dde87f7a9e7f98cb3a16893e9a9d288338db1f5299e90202433042d489a5c532

Analysis

max time kernel
0s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23a3b96f0876c5b40389dfd551fb8a40.html
Size

17KB
MD5

23a3b96f0876c5b40389dfd551fb8a40
SHA1

bc124a9bd8dc3ae4cfbf2825ab0507be5fe866ac
SHA256

dde87f7a9e7f98cb3a16893e9a9d288338db1f5299e90202433042d489a5c532
SHA512

5e142169d0f2287d0badea65c592412539073c48aab4b1a3e0b4b30600d8a40923b041d56510cfbaeac5b1eda9846b124ef10c687bc5a27767777e1d42b15cbf
SSDEEP

384:Cgc0FWRmoG8YjaiDFWSmSK7ld0SmqwFlJVjghV0a2V:5c0FWR8XdADmTFL5n

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F31C9041-AB79-11EE-B5B2-6A53A263E8F2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1984	iexplore.exe
1984	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2000	1984	iexplore.exe	14
PID 1984 wrote to memory of 2000	1984	iexplore.exe	14
PID 1984 wrote to memory of 2000	1984	iexplore.exe	14
PID 1984 wrote to memory of 2000	1984	iexplore.exe	14

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
1⤵
PID:2000

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\23a3b96f0876c5b40389dfd551fb8a40.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8a8adbca94c1059eb24fe6dc91f5ce2

SHA1
5faac2d7911b43d59dbaaf6024f520fe8ecd12de

SHA256
e36e4a8dbdcdeb95bf2c312be93dfcd88ada181cf176f6df0e39a614cf7950a4

SHA512
119051d5726fecb3cbc77a4e15fcc00d214f693f7d2000a0bffd43931e8179bd23e02b5a3748becf2110be9077c4dfe23ecd4d57a49fdc42a68166784ea1cbc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cba21ab78d2eaf6f36978dae7715d162

SHA1
b620f27ae3233cfc05f65c01aafcb432bb4db4e6

SHA256
1c9e8f2877da9dd87c5f20135f58e1ff907583d4d101e5d33141c9b619bffa4a

SHA512
32322cd41b6ca8485de4171588a610b0ce9369de29a596a0cdb346131dbf1493bd8a043778a54e8c9a5b1d0e1fdaca161ea905b9366080ac424e993403c31635

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e375dd081832795fad29332f60e334f0

SHA1
aa1ed76b5d8424c3ae350dac871755fb153d4b3e

SHA256
39201a75af70bea677c1f93b8e7541ffdc075c65c00ac36d8de8415e79259c9b

SHA512
5a43381d5668036d4cda2333dc8db90d058c97368290ded1bf7fdfe3aa47e5d5dfff6bcc8af1c412c88f21d4406d768c18380becb87f43e85a831be18da83367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2056a54edd8a8874df7a160475c1aac2

SHA1
ddb4cdd2408cff1dbd70518e09d682514ec61767

SHA256
9893860e02a33bfe6fd747b1bec719178f881e4b9b498c024eb0dc032bf6fe16

SHA512
7ebe94c993d6ba0b2297c442a0b44d6256ec22e26bc4f09681b9bf64a554b7037d15ee51e606d682be15caeec9a3af54629bea9f37d614c16cf24a8217f0d90e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0aed7fd20410381453e844946a06f281

SHA1
6401fa1dc8b63b07cd79a5c19c6a5b9a7eca0fde

SHA256
de86ade53857ac8ccdbd5611cbb6f2528baf2880f67a87b607834a682dff5caf

SHA512
adcaefed7cae0b619f4693c092fa799da1d28915b5ffb59b552f8c77edfe564205cc03a3158ae0d3bbc80703d9826b4f17e1201fbf9f0fdaaeb8dad7bd1d0711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf5b809e179b59ed4efc4cacd7159aa8

SHA1
ac00122f5c7d75905efa12afb92857c7ba45b9f8

SHA256
35deb2f73d8ff01e9cb60fb1d90c7bed0ead46b8e7d670d365e7f758e4f8ab7d

SHA512
9d7546b6a6b6c5a0be9968d9fe05e435a2d376c214bfbdfea0df3e2cce0baebb63505827ed2693adc66a0b8fc0a9518b620319937c13f60c81fbb8cbc88c4dae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd414c07f05974e80e2ee69ebfad6fa4

SHA1
abdb2156dbf3f78cc3a8b08698a45877c7fdf155

SHA256
50c10d74872a14ffca078d05467abcf86578638c0a049b50135d0618d46c37b2

SHA512
a3e2971919e0d37276924eb1048496cde354d6231fef9d8e5f7dd1cec4e14cd93ae58f3e02c55466da72d15a4a506e265681de62a87c4bc44b44cc327e30cd20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2776216ff2ab9e6b22ea00457ae57fc1

SHA1
5cc8f76f1b4a921f669c5c9747a95e145d2e13ef

SHA256
a5490498baafa7b8358901ee8105f03ad219020d7e6a5ec8e8e2a3e36539a94d

SHA512
f33b888b82c5873c7040a45c23ce08e0d241deea5c98a362f2449f7e91cb392bc821ac607a75bc4214bc3d317150207ef0796765a96bc2cc38f52d8f4959f208

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38f01ac353a9de1f2e495929d337b0c9

SHA1
1b284e7c063d16240a68b2fc29dc7717a9be4de7

SHA256
153febe83db36a5c363e64ef5f454b8d4acf6f1b0e52d1b41b7ca5e41fde8da1

SHA512
aef37fab30c7619537acaa037033d6427f101cccbfafe6be9b31436dd758603a3d2b1b0382d5d0410ac2a2e2a9727b6a3613e68c04fd2407c03b4aa43bdbf2e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14d41b8da54beeadcff125c70f49a3b1

SHA1
1ca0494d108ef5e7c60770fddd8689ae9d729c6b

SHA256
da7c7888a1dab2765038ec2a046e435a9acedac337e99a53c5bae80642a22878

SHA512
b25fa542837dc74eb3de30e18ec7375d39229b997235e85d194bc5044758c5b336244fab98b2ddc7ae1b43436612fcfb9203758cce1e77953dcbd8a20c866818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
661e63df60286db0f23e5de450df26b2

SHA1
714980e3ba87d4552d84f85af6c39aa8dc9a71b8

SHA256
bec363c14180815053b7839a461a174bbab853203052c0cd6ec075e7125feb3f

SHA512
7c6acd3442a6e2fe0f31fa028e5da12086c8543b67e112d647e94c2af8f5f0c90a018fbaad6d8b912943767d1d9347116b66af0c5259e6ea9a22cc63acbc7768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7ebfb5417239ad41663fa397486bdd4

SHA1
b9d28a25100d27100d24f8722f07066203ec9eae

SHA256
5198cb10dd6f3a392e2fd536f1348b5bf4bf4cb7e494a33fa42cdee9cd22b65d

SHA512
d1f7cae80e265c9e9fcfd78afe70046c7e490028aadee83addc807dadd51c74585b6d9648358599ee28c05cf43a2c47c4223ccaabf3f994c3fdfa1333df99288

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a62f94bac39f51be37cf778ddb2613ce

SHA1
9302f3f1a597a562b4972d70d831b210550f676d

SHA256
6e3100cc5360495a914db2b21255079644aaafc841fd30877b1747c3383e2380

SHA512
06efa7a170c7b90a0f23ff677cadf2bcc213e390e6f6f2faa9651e61832f5d254a6922dcea4c067aa1988c59ea84823837c51c64f245b0af9d3e697e7b296409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c96a8420477e058e3ab8f3ccb88088c

SHA1
3f40b6e6fea268cd50a75a664acc4bd13925cbd8

SHA256
0497261c30ae22ac6c66a07d8ad99257f47256f6173dd88bd42be170c4a90de0

SHA512
1c135849d0c7c058b299ca65b2acd44c78b29dd7c6395ac1799a0ae5c782259c8e9030f772d6251fc2125724a7fae6ee822ac0fde69c2d0ecc0e0645770a6af2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ab0b0414692918445818557a669e101

SHA1
753ba8d713b15c0b050ae1b03517cfa03c51004f

SHA256
360d9397bb6cb5c16fc55dc4e2910d201d660b6fb7f7158af47d053ab02f0f49

SHA512
e0dbf4bdd064a3f1aa1b6c810714f8b86462c7eeb744e67a0c0f08ed70d68a33cf36e10329afa1498331389ceb48bcfa692c79d862ddbd32e55180319c9af82d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7552628c48f4609a07507d1a1d078135

SHA1
8c5cd0806eb641dbee34640a215baccbfb20615a

SHA256
768a111c69627a8bcf6588f2ffdc1945666585408880fabde83e5d2e10b13ae1

SHA512
f4f70453d5836464a130efb4d350be1f18c82696177ce3a7cb803d2679a811adcf173ace1b5c4a9f343f9467b9ad902bc6286c1f25d0a24427c61a1e84485db2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
536e34c471c894749d50537485cee507

SHA1
81b59503a21ae98fd9746a7135f1f0b8cae41b5d

SHA256
3edfde2deb011626969ba47a8e8cb420e966d5bc67228dc39b57f98504c83a23

SHA512
4d75b38d1e6453f712c03127b7edcd3cd5e7550e83a96fb44deae08cbcbe91acfd0d71457837112cb4e1fb2f286f7afc1b449bc30f8c8a80cd8a2f185658a9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\styles__ltr[1].css

Filesize
15KB

MD5
b023e611d099c3c722043f1861dc7ccc

SHA1
f149e3c3443dcd29ff0411c7f112728f05034ada

SHA256
f3c7f6cd056aecdbec0b93b6506429854975cf85477cba19b6be6b91a06ede69

SHA512
365c68166c8fc2fb900d55a097bfdf707568093ead9115afe1c855daad6f3fe48bb6be0db95d73fea8490c39fd98e6d1524e10d6f967dbbb0255f0774c74433f

Download Submit