3febd2be

SHA512
28b6e46833ef6ba073c7410a53475e8f6d4107076c0cfc40c3f07255d6ba37a1d72f5309e5ca1faf7b8338fb2dc304847b25a977aaf81d03bdfa036b3d997de6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f047c186271583835af5e2029f298f0

SHA1
0fdd1c4d61c11ecebed2e9f23ff339c96dbd707a

SHA256
10c09931ac73ff1e7e2b45edd95db25742dfdb585c1018631b40d961efd9fbe3

SHA512
39e47c5e55ecc388b5ccc9e9d32e10974ed45d62c293d65469942577e25637c353937d3cde7a2ddc52753104f0de2c9229109f78736e890992b6cd245bf00e09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1df7151d2d55a26de199883911ab2ca0

SHA1
f70087e6eef8162b4da7e7b310288755ae401f52

SHA256
60b80d9b149ca660b47bb507bf8e9d33f22258914c91ecb64d6aa20d6407c20e

SHA512
de5f1e7b59d033625620b7f9d25055b1dbb24d4cc7988f4e6f302a3ac10d76b01156f4e39f9f30bfe7f42a6a9cabc45d4e12ebd6c89bc951f55b44fcfe14cb11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfbedbb7eb0e56209e3c54d6a07b3ba0

SHA1
07e9a4bff62e1047bb126b4657aa264772437980

SHA256
5114f362a0a0b22c7e179d77114fe87b6fc3c92b6b15f62dc58ce0f0c6256bc9

SHA512
1c38f37a096c622140d415326f7fca6875a8947d10def351973fe1f8d333ffbfd4c12b523e06f61bb87ccb6bd3c5b44c4e8d0edd0616ab5b0012c832912ca894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d844ec9d88afa12c6ad4c41106f5ea7

SHA1
4c3c4ac984621a34432a06fe5f002f062d3a775f

SHA256
d453b3b752ee22c8da02587fdcbc414ef3d73c3603d5622fb3d72b919812f23b

SHA512
44656d98469a234f1cf44294cab619de0f6a33bdbc2fe4bb46c513fc8d9ad6708621dd52de536559a59e89b21889a0854fb6ff4be50a4bc560a9b77ba1822030

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7b4a117e152a78af2d4549e559dd6f8

SHA1
74f700e1d358a002d943fbad71d244b079a98325

SHA256
e7ad1398c55505fe0ea985abda007796ed8f9522314a52b1e92e5f0abe1b90f9

SHA512
403116e1c26a35a672178e0aa4ce3920c54aa1c8e263bb5b56847bdc4bf212f5fd29cea48b23096f0017dfe11dabcca0c1cc4c2eb939e7bc81430216b99788e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58d13d3fad3617c26100502330a4e607

SHA1
c3f29d58b0e772f3cb101d215fbd41a788cfc14f

SHA256
13042a55649e349b97b79148d6f1bc6376078f5298cd0fbd45e010d8753fefe2

SHA512
f47d9351a631b39f01753f47b10fd69705e9375a15de66ce39b28ae4c2c2d01bc0e2c8e0ec016ea3d5b35723c95acdfa45586046a8d206b1af65e4ac2381fb11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95764801e5241e400ff8486b1fe4f4c5

SHA1
dec5a3fb6391d3f5bd488ed24f68dc1ab77a9637

SHA256
cf6a4168a4085916cc794aca19d4c12b0b4c54d16dee384218e08dac07213c10

SHA512
dc14036162dfca6841cba47b8468cc0374e189d7c161cc4606eed931a6aa564701e8eab56f092fa141a237449789acbc5f4f3cd8cea7d7b3a9673ef39c212134

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff00594f53f402dacf564a4d803a9487

SHA1
82f45be455036a0b5aa53d5819e23b33d0aed6af

SHA256
3dbd909093cf2e75dbe0103e6854d669b6959107fb3f5a4223f56b3f5757268a

SHA512
3463e7d5c08a33adccbb79a8a41706ef7fe81aa1624856550d97eec66563d2a6fae2a95de4c41ae89e5c0c9a4f131f15c509a353cbdb33aa2305d1b5bf87cd33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4FB6.tmp

Filesize
45KB

MD5
dc38d629e51926a750b443772d7c8c65

SHA1
2868765523e76b2e6706f18ecb665f4631a00d00

SHA256
21a98ea45d4ca76fc03cd769b01345da379395b41295e1506644149d0a378883

SHA512
beb8198332e8771a0475a925a4b31a8a80df9a04dc889442d1a4e024b1b66709acc3e347d50af1868d5d0c351d489cd454fc2523f752ea9dec56b9a9d6048ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar50A5.tmp

Filesize
33KB

MD5
c3c3551ea2b2434a21929dd6d54b81b4

SHA1
5c6ac37d31bf9dd6c98ef3f6c87b84fbf25f0479

SHA256
2955e267ea57c45e19a8a7ef8fc75563f7e9adaef2f5778b92ef89ddce928e9c

SHA512
d561c58bfc9f7f13143ff63efe88e1001c017f44c8cacfcf942a0a3c8abae546a80426945417a58aeadb9153c3e94642c75a9e9c7bcc6b0b39269a0a854bdb22

Download Submit