224a83dd839306f0192309a0bfd6c42ac3db1cfafb6308ec3e5a6390a9024f35

Analysis

max time kernel
0s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

230e8ccc329926eb79ac3f80fd53c823.html
Size

432B
MD5

230e8ccc329926eb79ac3f80fd53c823
SHA1

3a9c20dda6d6ba29138425b02fc7b56f0c293ef1
SHA256

224a83dd839306f0192309a0bfd6c42ac3db1cfafb6308ec3e5a6390a9024f35
SHA512

474d23ba238859221dc5afcceb091ecf2467606c79e9cce680c6959b2943f2cf1787678f006215960d0aa857126679848901412bc3e47a08c0590ca7e3c5b113

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE6624A1-AB70-11EE-930F-EE5B2FF970AA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2028	iexplore.exe
2028	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2804	2028	iexplore.exe	18
PID 2028 wrote to memory of 2804	2028	iexplore.exe	18
PID 2028 wrote to memory of 2804	2028	iexplore.exe	18
PID 2028 wrote to memory of 2804	2028	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\230e8ccc329926eb79ac3f80fd53c823.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
  2⤵
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21e76fded44883dc22b37ef4926c831f

SHA1
7f6d79d381cbb7ff379030559bcbcd7718cb9328

SHA256
7e17ba95a1ee4de8d021244c75ca1a7ae31727ff681150313d02403ede423d3e

SHA512
1adcd200c3f9cf283a040188e732510125b4e97b7d42b50ee83aaec9ecae8107afd17393e529e46571397c51bbb35f93251ed30cc2e8db73689edded0f23efff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb0c9f4f3b94e8205985e3a66790713d

SHA1
8de5d8205f3d3cbbe99572c85126526f9947fd3a

SHA256
ea72c2876df158e665ad2578f0dedda13b4d65315da710cf68e0b30331fbc869

SHA512
d8e6b55b8d429488d14e1e449590d3603bd1b8e928745a71442201eb29a3b2912b782190a75e089c985ec1b8ac75f2258301c64079cee73d64814a42f5bda2ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0608896679ff48db2a77cca2ef72c8f

SHA1
aabe4d53fea9664052722058c04db0c208d0d763

SHA256
c502f40f11178a80c891ef0ba420d7f2f434fe4b371a2567baf83d2173e2d1e3

SHA512
01ffc413f11f7d867b5ecb47fd03cf199accd4428882e492284bd4a7b79d94e4e29d938c563233a81863b7680af04c6f64e22ed4539ab9562a5eea430b59393d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b53d95b9b41b287b08fdd872348250e

SHA1
6a18e89417efb8aa8186cbf1a506b1adcc5ad5b5

SHA256
0dc285d26393bbcd6cf478ee43c00479467ba1b9ba0279a25612662e8437a947

SHA512
2391fea24a26a540dc94152dd8234385d3b63c4edda216646caed8e49338f63102a36bb195d152107c7e432d0c37425cd9f569c8bd814ed90c88fb987cc5c3ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5085e7a6b8d3b1a32490d611f7c1d854

SHA1
2351e39e191ef1918f1bc7b54b5c1b11560036fe

SHA256
9214b2a71b3445ef5164a5c35ffbd7aaf6e21106974d7e0f7832b6fcb2636c84

SHA512
aca40a779b6a551f3ef2929b5b4d3106e8b0aeb1786fb9f8c0a54ba79c979277af46d66d0dbec3810649b6452678efbef25dd7ead96f82e4cdec958db5687c69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e42866fd61bb81c9fa5315e12f018aa

SHA1
03d31ecca4508e830c50c4fac97483dc57ed239d

SHA256
e8d229bea9387694b9914bc9f01437569b7fc616a2b854874db3097f964b6bea

SHA512
96063c255651012879f78b3f2810ca0cab1139a33b1a1d086500347400daa907f45c330affe920802e806705401f144f46896e32f4d9391bb47319791137d04b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7412daf8c202f7ed2f6410bc1d18f12

SHA1
99d361286e1b5c6d2e70cf2171f3593edbf559f4

SHA256
9968bfd4589964eeb9003d276371d90b30165bd81f0a93d242cbd30b99b556e7

SHA512
f62a8d64f7ba04ae4dd3fa0c9fa2495d971817ad01f335cf81f3b464c4ee79ff30b97241aabce5b62ce0d40b314fc6665d718035419534d34809681bd566ed24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f933e39de11628e20207db47a65257f3

SHA1
efc7beb846f98acaf4270d9c9f3ba276aebb79f2

SHA256
41b2f830e7c242756406bee1f9f8ae6095c8719e5b5455f58c14f31cd89ba273

SHA512
48fb6dbb27f8d7658f99620554d60c9db354d03bb339f48761c071c8eafe7b2f6e2663e52c39c1caa6cf1dbabd359c1459340049c7a87923dff56bb6e359766d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
caa50d9c4994c524e7b28aa57c7dd2d1

SHA1
526e761500f5686be93fe5e1654c03403eadd8b6

SHA256
157690de8336acd8ef4da1986fbd9edfc3b5052b7ab37ca58120fc0c98df368d

SHA512
f8d41bb1646c8064690e2d70cfd3254e51176fca228bcde35ffe154e2bef2ea5a097891229ae0ec4541bf5ebc791f84a1dd239ff11db018d30b3205ed713353a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
145819f8bdada17218702cc170f4472d

SHA1
e06b55619abbe7b791d85c437b800f22a5c674b6

SHA256
f4991eac47156e6d2d2c14dbf4d40341a33a449c1618783ef3dc73facb0b07b1

SHA512
41d70802b5423a45f0396b43199650f13a41cbcc39518e3018bb809ea3a30f16aa6536673d318819bd7164f66f885ab3c4a354443722b7efa9d4ec3dffadea6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
618f9fceaa6c780c5b5b351611857e6a

SHA1
865ce92f38f9493a0de8ad588125b98c6fe1c382

SHA256
cf4fd90fd0ecf313497b5efcfeb04a797c7085ba244d524a2906997d17a35c80

SHA512
9570df02a13cdab2d3adaf59c3f20155e604dbbc72e3d4478b096d23d2658aeba93e76c161d75ef11b29aba16a303d3dd115e8a5fae81df5c6244a9b07a21d0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd66350ebfc6f86663800e5a01c76446

SHA1
b59ddb3785e4d121b7b4637bb76f4c22bb1beabb

SHA256
b649d9685046d94dfdaf4e2bdb60dbe9ad83eafd39acc3a33ec16995190402cd

SHA512
79adc89634e8f20736f35a0f6e9262b0e6b47d4a4faaef08ca428b89701127dec5dc059ac9d7f92f57ca96c5889d78d1b0e3085ea8a3f3a259120442c30da3b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
528b10d4cfb4a3b79b6ea0baf8cd3b1e

SHA1
54d4732a6761ee2303a1258fb6265f0691f1ef54

SHA256
a4c62031677db29f74671dd4bd713c987ade6324386bb7ec444bcf1b81fa0dde

SHA512
c6e00cae1e33063dec94e228d992f59d5baa63d18dda1620cf4b69bf9a81948aefd7feba12660fb43f00c57ae5fec6649596369ebea44bf85fc9e096cdce9899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

Filesize
1KB

MD5
5fa32893237e108288f94220cc9d2be3

SHA1
6fa3170786c548f6cb886ea4848602deb5231c42

SHA256
c557ad569577c33bdd7822c3f4fa53c85173dea0d8b5c3dca0dfbab79c1e9312

SHA512
4d48ab78c41beed6012fa06f6b6dafba956bb0321c7fbfbee4aeddfa79d60b29d337175a4e16406095f56194ecd75f7cef39dbe002453f7684a6864fba5628cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab18A1.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit