eeddd5d0a2012b8a77dc8665f98e205f5266656a6807f828a7bfab8d6307815c

Analysis

max time kernel
0s
max time network
138s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22d04d0005a63eff6d84c87b46bf2691.html
Size

12KB
MD5

22d04d0005a63eff6d84c87b46bf2691
SHA1

e0d180b541c6b5385158b9c0ffd135b97df66d87
SHA256

eeddd5d0a2012b8a77dc8665f98e205f5266656a6807f828a7bfab8d6307815c
SHA512

ecf3447ca224fea2ac01ddf477ea0476602255af3d6471471eefdd4277219d3bb7c7ba41a607bcc6277d6aacbe2ebfaa5a9964cca715f0a551b20861dd61964b
SSDEEP

384:xy1R1QREDBeVliO3uvU2ee7Io48XX5RkY35CVCPRrMO77OM0TCtxYLuZ4mXYHbwU:xy1R1DeVUO+cz+Io4sV77O7CS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09713881-AB6D-11EE-8DE0-D691EE3F3902} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
780	iexplore.exe
780	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 2296	780	iexplore.exe	16
PID 780 wrote to memory of 2296	780	iexplore.exe	16
PID 780 wrote to memory of 2296	780	iexplore.exe	16
PID 780 wrote to memory of 2296	780	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\22d04d0005a63eff6d84c87b46bf2691.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:780
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:780 CREDAT:275457 /prefetch:2
  2⤵
  PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
39KB

MD5
713eaa134fd5aafc683e01631f28cd1b

SHA1
0fc7a20d2254e64a154dbbcbb57ae1dcb752983d

SHA256
8c10a2bc51dd3574e5f1f7626a38c710ebad221c559ec0f24ab338602d6e70c5

SHA512
4fb32066baec56b0dfd31056e538f64b12c138cac62f19946e757a6965a5559251d823c0db99914d5bc92fbfbd7376b2d04ef83f4bb3dbe03654e083dd6d837a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b770844d2dd69cbdfe23068ef9288799

SHA1
bd0e34e77f8ec4148806349f6172772921c09ed3

SHA256
59c316d50e2d7203dfe23c0c36a3db21b0ef9ba1f9efe72058bf6e8b2f50ed5f

SHA512
9453f172918900ace29ab51926ac5fca18900cac93152250cc090251a3af7918753cc71a0693c85dc100e40e0421ef9b3a335af649e9a3a468fe57833e08da53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19f3cb8df41a259b846c4d02c301044f

SHA1
bae5f9b30c52732f73bf18c37b29bc5d6aa281ff

SHA256
16bac0327d1e16e888a17ca66e173513d1fe29713a6a6648a227ca8a2a4b7305

SHA512
4e6992431ff5a1c837cde9b54d14b231804105a6255988f8dd63cd01d18c6ad847db0e693eeb5fc5c4710e6794375861f4bc5684187dcb67df66f75e8c73dd2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23a879578fc8cea4e3b85dcbb1d9c6e3

SHA1
95bf4f042bd3c82c5c987a1528acbd7f950d7350

SHA256
6cbb9312ab55832925a49f2e03bb8dc8e52f0195c9b698be32f026ec7430b069

SHA512
4be25a824f5dccb2c7dc360fad83dc392cbd850f909be88544053198bcd9efb42593ca027255c6fe69eac22110e5eba6a1af67ac260ce0f9fdddd8e71a4bbc69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f097edb8489f6ea312730d567a23d331

SHA1
25d2a9d3a0850a09f082c5d8da0391c9aefb3bc3

SHA256
22136fe0a98e7e96dfa394afde0293a94199403a57d98cb32b21d438b0e3b3e6

SHA512
272359dce831f3ef7412f11149a547316751dda2463261ef60b39ff0671e18bdecff454fd69707256a1de554ddf2ef0c5bf8c20a249ddf6e124ff2d7d8b13443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38ae7d59e575b83de29768f014ebb758

SHA1
56a58e9b26c3b558d59f9c13aa2183889ebc1540

SHA256
0196a5ad1619421a0dbc314d28d8408d9bc157e0d647de068c2e338d0e1847c2

SHA512
46deb0a096a69599cd591e1716e2b1e4cc061fde9ffebe9f221a52b68d74398c6bc6380fcd407a3b98b1274e0c4f002d4290d1d9225fe41a92cb583c647c3f67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7de677b2bc62b7ab246e7d9bd54f56e5

SHA1
dcb4e9d9206fed9d4061703654b5377a5feaefcd

SHA256
d2d4682ddc40f5b5fdc375c009b4d079cebe7c2fd5a9409e349c513d21272c6b

SHA512
971f4f4ef6373579cf5b19d69464b7e015c480cefb3cad9927d206d86e943e334a19f22991684f9e20ea71dc31d0617289231ad94f848a6fe603797c86209f39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3de1d6af73c0df1dbfa89a2665400bd3

SHA1
a6eb3722955783857bcb46651d5feec80fc291b3

SHA256
82dd97aa02ae08bc47e8d411db6495db39630c53762abbc2375a8099d74fae7f

SHA512
3b0f21ffe03f09fb5172a8e3b9a5d4a2f263f554cda539eb73d288229e1f360e3541811665d235d3e81d9faf55e281d399247517d75fd10c5bda41b19e3f1fe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f5e97f14996317cc25370400a0941fe

SHA1
ad4ac65db85f1595108301bda13761c7754252b7

SHA256
bfc38bfc90b4ccdfb6bd66ba2798d806567c3faa5c9a32da2545a3dfe27c315a

SHA512
51d55d3ae0dc2c6d4b8fdf4161dae19c99a0c55349db400bebd86932ec46260c40d3981cff491d77ab767356a42751e237b22b82bd0c60992a86eee7e3a76a3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32aa370013227943f345be76a5436ed7

SHA1
51a99654052fe67d69aac4e7cda31f4a669039ed

SHA256
a40f8a3656cf7cdae76c5801c25fc659a06909f9da369cff0239b35c5848715c

SHA512
e9539dfdad736496b5fc667be0c12468fc0e768cd326de5550a31172df896e417a8ac1cb4afb562ce98c6a864f0c99123107fc12897f0905bf774a84e0b37b70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73e159ee67ccaea1b05890d22b20b965

SHA1
7f253f14891ef9978fd2b4514c8c9b7f109cd115

SHA256
491968f7ad49e37415aba51183dab239e200f7e20ba3e5de1d43df0abb47afbc

SHA512
98408d025672228dc0bf4f68744074e9691e5f87aa4e4c449c91eee25c5016b94dfa824314c453ec5b96a35debc0c37b364e976b7b6c4f42b1cea5dc495dd958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c57809392e4738b77c3725df11544e62

SHA1
080d19b77c82003590a3f4e17267ebb6632d87b4

SHA256
777c1c99de841d621d7a7e9ed1d96e0b1ed79f8e5ee0e506f13351373b43e176

SHA512
1265aa6a94e02b6e2323667ac5f566b7e4aa0bda43f067ef6e2f5139f12e00a15eaba53910c7678ee63d932c65e40a2d6a696ab5506cce839ed0031fbffcb6ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a10e7672b255dabf819a3b0401c575b3

SHA1
fe077a68681c3a7c87a8be0caf8c0d996e742d9f

SHA256
b66a745620b6a46aa48ceb230396ac8abd07aac62d608a72c62b5fb55dd04549

SHA512
3c71e3d282d45b43a113263dbe7bc720a60332bd9a6fd112f5ac5fa69d8e9d2626e7ec85dbf0cb2f8664ebb98bdb7318b5b638ad1354094faf06b482a8ad747f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1ad46c030771bfd570b8daed9fc11450

SHA1
40b701c3caa47c48ffda20eabfe32c499b50dd89

SHA256
1091bbf9c9e188f8bc60f6d61fac7e7b9f05f2be8810acf23c1de0f97c54d769

SHA512
38fec590c4f1243cb16f8cd614c1fa56f11d24c8d66b7c5de3133111dcf746f2a090847f962221b6512ea9ff25055037c4b0dd1d945f0affae72bcd8a2417e90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2ADE.tmp

Filesize
33KB

MD5
cdf1f647e3094dd89387949bfeb9a6ea

SHA1
4471e5bceed28282b1feb34386831a3938bdb09b

SHA256
8b879dea4a31a4153566da1f49258ce643231cb1c362c147e35ec8d2cc81503d

SHA512
3e9ed2915bd228c2a2dad5bb2b405d8d2e4845d8008b54748529905143ecdf4be78d338fc2298a1357da19665a0f2eded44bfdfe6a7495c5483ac0521f666ecd

Download Submit