3b7e1727b73c9d8884a66083bdb4d48e645ffde48459221b108d1a64573d37dd

Analysis

max time kernel
0s
max time network
139s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

221b571a3d8c1d0ac8f18550d26d435a.html
Size

2.1MB
MD5

221b571a3d8c1d0ac8f18550d26d435a
SHA1

90788037e5624fe74ac5da6ece9e6a5ce61e8b78
SHA256

3b7e1727b73c9d8884a66083bdb4d48e645ffde48459221b108d1a64573d37dd
SHA512

a33f8731ef7347705a4c767b1cc18133e41c9cd27cc4e69677dfd6b4086ec941c21d3bee95801cf1c730fc45de6dc96202a0dcbd824d2b8a876f9fe004c7bfa4
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nyr:jvpjte4tT6sr

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B2A79A91-AB61-11EE-882F-5E44E0CFDD1C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2912	iexplore.exe
2912	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2788	2912	iexplore.exe	17
PID 2912 wrote to memory of 2788	2912	iexplore.exe	17
PID 2912 wrote to memory of 2788	2912	iexplore.exe	17
PID 2912 wrote to memory of 2788	2912	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\221b571a3d8c1d0ac8f18550d26d435a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
  2⤵
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
18KB

MD5
389dba94ddbec8b9b253b4aa9310a949

SHA1
64622210cad53bd026136692fc0007f0fb7b145b

SHA256
afeaeb674db75c5729d7ebfb435158f293288f96637bfd2a1a5904dc2878c42e

SHA512
5864e084a8d6731422c2d9e0eb7d4b2a413cfb3a878cf0e18ae41c2b10c30dfc61fdb8615acf1ebba05ff286a76a7738e3f60a578e56be551848d8f6bc05687c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
18KB

MD5
8ac796927cf3f9d7443084c9e34766b4

SHA1
97527f901e19d5e3a847d6caab8e4611cc3e3cb3

SHA256
4f6638a35c2baa517002b101633772fcee0d9fb3f5cd10f691e7ae8ae87438e3

SHA512
3bba0182cd0c2d318d25f3fb57cdff9557d607544f38c3d81e27affe7d5cb353da879390219b333ea146925227a219a9259ae2e1fe822feec1e37305076f6e41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
fba9b46f4279a93d7595db9ed5877f58

SHA1
1d1b2af9a31fbf8601cf9d17df28749425578a5d

SHA256
68d8db570acbe5730dba9195af0a8aabcdc623ab3031412566a54f604736c72a

SHA512
dcea8a543fe13f4675ca37dbcb002c05e840a83f0631df9a03a51e8d37738621d064c41c149b8fb38826f383895f293052df95ea7cb49375218f4d3389674b50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa877cf652a1b8390e32f7ed7ce76635

SHA1
710fe1624212ec6de9b2294888e31858158d2080

SHA256
e5aa885a1a4baaa9e9523925eb6dcc4d316151c54a03dc82bd8d3573c30fa90f

SHA512
6f0d1c9a4fadf90bd46976e66e5d624c940b1cd156b1f69786e0ebae6491001f2d1d552badb007ea572c58811fc03283e62f9c3be74ba12b57acb8f7cd604502

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83308a2303361237d4ed94b693cc4812

SHA1
6877a3301740f49982f771ec6f0ed20e8844c386

SHA256
f53ee1ccbe241477ab9acf931c8bb140adb6890cf4263792e98e8990225dd324

SHA512
2220d10a28a45d018ea09c7b1961096ee350b9f5fe4a6eca4470701a57b4982f805ec9758261ac7d7565ccabc6dc64db1154311d3a810bb0c860a8b8bc97292c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cc953566e5016d59bc2d61a1ccdf8f8

SHA1
04ab99e85765b87ebb2fc890597dc137a62ed53b

SHA256
057b1aebed68002a098d4f4ddda359ddf1752518cd89e0d694f938484cfc848e

SHA512
e4038669bf44b62362cb07974c4e624ab6d919790da5fdc2edf6a3a91a91eef22f824debe9cc9a020cac3d03dd93d3149b4aa86eba2765df1999df1cb70d442d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
712508d3f65253a653c302909342f36c

SHA1
ce1ccce27bf9bfcf74292cf1ac692c9ee72eb97d

SHA256
a7c7d4f78fd221ffdba892abe667beb609bc26e212c8903aead03d57570ca19a

SHA512
6c4ebf4f5f9853d6805dbccaa0295f293cf734973bf5b5ab04ce1847f551be6f16bbffde4da7e74ec8e61e5d1debda3fea39e70ab3a0f5f7c9c737cf3c066f82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58056f6d575731c83d3d0233daac4f09

SHA1
1abbc6af85fdd8d85f199d6e511a6045c3d3714b

SHA256
4634b30c944d77173b295cd8968f20faf6ff584b97bd15f82639c7f472fc4bb9

SHA512
9b33c960490a896fb8eeaae97c1049eff91fcd75f0ae3b6a7dd7b8f0a07f85c4b769873801b359e0eca26bd45bba2b2b7c7f748428b198b4b976ea3f31f70fbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9ff703a259484556d6d24695c8325e0

SHA1
30876a7242c5f20f877d68db4a6580d179e9495c

SHA256
a017c8601215fb72dee6a43bd471542cfb09ea605e8e8578a30c5d1517ff2b73

SHA512
1f0a8ba85abae8a241d8920c1b97c821276591d49cc5ee715d5efdc43698dcb4200f9e21c3146a1b3a5549decc737f2094c61d02e22ea22be377618f33cfee6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
446f2b7038846d312ba857db09566339

SHA1
7fd0fece827dc1573a799ff678911d132f8088b9

SHA256
d1ca30b151547715428a99af2df735b63f7d91ca7efba928311c0e16696e8b35

SHA512
f27b210801d63ca18f1c067a33da50299186a0d5d16f1b78cb232232f3ea642660f963cc83e863ff197425ce14833af059b4b5e2bd5daf0afa3bda1a69e0e402

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b34a84d1ff243113305453d49f48f61b

SHA1
3eb44f6d80fe8f35c05284d464e16958fee5dcd3

SHA256
721763a3c40761ccc6b74e5e4a4c58331a8045ce33de47e80878ce14e2d3ee5a

SHA512
45eb1b998d99a038b974bfc3359867879906a3d4292dab697b2ca0cca4d7e4f836d331aae89be001a606334d1e742ac3560c32b3122e6eabf352b1ddb8483e62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c652c3f5438ed6b82dc67c686dc72762

SHA1
5ec63570b23bcb663ea6807e3d84d62a87b4dd40

SHA256
cf52f47faa9807f1ea7886f2f6e31dd6dd7d54222c39c3b048d1485b09bbe3de

SHA512
cd3cf01962071e19c7797e2fe338bd187b31848679f8f49cfb55021f85639a7c23eaa9895d41d9f1f01263496b643cd22f195e6f531b7de8478ae8556f36cf28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
43742630a90442f3c90e2feb67ac7a74

SHA1
b4640bb4b05b67d1f12381c897e55838f1e866bc

SHA256
a9a2eb0406d1fb5367aaa4ccfbadd926f9abbdb99ad1e1ac9297141078cb9007

SHA512
f4c091442f200a556db1b4d8bb2cbf5016b763536322b437d901a189e287ea4b8a0b3eb3be97ebdf68aa8a42d96761cfc2ecf2117990f6cb5666d85aa0d47982

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JVZMQ6E9\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W97N0ECE\jquery.min[1].js

Filesize
77KB

MD5
d17e990c83a8b03279070291b686d0cf

SHA1
fcf7e142a93855dbf0899d8a688ec93cc4531c5b

SHA256
b11c0a5f9ea38860b2b778617a3aa67afaf89ee03f508866a338e5e50bab23bf

SHA512
a55cbbcd268ca66319ab0a1709d200fb1100302e37e39ddeffdaff69eb303bba850db6d150c084135e9e12001ce139ce2619a22b7a2dccfc646b31afc85f158b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1F29.tmp

Filesize
47KB

MD5
56a33a5841b3b993eee65005ed36a81d

SHA1
55cdb897a47408512704182635ff3a58717743a2

SHA256
4ed746d043e905437baa86e29f4781b1ca6c3a2dbcfd1dcacd3f1e00a27a068e

SHA512
28fabe9295435cf0b126ebca58ee7f2458862ee5a6bdb8a9136e38584298bd41b74bd360dc4fac08a5047aae756dc36a8c9720ac7235ae43a1f5a738bf67e580

Download Submit