1aaf11ee6029fa24d67750873895da867545aa6cba8fe07cd946e261a30a73d4

Analysis

max time kernel
148s
max time network
173s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2282339136e7c478450a0ad41d60e77a.html
Size

91KB
MD5

2282339136e7c478450a0ad41d60e77a
SHA1

36896b18352c14a4b513e3171890415aa7219d07
SHA256

1aaf11ee6029fa24d67750873895da867545aa6cba8fe07cd946e261a30a73d4
SHA512

921b27fa7fce99225a8ef57d8803fc9c9f7733c1da16adb294562bd961ebb40a36762e81f4c6e16e7d406c08f7bc348f5b7ad26cf09428330a31181fac1db977
SSDEEP

1536:Og9kS2lrLHy3onzkvKNu1LhVWUOJodGhDeL/AEaQtnG:39kS2lHQo4K81LhVWUKodGhkaQtnG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000005858878e2e339da8db3390914e1259fc3b157a1bccaefe94438a1f357acf6a7d000000000e80000000020000200000005ed18a00393a103dd7d47df0ca4b815620e3fa548ad8267e2489e0aaa9d885f490000000eff97b763932e41f5807addd09548bf45ac1677df4947174bfa8a602778a90ee22039189dea0eaa73dc21819252acbcd3a3595a0e3cd8031d501926ea28917a69c78d4a594342c5b6380d8c0daa3389dc5630a36033d4dd8ad1745a862963d3eb654a68dd1a4e34bc33aa14215628bd7c103a4d01d5051a448964b3b8e6f1c9e2aadf3d4a296318fe4e5ac2f5bfb39bd4000000020cc1a93aa3348fb2beaa3d8390b1e309c98a717358ad56e29b076b3677a72f12f91cc96290b51939438526860a01ee15f009b539fb8672fb958601654aa5238	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410579289"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{13B8CA11-AB68-11EE-BE60-EAAD54D9E991} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000dd026c317fa600e8a979f216d454e2b1d13c7c699fb7f055dc6f652eb45d4b01000000000e80000000020000200000001ac581b8eebfca9bd2f0622b5995de039a7e5cde7509630657378d05e539ac6220000000bb0f16e75103ede99603ab49c1c9f2836fc1aeadee1e00c6c4f00a8f6044744740000000bd62eb19030173c9b8a6145a0268f0c1b61880bbb3370ca180f825077ab33b175d87e33cf65326c5d06a3316f2267bbb7cc40e729c8e44dc6e50ea0db94b4dc1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e27eee743fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2072	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2072	iexplore.exe
2072	iexplore.exe
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2372	2072	iexplore.exe	28
PID 2072 wrote to memory of 2372	2072	iexplore.exe	28
PID 2072 wrote to memory of 2372	2072	iexplore.exe	28
PID 2072 wrote to memory of 2372	2072	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2282339136e7c478450a0ad41d60e77a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
24cf55a872ff1332bea8145c3f60961e

SHA1
f4385c4eedd374392f9bc6c5910e5dd2cea42091

SHA256
3b74901c294f126c0a74c38b1849685b5a8e8ebbad477cb798cecd749c1b32f4

SHA512
e813db6f1b96779c39ca26009750c67be3fe23cbbac7db64d309a2c3781dac43b83c912e662ffc924b2289fc4f0b58af82fd34a9310ae397db9f2b70764c02b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb3afa827ce395a21da1ec97ddc274d4

SHA1
b0ec9545726b531c9467a407821441e97d99388e

SHA256
c5d2ba3fa89798bc2e584bc6f87cbc071d1dd1b45b8f2d3950a6d9a80ed3bcd5

SHA512
3f342c33eebcbc9786ded23eeb138a96a7bf243a073a995c6f0cec568b46fcf42568d93cf08b44aba43ece0a8b45a1420312360745c91ced14abf2863f2cb30b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86c4e493d35f57998c55f16534d8550e

SHA1
d41fb6c357c306e0e9569830af384e1f210bf328

SHA256
ef1ea2b370f9d74a41a418f351946a5f1b2d4928f56ae6efdf4991891908411d

SHA512
f93cf9a2378a3e5a92d8071270d0cd9fc28db44c891c2ff0e0a7dbda07a49cc073e23c998e38fd32ba8926ea08e4ef88880fcd822a6ddd5b1f6f37947c2fc71b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdf1a2a9cbf317884995a110f2083cf0

SHA1
21970e026fe66a2912a1be310c6e208f49d6fcb7

SHA256
5ebb0213ec1872f506b71e96ea5c4609b9e4a49c24c12d9595c49da6acb0edf1

SHA512
204bb2c1e07952d34399b26382eaf9f1d91ca639d4ceb671a1fb1395de3f53f5bb403af0846254e7f02e61b519ce047290a0d4f0801b262fb87e68775dff8178

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8e9db8a946db6d169407ad387ec618c

SHA1
58342db82945f20921fd7811b182b49a2de6bc8e

SHA256
8f870366c58df78cc060d4f5c176453f1c2792bbd8ca5483ef48c3de7af63ca9

SHA512
239fb8e41661a855232ca19dfbf04f0a59d429565685f6cce5213dd2eeb1021987ddacd19fd65c9ea3625265a4f0da169788ef7a97dbadab193cafa79fa706c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf9467c10362b92051f5dc68db95638e

SHA1
35cb9dcf6c5a1d514b12529b8f0e5e5b1a2ba9b0

SHA256
7b8b1c01ec22e92408709080a8f169be77807af2e9570538541401cba470d112

SHA512
6298a77988555bf11456953a179b22a8d78d746691681515756fc2400dff355a7aadb247507d84ffa7511fd10707555d7b3617e62b93574522e7acfd62c6a281

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0b38a14d0fd25f8020ec627d60306a7

SHA1
efd411ad309d6d92a84e4a5daa5a9354ccdb89f5

SHA256
ad08827e7024e2b46e32e337c887b5164f4051149fc273e7d5356c2854357099

SHA512
7800b917c34bb4703a32475db2c82a5d4e4be48abe880c5ec41a22ae8c82f61f8007faab9a18aeeaea5b2893928e68b9cae3165336e10d86c43d855179ae9b53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae4318d014ee53c65e0f8b81065fb91f

SHA1
5f9a8256086139fc71cb973297afed717157cfad

SHA256
e6a77ddad7c702a7d32dfff2c11a4556856da01721dc75224b1e2da54236d33a

SHA512
a6f1924c67e39180591ac0e21de2df7c3a20d61b1f88367b26806d11bab90887718b8c077168e3e24b4e91376bb4c0afbad5e3e25450fc857a75225d2637499f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ca2048304085e8b5918c812ccc8d9b8

SHA1
42e28da59025fa971c7834d6f9132e81b8c6732b

SHA256
0c6a1a5e5ea17332e45d0f97b6955cc838e1dd328b8180d8de3451d85b9d57a6

SHA512
ccf196dc406bcc6f8234fcd645e6abd0268dee60c2b13264591227e3f03857ed7de029172f66f73db65b82b0c8ad0e02e87a0d0e0a5f3ed13cf6fefde5227867

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ca5a36f3bea7a7744d135cfd776ba56

SHA1
c332e876e2dc8663317a22afe5ed607e775e34df

SHA256
24900417ef9be4d36c64f3f55bd2b6f515c2c2a60285223000d8a90650d52abd

SHA512
45b8a2d612e2145b07d61ba7972222b16ad08d100d9d71f2ffc2fa49a4eb93b8833a9dca1fea48519109ac74f0b3eb178c35102c05bf7dd291fcec065016bbea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4ac1c0b730a6f861893a3951e792ef5

SHA1
7b9ea61fdd97f8c9b635ed1030d82eb3cf567fe3

SHA256
2f40741a5bf1ffcbc678e9713e6d7a53ed904f6a84f99ccaf413cfc759323ed5

SHA512
539d5fda07603cbe240cd108d8081f658585a12d58889377ce65edb91d43a0b857d4e8a2f2b6665d694cb0a1fc72821ec1ff4aa6c743855947896cb66b7f86d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4746aa171eaa54d4afba0c904a61bb28

SHA1
16f96e60b789822c142c2510052ea9059605ba26

SHA256
ceb0933c3628cd5e1b68ce00959a73ea06fb37333a3e6fabe4bef2aad2c976df

SHA512
c18fd09af52cc3106abb1efe4cb04de3606a02029a299f8e29616f33fd646cf151714631fcc60fc49b3dffe4015742952783975b1749d248fdda1eb4d7414122

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9253.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9265.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit