dbb6a46da0a20faf7c26d7e328123afd399a5e98c3c9733591966762775f7ffa

Analysis

max time kernel
0s
max time network
146s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2193cf7c5f57cb62e767459d3bbe33b3.html
Size

56KB
MD5

2193cf7c5f57cb62e767459d3bbe33b3
SHA1

a963c54fcb4173182c7cd0f470413288b140cc9d
SHA256

dbb6a46da0a20faf7c26d7e328123afd399a5e98c3c9733591966762775f7ffa
SHA512

91c01c9a38782e8abe1093303abfac2d17d88b47c3d8d5b42b400e030f9fd5facd0c4aabacacf5f1ee32362a0ec09e0f8226ef1a7d2f020f72be35907b55a347
SSDEEP

1536:gQZBCCOd70IxC0FW2aZ8uFVI2tR4P0lAxbSSz0UuEzXF8Tu7c/VQfYL+4axSITq1:gk2R0IxU2aZ8uFVI2tR4P0lAxbSSz0Uw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5595391-AB58-11EE-B9A1-EE87AAC3DDB6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1764	iexplore.exe
1764	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 2192	1764	iexplore.exe	16
PID 1764 wrote to memory of 2192	1764	iexplore.exe	16
PID 1764 wrote to memory of 2192	1764	iexplore.exe	16
PID 1764 wrote to memory of 2192	1764	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2193cf7c5f57cb62e767459d3bbe33b3.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
  2⤵
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
41KB

MD5
c95f7b22e1723c43e2509433ca33825d

SHA1
19b7882b96447250d3950a1ee75099f36a5c0bbd

SHA256
f649246df4e983f4e0625ee9a0f7ad8c0a7100926ea2eb7ffd5abeec8141a9cb

SHA512
9c341a406dff90edd79cd9c5f9e9e79d6e7c016a2bd2fe1c23cd0cc6250e44b6551402feaf8ceae9d3224bc713298ccb8472e872893b98b533ffc0517d91fe3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
35KB

MD5
a34c4ecdf2438c90366793fff11489c3

SHA1
2dfc346e4982dd057d53a2545ab6dde04f3e77db

SHA256
5c77f660f017a462122bb21c5173ecc06cf5da2c03f7744645decb411a5f11d4

SHA512
232a61e751a64c12652b3dd70ad58ed5cbc52e58a1f883b113b2bb3c75347286bd001aee17185c5a2e378b77bd01aa508a84fe494381ad52fe0f0ef2bd172e45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
facdd0af4986173affb1299734f66e88

SHA1
87c03a6adaae94249d9550de68bc9bcf41c7323d

SHA256
0755bbccb34b78cf5173a9f28b78ae0fb26693f4fa637dc9b12cd72ff0c5ddd5

SHA512
c4c574102b4383f1a16377bd771498c9b4fa94d24554bc0e11f0822d0b4780f3075a9004a95922f06f0ef924707c5a05f374393acd922db4e11ea30ae27f6c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b4b41de6d2268776c3c0a2ba1e7c9e7

SHA1
a5592caea57648b0d0cc55ff8db1bb98cced2aad

SHA256
55de9627465fcff899d5c7863c56aee8016aa2c9d4ad3b080e1d4efbb657c1c3

SHA512
927bc7c0c55efa67469090d04ab0f7d69f69c0a49178f07c3fbfdd56853ee8165e1a0fa6fa74930f9e7e76835152a93912b554257e6530106297447d3a3fb58d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31ba2ab293d98ef29a6cfea9a5b99ff8

SHA1
77347e1c882ece8c518072c94ec951a777553b6c

SHA256
a2082164e42ecac7d9d5a20d76cc22d08b4c598a42e21ea896eddba63d9b3f11

SHA512
7831ce2b2d3c2167e259d0aac162cfd39bb3af2a7ab41325e05e2becde20af87418f70d70da94b80ffda8c496cfb94771a3820dbfd275fae27401b8a6c3811d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47c81c80d30bc0d2a2a4e248b39d310d

SHA1
cab775b19dcfb653e576e4ff384dcb79da59816b

SHA256
f875ee3797815c171c089a54804f2ed5aa6295f38e7941bdcf1d7b9af7ea8529

SHA512
b9dc628ae1459dfe766a3aec42ca8f8fe5e64602a907d402756a147c0fa84f89ad811c52b35560cfae59e0c937708fc0d617552b1ebbb3bad489456eaee720f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
280a6c37dbdc937c277c10f425edda95

SHA1
93aa7b7cc4ab6299183278870d85bda229f9833e

SHA256
37c3b5a1687eb837dc72bbf8688d58aa9d6ee2adccf8a1e26eb6bc7f58b1417c

SHA512
d943200fbbc4a2b0275b06a7e499a2449f7739463358745d19e26dc7e04ac3d899477dafa5fd7388394b9460519775262b680dc8eafb436683178b94e2305d62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a8331df9512902af580ccee6e2f2cda

SHA1
4ae47f32f7c5754940373abff483387a00434ba7

SHA256
605664c4204a705575889fa3cef0382666296cbcc025d02a0e85b30505a31d5d

SHA512
6a6582221e4d50031501d547bdf65452ec2bffbdffb5ae3250919843b729202fb70c8e6524b010cae75a465777a1b38eb04155c8ad4aff620fc2dc6be394c8a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bffdc852b64f1318c9dd972cdde24bf

SHA1
c44eaaf058478e0a94226aeed56cb70583177c81

SHA256
fccc3e38e18354c2fb4ab909ff5c0c7244b53c3262bddee56841e841360ccbb5

SHA512
253713e5398b6769b4551e4afc931f4c98b0ea393dc67a3b8e41d49ba2bce49d7dcce5efb46b7b65ab885c3268cc3606e871206b6eabef0f17bee90421838caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cf173df532812e1158bac6dc6bdbdb2e

SHA1
2ee9fd2834b7abc6f95454e7d60b9fdc60e106f3

SHA256
a5d8039f618147fe2e13644fc7a7924bef7db8c73d78933b3c8bf07d325db75a

SHA512
1e4288975c6823961b404b3a929ec3dcd62505f1ae24fd6f02a7bc123e8c785706a16fde920257f57cc9d312b95160bb7be94c19a7e2936ac460e416f0c6752d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar20BF.tmp

Filesize
92KB

MD5
71e4ce8b3a1b89f335a6936bbdafce4c

SHA1
6e0d450eb5f316a9924b3e58445b26bfb727001e

SHA256
a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

SHA512
b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

Download Submit