d142d27a9d1fb758072bf03ed1bbb50da8ba109ff69ce7cf57564750011ca6de

Analysis

max time kernel
134s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

227eeb5e3c3e4190b3421113e12593eb.html
Size

46KB
MD5

227eeb5e3c3e4190b3421113e12593eb
SHA1

ee351bef85f6b13b69d28a6480411feb9655b2d7
SHA256

d142d27a9d1fb758072bf03ed1bbb50da8ba109ff69ce7cf57564750011ca6de
SHA512

66705c116ac5cb05189217de172d1b90e9816c31854a1f21ce2df048d8caff4ad24812a2d83e72db9b5e2d902b6daaf2f3b911a07ae14430c5d2a9db3cd60e3d
SSDEEP

768:YOswBD18WwPqHGbH9/qlCSmeMqSDey1XLDlsbevV:YOFBR8wt3hOZ2qvV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{853C2EE1-A8CD-11EE-9201-42DF7B237CB2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410292989"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1932	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1932	iexplore.exe
1932	iexplore.exe
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2844	1932	iexplore.exe	28
PID 1932 wrote to memory of 2844	1932	iexplore.exe	28
PID 1932 wrote to memory of 2844	1932	iexplore.exe	28
PID 1932 wrote to memory of 2844	1932	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\227eeb5e3c3e4190b3421113e12593eb.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2f8d8c0b00a1d573b14cd686570142a

SHA1
89308b6b9146a5c0ced3e46e6887d3e90f7e46fc

SHA256
4d8a5e1a929e3e5c80b658c18631601f6ad771ad36a16ddedc2fd9f206640d66

SHA512
cbb57563f5338c9344a3a8e6dd2d109eafc1f511f67b6050e1984f1aac083d256f07ddf32ad5752f91db24b7f74b2fc10eceda6ab9d48889c67239d7b67ca71b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d0dd7e713408ba58741be01347ddd28

SHA1
f7c06851865759e099c425acc67ba8e10b00c82f

SHA256
8a14fab17b48903aadc8b9918db45dcdd4321f59cd3b743ddc3fd73ea8675427

SHA512
c5d365c1cf3042c793116c661bf509f9ac9cab461cea85ecb97bcd9b22d636d8302bc8c4348565a8f3cb059d55c2cde8f4276809ed85ebd9731e66386b1aacf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec277d0ff932fb09ca08c303fb5b13e9

SHA1
07191845d4526cb68a2e8e04ab06d87899432714

SHA256
d97feeaf95ab3cf050bcd232d8e7b496d4ff242187c733acdd094c817d0a4e94

SHA512
810ed4faf55bfb61ff36da674c136271028d6303e8402c36d76ce4ce3c26a477f12f99c8275e1ae1dea5344f5eed192e97bc7bb6e83e3e00c6930f070a72d61b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e7d9275f0c2d835b656ee6c8e3202c2

SHA1
73552f2e11ad06bc05cd692c55216b9626922c8b

SHA256
3d0994cc0ace1c521d1010083a4800b47e3031133fc1a7d72ba816dfd8a06304

SHA512
c056dfa1253cfc1c97c175214288f4c111239a690c646710995375628a63c47934edd20b6dc4c02920a450b1e4c1588c91ad0ae65034d0be5bf5d3c6b7152622

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8538658fbd8bd6f33e50d2c62fc2479a

SHA1
3c9b8f26fd9701948bc4b806d8d1056ff388ec4d

SHA256
8fbe6d7928c2478b928872edc7072349cdfc1aaf71c81d6616036ec5b71bb1f6

SHA512
81d783f75842cd5a9e3b6e67708f5d41dcbc606e4c63fd34698f2b67fa26e1d31eda827ddee98f615daa7db75ef8bd37ce8e2431631530e51af87e323e28d8fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c48455dfc7021121b1a0049c05a1df9b

SHA1
33c8fd69da3a8595e8b4721b6648ac056fd18e05

SHA256
461d5617fba109a78f74204301e2a25aa6ff04175a4cf7920382147ea6d1575d

SHA512
d5b3cc1320eb3305099a011ea3632ea58c0f4167f8f6e0962e6881ac0deb0e5a9259056f74ab72e3d85f628474abf971ceb1b0746d1f9edb2f9b9749eb761f1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a90fc0b37637b671c8e8cb006e8cba86

SHA1
b7e3e50de7c1ece412cf0357cefafd5358fbc250

SHA256
552176ca4f3d4a2c5786512d2571f031254d1f81e3054aa90af4cdae068bc0a2

SHA512
89fef9531502d290edb23304845751856be0180f31c781cacc9680f61936741475445e870271c7de91d5a0630b27c057cfbbcee2363e375088fa3fa138bffa02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62a56a14c219638e89935b9947c4962e

SHA1
42f114e33d70e466f4f96fcf9ca0fb678e4c3624

SHA256
ab1d9f1ffe652852f6e869cc00256bcfc2e86e38729ac1af8131eab7b469d32b

SHA512
96cd670e1bb1056485be5e0228af37c1847d73c694784c9c17adc2fa97805755cadbfec0e3ef9b9611c9d758f42ad5f9935909b8be62412375bd08c9dc7cc3ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
449a160e6ef8d0dabe7481173741e174

SHA1
5c6ad07d1674994d6d7c7e49e8270f591720fc85

SHA256
ce43706d0f5f0453f05d8d5563b856789740258be234846a02b8caaff4349dea

SHA512
4b4f78dc8974b4845fadc81aebfc5969b2d33732a4251399758d98ac47cf5457c664113ebb9b76a4bfc5aa5cc8ffe49b3e51b2287f5c411e8802ec5b671af811

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eafecc08a446630d14211336da0a556f

SHA1
0b929e0f619462d54e94db6035524f747f5865b5

SHA256
d2be3d285e383711e04477a0f5275c548b7a26dde78f63788e36e4f15a803a71

SHA512
9bec4c904503472cd27eff770a45cfbdadec9a265cd39dab91a32fbf3eb8930d6a3d21ecca4dbe84fae709414d6a36f29d5c69b0412d4f779f118034d4b6fabc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad4e3e1ba7606a9bc351d3c36f472ef0

SHA1
102483bb666c8c44708183c3f2d7413571de1a64

SHA256
2ed177dae402bfe7691dff70f94eb5da5f68abfd105e1f3216fea9ddd6154b61

SHA512
2dd43e51065b35ac799f10a749dd7cda59795aa7c5d86a42fdf72080bddcd954596d3635f9d4f6b44cb31c65d88009abe8d94d822334baba8bf961795a22c8d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54646f7c666b68e0771d9c5952c774b0

SHA1
0e0da1bf53292fe321a763860024b03868b9db04

SHA256
a5fe5ddeb0824e20e62dd11d84f70a533fd2ee5ef0e5250aab0fb1bd6c8c829b

SHA512
4a47d10550543c2288a92a17fa6220c4f8a4d353548e43aefd6fc98d3afb9f0d36c970aca77644e4697a38c8b74df4539dadbc472f3e0ad3cc07fbfcb63b2fc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ac30eaee8a63f093def9d32f15ce715

SHA1
e995583542415d2e9338d49cc59e610e980cd06f

SHA256
e99026ad98dd524397ff8fe9f0459938659edc105bc1717fea69429c998b7fdb

SHA512
624a2e93727bedb0c8529ccfb9b733ebc452bac1c4a53bc991da1a558954e20e3022f7e15071251fa7a4fb0fe3407f16b6d8de2e49362e210be4addb2f0a75e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d770554f3725e434ae168739384612f6

SHA1
efdcb137ca823b6b9a9a4a3175a0727aa0f1a2b3

SHA256
d922c58a14ff5af8448b488368df55e9359f2d115688f5b3be2ac53524bb13bb

SHA512
069688a84aa80b1ee89b2f0b22cecaa2f7ee3afb3e0c59189c77b9f19519ce0cd4a464d624be567f08de533d1e013a15ec8f62d83840b77057c9dea8d5f5cc53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65c15add006a4edac56699509f64e1a5

SHA1
fdf162b3fc42af060b4924fd258866ba8c582f5f

SHA256
c963107f99ca04e07504fa6d7fbf90e03329ce85a3dcf7d4ce3a0322dbdfa3f2

SHA512
a055a0caf36df7425b359e86bac6b354a5e436ac8548d2292d1dfef50c727a64bb3cad80a17a9f893991b7322027369daa153a981216e1cd38243ddf94587cf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b563142b0161d80ac60b556440ece88c

SHA1
11c5b135b9bd62800178445956eb082e7443574e

SHA256
69cd18607756bd4d8950c2e6c5967b945ea4d7c7a007cf6aa1063d421143b3d5

SHA512
c51f3e74dbb1cb1c39503fb52f3850bd057b668ad96d122fa449b2230b8566eb70f2fa6567b3dfbbafdf5f2b3b0eec533e361d30df467bf414a8e911bdb25dd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d063d4a6839a8f3014a933f793cbeb17

SHA1
17567990d90755c464f286dcc1940ca55443c456

SHA256
dd3bb766029f51d6d0fb050e23c4c8609e2b00edbaf4fa605a069096326b686f

SHA512
0a3a5d8b7fe74ab926f22bcb1b27fa6f32b90673a08a40d213585ef0151c0b4ca3de9e473e8c3015f58bc95fa02d11e86b76e0199e2cfc176fef95b045e9a819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bfb7f501e993f0bce6b980c778c3d4a

SHA1
b744aabadd824a6c485efba4a3da9964c2c72537

SHA256
ac51f66c1584ccf71b1e46522d39436c201cd36af4be7ed7e4af7eda217fd092

SHA512
5df9f379ae3121ea7909dda6dba7683d107de5ca7834ddaedcaac1d9f8dfb2564f5aa24781dc4c4940fc54bdd88df688b74c51e525660bf5c36ec6f5da186fda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
545fc57d467004ef202fcd326d4d69ce

SHA1
b1785b3398d907af13b593d2bda2aa3357618853

SHA256
e86d2de7290d91f5083222b8ff4fe5a3505656d7b96f80837a44120e5d7738ff

SHA512
e102cc4e81d2849d010909eb7557259f0f595c7d5e20563537b76c0737bfca6dd0d1da94fba27cd24693408954c68c0a663aa30b6ba01f9b8e3f041722ba542b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66211344d16356fac5f94bc8ec104c69

SHA1
a2bccdbfba5053d5c83b84cec00a9c612c49fe05

SHA256
16d92a2e58e9ea2832469519eb53444c008e361c9b8bb37071ed109cdfb27e02

SHA512
929eda5a96feac1cc31f46b6c4f8d41e22611904b22bcd87e28db37b3a729a4b743079a354564edd5b86435449eb0cf112f5e3fb16a386727d44725b0ac5649c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6EE9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6F1D.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit