e430b09bf71c2deae16da24fbca535c786a1334cdf6f95a5bc0cb9361d5f567f

Analysis

max time kernel
24s
max time network
146s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c306bd8ff7bf6d12f4f1e11fe23e34e.html
Size

3.5MB
MD5

1c306bd8ff7bf6d12f4f1e11fe23e34e
SHA1

24fd0c9b1719c0bf9c82bbab1e8da2e2b14b2285
SHA256

e430b09bf71c2deae16da24fbca535c786a1334cdf6f95a5bc0cb9361d5f567f
SHA512

2a32b4999cfdc766bdfea6b071cac956b2d9961853f78f77f44ce8051d80aedfad1aac44c501e27adf7b6fa03b127b1cc54d377d6005b75644c8175dd2e5ec0d
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nqv:jvpjte4tT6wv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53E9AD31-A860-11EE-888E-CA4C2FB69A12} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1160	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1160	iexplore.exe
1160	iexplore.exe
1992	IEXPLORE.EXE
1992	IEXPLORE.EXE
1992	IEXPLORE.EXE
1992	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 1992	1160	iexplore.exe	17
PID 1160 wrote to memory of 1992	1160	iexplore.exe	17
PID 1160 wrote to memory of 1992	1160	iexplore.exe	17
PID 1160 wrote to memory of 1992	1160	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1c306bd8ff7bf6d12f4f1e11fe23e34e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1160 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8079ee3dfd9d6d9be283c83b755f4019

SHA1
77a54e52e6b93041968bb5794129c7437b283b35

SHA256
d76dfeab7771ee676915cd1d3a13efc9672ce341b853b846030f0f56ca0b745e

SHA512
ed81fd98e13867f2300fbdd6e9772c6b3cdb970d550ee8725737071654ab966fd3c30ebc58731fb74b41d70d57e43222bd5ed3da08ecf9bbf9f0da34d01fdea8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d53df10e45e55af3958e6ade3dcb723c

SHA1
24a23dca026f1be7f63b09d92fe4b7672f269321

SHA256
7c8c4ca39004671060944de18ae806d1731233e1a5137e216fefc586a717068f

SHA512
87fa6cc5f1023af3f023df488f4a0e8fd736ff813f96a74a14db708149643cf36fe34eaf93fd24f57a1ca747bc5cbf5b33193646e278c58cd68f022050fbe5e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fe8c42192195e445cb4ac83e42ca2b1

SHA1
47d099f74fb52b71e3f7d3ca6a6f559870561bd4

SHA256
c65d26aea77332bf8192a1a7552959b979685211829e6427639a9b9ab0dbe61d

SHA512
1371d4e7d67c573f440b87bdb21da4eb98a2f07d5e88ecfd42bf2e9c809a6b5d16b1c3af7153d45bce2b8906028de13e16f158bfd653627f484e714daf686274

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f54ed6eedc9133dd4d5ee7efd2e2a7b

SHA1
379550529d01e7dcdbc02b9d56d86edb00ca74dd

SHA256
ab78519c655bcc40335ec9ff453ff7da665e5e7a1b2ca81fadc5dbb126ae09fd

SHA512
bc3b03aac3bce80b74be0531ce2e9f38dd2e3ac4f3fc739f5339c3df189816cf4266bc244af1f7ff11d13464746fe00b8a29528ce59a5f9091dffb5ec9e82a02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4caac25cbf91aef94a89808e2dd50705

SHA1
3c6b0eea1decca9b307509518f5465dc5c53940c

SHA256
00ff3e714f69b7457d65a50621fd0bec787a045f9e78247901f40279eebe85a9

SHA512
75307d2032f3c2ed18fa38785d6df762afb3ef639866cb26b4ea8e0b344df7f6cac8b8e8eb16d2b788c444581aa7a4f61decddf524ab69a735c9b65524f9852c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39de690319f6bf7af8797c74a3e8c13f

SHA1
246263ae8223186159769e3ce3355a375b1c2704

SHA256
98f9de7c330412a1c0381208ce801075d6eab471be7989addeb2ce086001a0ed

SHA512
9cee2cda397b96dae296ccabaec9c5722cf6933cbc46ed2028daf9c5f9699550b424fdc78302ee5881ec0a24383cd8156b27580f4ed3abbd47529a538ea10ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55363975efd9cca9a3de918bb3b13b7d

SHA1
8251ce679f79344af68e9d6229cb7914b12d0560

SHA256
7bdd153114d56d5ca4ed3f97b46f71c034870657d217637b13e1e833e2e429da

SHA512
cd0e0895d107ae97bc9496d6b6a4163733f3eb8fd463d8c8a3857a717e47199239450fb36f2eb53052f89de9582121b89f51d28f8fe9924eb5710c446eac4e8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
704c27c9d377c8f695cab1cd12fd4b4a

SHA1
dabd89526b75e7e334d5a79d063efa7bbbd0096a

SHA256
231906139763d52f33692ec85cc42e4f338f5d280ad100c400ae86ffa6c882a1

SHA512
134802473af489a85551f604a63c0a14a9d423aae08a73ea88451d825f02d4354eb399cbe29363ca650b341d268f6c0fde331f461d7e7a93ae14be1f424ce0c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b1f47ac4586b6890de410cbf7c93612

SHA1
e229c738c44a2729b1e6396ccff3afae88826583

SHA256
54045be294c6038fe602c7e60054bcfcfb686896d13b38c9e240aa33f6ac5137

SHA512
286e7a32bf3678ddccca86906e857a26aa175deaace71b76d2502c1e70d4416dda93a28de0df57af631922434a639d5c7eaa32c6ff8ac0c9120e45253b1a29b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3facdcad62f2767b1c9dc1dedb4a2b0c

SHA1
49218de4f6e1e6feb68ce811816d04cc70577a68

SHA256
8c51b3c69df2de20abac4d9416e75a04a1d9a36d2feab636251d70b222e1f0ab

SHA512
e2b2fdfc5ce45f31cb1f51a86cc72bcb83c9dae80b9edd83a61a192e7829845a37f3025d8546ada2c52aa82a0a69404b3846d4f48bc02928a04af5bbf7be2900

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2a74e16c02773ba4cf906f1c3ad9cfa

SHA1
f3755490c391f5a554df08e577935a09395e2e92

SHA256
338072fef54de8257a58320e75e8ba56ec20a48a3c485d54874abd3f1ce64d2c

SHA512
c6e06ffec64104cee7f14869f09ea63a96801fb7d15a9d5e7805ad8c0d253b3bb7d0fff5a6a6b087ee028e5d0bf526d71cccb927b8758ef828c5be181a45c862

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0022c714a8e46cec726c047d17dd389d

SHA1
71ab105af5b165e4a37f600240dd9ed5ef098b43

SHA256
d17a196fa5b66c962ba6dbb2e195d316b7326723461df774b61c44873094d519

SHA512
cd7f99decc29996d5c5c8b2c0a850620de187354ee8b92eac6a33724083f3ddd5a8b8036d4373be281f99e65edb31ba447ec864d27f5e1ab1ad7544cfa57d2f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GGH64C7\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQUGC9T4\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4899.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit