0d71eb5dbf5c791d791eedc06421b4ab40acba18b78ec68dfc91528df56de6a2

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23f24c3e2044a25568c6de63ce2078c5.html
Size

30KB
MD5

23f24c3e2044a25568c6de63ce2078c5
SHA1

788ca84aecc1c2b7738138c4e87a1a9955ca8db2
SHA256

0d71eb5dbf5c791d791eedc06421b4ab40acba18b78ec68dfc91528df56de6a2
SHA512

bdad150c3b9d9f64acf9bb27e41f73975ecf7091af61b5c5d9c6f0da1241f86d788eb3a85065b7bc329ff91e3f98d8830225a4fb00e7765ef06e1058b87ec44d
SSDEEP

768:zKqsLuDFzzpR8RtSh912qSNmYuBE2SC5PW:zSuJzz0R8z1kmYuBw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000002555905d787c3c7b0d227a3a6af4632df21a38f244b0238a3287b140997a45c2000000000e8000000002000020000000ffeb96890202545ea5055416061fa912a76a7015dda3b01be548559abe5e1b8820000000408a8262207160cda383d194649c8f99957ffd3dd378dbb53b28b62c084cd48540000000ee308d25438bc921c7ae6c887d66d7c67d055a0ab6d29c1ee841d1d5268222e8ff0352864a09419a47cd2a673617a1184c5f7c1c02e265b481d6200e9abc0fa3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0ab26a58b3fda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000a19a46599d64decafb508d92894cb543f5fdec8d613d74e50a5c69b5d9054262000000000e80000000020000200000000903162948243dc3991dcc1663cd74a55d5558d9d0bbed8041e4c1a256a8436390000000bc57fb5bf8dea14c2edb23d9521ebe0736ed9d8d93d041f4a9a7e34bdf8a46d3270ecfd4d5e531439b78a0565d9179dabf0817985060ec8dc124627d13263b311dae4bdd4491cb445b86f4d74285b178417887e52134262cfe278aeec8a138111f15998262b5035796768d575f0a6c2b0e9a7754048d232e418d5249f6a1a90ff72a274ef1185708ab531fbacb30fb8f40000000c436c5c00ba424cb42a602ecc629aa73a2d6421cc6c452b384a2d596e0eb5d68c8d3c99eef693487e3bf295b2cd056d6324a7303c80c68f932b5e8970777beac	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410589015"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE7E2881-AB7E-11EE-8301-4A7F2EE8F0A9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
808	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
808	iexplore.exe
808	iexplore.exe
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 2340	808	iexplore.exe	18
PID 808 wrote to memory of 2340	808	iexplore.exe	18
PID 808 wrote to memory of 2340	808	iexplore.exe	18
PID 808 wrote to memory of 2340	808	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\23f24c3e2044a25568c6de63ce2078c5.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:808
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:808 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9a5de65ff1e65e9d71a5faaf4129fe90

SHA1
8189473bbf7b7dcfec0a980a6def16a05fd9ad49

SHA256
1b3618cd6d5f4f4ae60d2fc0fbbd012e7b7de930f6c9df7aafd22a7b1ce74f25

SHA512
d9c2f52bbf85374a960672ec65790b0a4e8bc0863e48162ed1ba3de230b2f7e8e8ae3433dbade01b92f5d105ac1494cb6b16cecdc1d325f5461d9144f73199f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
7867d355393032d77083afe930fa4679

SHA1
f64788e74e7b3becb14742114dcba891c9c4abd1

SHA256
dedfde35637fd13f79aec0e3eb89cc53fc7573a9658a416230f822b184b6c5de

SHA512
5d6e64561e31b078f3af5001ce1fccf8f1fb0b4bc296f085d52b5fa056b360144388d75e699a80b2f9c999d5f5b165512f2c98ad0c6f51eca57609640dd71ee0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12c80d21ffa374d34df03dd178e17829

SHA1
df674751d3ac3f0e6141fd1eb13139caed2ba406

SHA256
e105c7a54395a516cc8d15fc2f5ff542149df7ad1a2f32a11fd3e789bb5983b5

SHA512
4c20c33e566f786ebd50b9acb694480ca652262fbe04a23c82c2bb04a8895e88ce1b556dc0eb5615753ce800c8ef01f68426e0981320404557727d9ac99c9440

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13438fd66194a9b5145fb952db8e18fd

SHA1
fdf028841a2c09dac25c37378389e7b56bb1418b

SHA256
f4d111dc360395018ef194e6cf884bea7a9945bc6a827e8ba9931e66b70a5777

SHA512
7335bba3ebeccdb7afda73d932a4a2071d442d582f80c0b7a5f4bd2b95cc428e1cbfab5415f4d960cfeb795727614c6a0272ac74145649e0dcc5adef0a17bf4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6426c2dfef2ef3409f2cfe990d722ef9

SHA1
21113e365adb17505b133b903dc4543ec20f8cde

SHA256
2813e0007aac9413d296b134810d11e257e25a84cbf024f98d5607cd4b972834

SHA512
0fad1c94e77f103fc5e86921e9780b08dd1455999e2683f77cf6c14afa67c3490e322153310c1188de60f62d7f90fce6f3a2361d5d714c39de99d8a02bf411b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3401f9b6c41299f455eed1ff956342e6

SHA1
c5311575d8f5939c3d073658cf142438f376c90b

SHA256
bb2a7e5baf2f1d233fd95acdec11cd8d8e877eda19ae4dd4609fe696bb6c9f42

SHA512
badc71fc268d5d22af0e686285d54e85a0e2d53ec41ffa1775d41f0e5fb7eece637261355f9073d447a8c6f1f9f8e57d2e35d4c58ad61516e059b8ba3ca05d29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a96f1ff4618aaef338f56cfbdd91c4a

SHA1
f86b65450b9bfd1bc48af47e0f232b812876a549

SHA256
c36ad0e09fb8eabd85b0d60322f89a344648aa659da9ccb4c148474ab29d30b0

SHA512
1ee5023e8900101272427f6229b971a4623b39ee82f1a2bfc4df69ce248a91e0d80463400bc2e6711b886f5ad730f0ece9b41e1c941bfb50aac1d19dd8dc7f7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
301fc8d70bcb482ee62c5e3ac0fb2c01

SHA1
b2ab040f461dea16bf89313a8c894d8097794f3c

SHA256
922b7fba836fec78b3fb3b264b78ec1338e7a6be0589612cc77ffd4df2b34567

SHA512
a083a9e480cc71ff0a5a2015e87e2e0f5b3a907366bb594864e15dc8093fd114094b6596dd03ce6ff06c259e3fb6aa3441ee808c623aa2262fd149100b7b8900

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3936eac783fbbd87af066ba338f04c15

SHA1
c07c3e80bd941d1d6d2017d007433869fab4bd75

SHA256
cb2579c7fa8cc637972f139360b698744e4ed9631ee7aa7785b7f5ebaf64a95d

SHA512
64947fcf81b82ec92dbb3d86642b449b28894f59adf7e36f824d2b739f0fdabfa0d49d40c11de974edaabbd3bbfc2de4cbf51bdee572ee292cd328b8e0444832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a689794f3cfe3b1e4059ea7f0dff920

SHA1
63c3f01d85c1717dfae01a7358fc7c24ca683002

SHA256
ae5a4bdb06e1bc1c4765c9e13805f8267ced8cd59c95bba5d7eca800895f7f21

SHA512
3ad6f4051b4acb791ef35862663bc582bf9293e6ff4c113d206833aa047b150b8e82d53f6f3f8f91e3a1f47864f9019c4ff02c09072d8c112698ec51a3a0a714

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2372b47651c7d35270f1dd750a0f7f3b

SHA1
dfa4afec60fcb925ea4246ca3f68124ac9415d08

SHA256
9cddfaa3defedd6d7ad21005b167ae61792acc9987f026b93fea19fba2541e95

SHA512
5db9dafc2b0f7ab2160a0a9e3fc9f6e062cad7e762b99ecb80962a2513bc059d5f96ce253eb00f835fa3cac63d2cb72b5807bbaab89f35c7e669d77e6d2da93d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe0db8a3e4ee3aa8d3383e872de8695e

SHA1
185dc23e1e6198c2db092675330cc564b3eeb46b

SHA256
0469b84b6fe3dd534f9314e3d59eb6781de633ea63deaf81d6da26eb9c952bf3

SHA512
fbfed29f2aeac7c06fe0c991722a16facf19b5a106305168090493aa4631c85676792937151c4d8620adcc34837def4c36b25968fa1b60fb88d2356a72cd421b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bafb9783aefa58e08cf81f6a80e9f85b

SHA1
73267b75100ccfb5aec9b1b63f74e9ed8946522c

SHA256
c88edb944cec8e8825d362111ff3ca4b41aa7ef44408161aa8df0b0794054e8d

SHA512
05a998a78035a457349ac571a375126aac97b90dcacffc19de880fa9a479babc788d6cff49f09749ea667a1a3431089fa75330d94c7b641f02550a3de0dde3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU3RPYUN\cookienotice[1].js

Filesize
6KB

MD5
a705132a2174f88e196ec3610d68faa8

SHA1
3bad57a48d973a678fec600d45933010f6edc659

SHA256
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

SHA512
e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\55013136-widget_css_bundle[1].css

Filesize
29KB

MD5
e3f09df1bc175f411d1ec3dfb5afb17b

SHA1
3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9

SHA256
1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617

SHA512
16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\cb=gapi[1].js

Filesize
62KB

MD5
f43c3a979437450d947fedf0f859a8ea

SHA1
cf5bd9f3f42a451c1b07e58f18dcba4e36f229bc

SHA256
ceea74d26e49c81701a59657ff1cd3c59180bf78a8acbbbf4fe943f109bf5c3f

SHA512
596afba4b399e2c62c4ae3b8772d46cab725c479b8a0a98571edbe9cf938607ca472ff204d86c7ffb779f00ca981c6036ffc5faa948ed3fe2d7c955a051d7c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCBC9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCC68.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit