274c7884bf5d95fe95b2996454ba3c77ef3109cf7995b71fb4d397296176ed3c

Analysis

max time kernel
136s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

267fe378cab61ffe1f3ed27a2dea4f07.html
Size

12KB
MD5

267fe378cab61ffe1f3ed27a2dea4f07
SHA1

3d27d8e12650d6bc17da9b72f561a5d90b5730a6
SHA256

274c7884bf5d95fe95b2996454ba3c77ef3109cf7995b71fb4d397296176ed3c
SHA512

1e97938708f6b77b354b5f453f725ddd35d9f9029e1352fdf9390cf4718392cac70bfb16663b361e1e62de986beeccbc3367097f5da3e0f32244f1d9bfa411ec
SSDEEP

384:ln8uqnGDnW0qNmjVcP3S4K3Ptdr4hvr7CJTJKVeVauxu+0HQPbQu116Wo0Rzaamm:ln8vGDnk+al4e14

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000035dbfcea80242c287262e7e6bd9741ac770848981add5081f7007926f1e3a48a000000000e8000000002000020000000c0e2c731d706985576689813429bf5017ffbac95cdaafa6f81522b755066f5cb90000000d0b160cefc7bd7ac7e1ef37f676e1bd3b33d51433969b8a42ebbdfa96119cbef3e9ad3c3d97f9cce9912e6196790a1fbff99b68c74b0383e8fc20cae69adfd4a96ae7dda539be906c701dac4f9d180de874e07fed3796b25dff69cb0c5e2416dd817d557de70129caa8c598fa6ff7bf1a6d56d1dc2ae6e6e78aa7a1395113e42322c4c09e29ca8e48db990cda85e46dd40000000f6b42a53fe29022f0cc57ad55b71548171e30efec0e65705887ef309b6dfe6de18ffd26a8423b70759ab54d465bc134e8516239fffc79b0780116b0d481fa7ae	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0CA2ED31-ABB0-11EE-9317-F2B23B8A8DD7} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0cc23e9bc3fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000000f46cb3b3259c1dd40ddda07506329eee121f4ee7263956a3bfd4a76032912d8000000000e80000000020000200000003c7cf0be379334402059b7e0c3329efee424915b966efdbaa15c309c5ef4d68520000000958018acb725f7b15ea56dec547a6241de49acb653a8ef48d3252837a452d58d40000000c8b67a9d9d8e370d76b1699be431c6db40989096ba7b2aefb5872bc7250b0b32a464a044cf3e8fd14f85932ceee5e243a499d2c12e10e97f8781a4176bb555b7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410610183"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2088	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2088	iexplore.exe
2088	iexplore.exe
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2292	2088	iexplore.exe	16
PID 2088 wrote to memory of 2292	2088	iexplore.exe	16
PID 2088 wrote to memory of 2292	2088	iexplore.exe	16
PID 2088 wrote to memory of 2292	2088	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\267fe378cab61ffe1f3ed27a2dea4f07.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c02240799f38dbd163ea44be35be12d

SHA1
10819ae5ad5c013f7370015ab368e3d7cd8500c6

SHA256
ad3a5c66c64ad038523318e426fb08bb89bde6589009bdb750812e54b06bedad

SHA512
9f34439003bf9e657cbaea54e7a72382d91d97900eacecbc3266fb5dcfedfa27b06bc99b62495fc3a187b065588117410d87488b91850ac76fb8fa3dbef6a951

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b9926902400f13470577478abb8da2a

SHA1
287df378fe1ca7f10b4782b5405e03303f635440

SHA256
b7e1dab20d877a2ab0881c857d7e69d855beb9e1bc955ba5a2bebc5ce43a997b

SHA512
4e702615821697375a7cfacf9d561c0ddefa440ea5cbadc2cf361fbabd3881bc8ddd5fddf8bbfbe725943a49a500860247f1616141d3fb8609d071da3734dec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37275888244255b0dfdf1906c8bfae23

SHA1
a5359676dc2cebdfddb2b869008611c199fdc2f5

SHA256
d49dd46e7187c0a5b9d58ed21dd215046d7e2ee24066feb81bf957c02e52c984

SHA512
afd50e47c79ca309ba64638296f08283d326608d1216a9ff45e8be220aad2a5e223fd9400ff6a6f54b29a5a2609e095372dbd2ab47606b7223b06915b0c08d86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf5b295d908a3462280a224aefc186c2

SHA1
e3d066661efdcbfa6d961960adf4b6b664f85f60

SHA256
61b4a3811dee9145566cba8f3ddc4456656fba5ea11ab462503dd2ee68edffdf

SHA512
dfadff801fd5b18cca1c54dad114cecfee3a4fda83ff8654468c4eded20e9d378976227ce72d172a48889051cf49e197d0fd34ec5c226d71c52d69eae69c129d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca79fca93522344426bee515dc4e5df8

SHA1
759dadaa1788b873f411d911c949f9a36ac2adc1

SHA256
e4ebf78d28ebb2304bd889e55f3ebd89ae939c569a0dcccf0a4532727b98b2a9

SHA512
5549fc57242bd9c118479a6dcf7edc0ecf9e30fc9329a75c3f20a60c4eb3e66d81a082647d2b7185483f6a4e98fd9055e0cf47df4d89ba8693e1fd5011670142

Download Submit