9e31171ecc7e5d86eaf565722d5efed853f6e687a1b716494ab932f247db0dd2

Analysis

max time kernel
118s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

251efacf0e993ed67c9bb285c0aa4fc6.html
Size

2KB
MD5

251efacf0e993ed67c9bb285c0aa4fc6
SHA1

ad2b4fc221948ee10e6bc6b314a829bb4438b386
SHA256

9e31171ecc7e5d86eaf565722d5efed853f6e687a1b716494ab932f247db0dd2
SHA512

0fc83f00f88937f3098c362352caf60e18614011a82afd6717afc17bd6de2ed1e6750419e2b013f36b32af2d3eede50e28e91de7f5ce3ffee08b9e9b2d006313

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000bc81df72fa1c266f04eae7a0e658ed932810f40eae230e52627e9474a1967b99000000000e8000000002000020000000a265eedf1c8277cffa84241e42aa9732f8bf92acab20e6b07ac7520ac97e244e9000000098075812a9bfad7ef279a248ce4eec52757c455ef4f8b2d22418e50e770c533c8f9f900f92a122f2f61396c6b964b9c26d6f9fdeccd967a5ee7b2b6b8462416f98bcd4d531ea4345b92e27611c8b228145aaeed72970fe6ea8fae6b0ac4f6ee2c3f96da360e72f1459e5d0fb31b21e344e0c4612ea22c1a158c5678f1ce371df13805ec2bef734313160ffb312141b19400000006fdbb0b13c8dd23d6e0d5cb2d50272e18aa134958051e5f8c0b1522d36198d5703100c888ec7cc7c2be122cf461a141a74eab0e97bd94307ca686814a26b79b5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410317147"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0E27FC1-A905-11EE-A371-5E688C03EF37} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000036ccb938f5ea868a8deaa1498ba94d80e1b845df4d6f093591df46d0b4080f1a000000000e800000000200002000000054b539373a0a30738dc7aeadb2be72294b7564e6823c51cb36976d219ef0a2182000000043f905957ad3eb1dd9c24c8ef266551099d75556abea87a51c4d29fbe7dba56440000000f41789d77382d9bd61baf1a7a4dcc3aad78c80bd69c34e7bb6187f9b90944558c666580ee89a3dbba38b72d75b87f4b15c10722da540df0bb80e766454c152fe	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a089a096123dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2448	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2448	iexplore.exe
2448	iexplore.exe
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2668	2448	iexplore.exe	28
PID 2448 wrote to memory of 2668	2448	iexplore.exe	28
PID 2448 wrote to memory of 2668	2448	iexplore.exe	28
PID 2448 wrote to memory of 2668	2448	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\251efacf0e993ed67c9bb285c0aa4fc6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ae41192177d7f34462d868e8908351a

SHA1
a7a92afd31bb38e39ada002bf8c34ef92dd5eaf4

SHA256
f0a009a6e65729fc66354fd29417f05c4965224144527b1865f817261494c427

SHA512
f56672561281770f7fbdf2fbfce36e707a9864bb1e34634eeae2fc072ca663810c3f892adf5baba0290ff40b982e59f3dada7e5df690f4b0d2b0a956e48bf9bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9e00756f89749c9c35f0009b8370507

SHA1
0837e7482e6743f742f54d96923cb9b227e4525e

SHA256
b0bd31fe5fe2c2bbc6b22527d351f9a41847cee224652c94952b29746acf092a

SHA512
2cbc1698ff54c1e47fefabba814980b4e46d7f0d274cbc59a32a169e0a6a20fc3629811f7da6026fc1e852f872b8627c6cebecdae0af7955d254707dea8da481

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d145fad04e081753e562b56e509c24f4

SHA1
873bb4651be49b68d197063a784feefd93d4913e

SHA256
f518ab0b1761134cfcee77253e4c5c84084db5b7900fc1da2e72ee1bdc50a25a

SHA512
d9d78a33ef3135469f805833ccfe8913236e339e44fad78ef509f75f2c259fc3721425aaff93ae17a27e20cee9c58b6994ad4c0f221ec38b8bada9701c2ca8a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f9ebc07feecd4b4d4d913c68aeedb2b

SHA1
e3661e4cebc078e8b29a1e6c47ec1c5f96e9d079

SHA256
1bb83a565f74737b7ed9374915c659d939ed6edfd2b578d5855316c2b7adff7e

SHA512
3af0078d60b928f19acf0a24dd46aca11690b58ea0b673760431162b024737d6017bebdb9dd1d9e49abd09da84738207277c16d4328e7992bfa3ad1c183e89cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7977a420a444426e188fc6d55e92a24

SHA1
34e6f35596aa42942f2e7c01d4e0ff53038f8119

SHA256
95235a89092fc2c262b01fbf9d21195ff9b5e0a504bec3ef07bc6f954704d463

SHA512
e938fe2cb63d3f0b23de2b1addcf36adc3e4092a06ab5293589844c7174624b9f2e4545aeef988298f6f2b81505d1ca23f86048d7e376422b78c5cea1ae96b26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eac67b019973d5178a7bf6c7747de304

SHA1
4e408e846fa763176b8f9e140ae33ec4c595aa67

SHA256
ed9ec0f4f1fbd09e9ab7fd459d36bf30c1d2226a8f127be951e6538c0d03acb0

SHA512
d062eeb5d7c99d2ee624f6864e4c2e025f6c4b1c4942d94cbd77ed4de4ea18405014f9f4783a0a01bfd0ed46a1a56c3356064b38fc032a087e7db5b0c96d1fc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15316c280655665e5658dd03678a3d64

SHA1
0d4139e3c9f291df0a2a0d3a2828405e320fbe5d

SHA256
39758f967d2a58cad2550b3322d40f2c31d6f1d76bc33f3dfaeb624b01ca94bc

SHA512
ed33adc6c76e9782a5b9713278ea1825b44bd8e1362a013789351068a0d66c336ffbbc778588edfa35dceffeebc92d442ade699ae78dc1dd9843ba14f9b488e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
078904233379a32af0acb3ac66f4cfc3

SHA1
d73f3cf1a85a20475f90c9b7ef4d7f9bd27dcbbf

SHA256
81d2855df059a65b27e18a7121b5f53dfb84ed684e9039c80c5b111272984da0

SHA512
8d278e0110506c90b7e816afb83e135608f9ebaff76a814434aeaeb28dbc94b7d14303a45e0417c854ff5adb14f4587c922d870ec7784111ed95386cd02d8316

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
260e8fd898168421b9cac27539105421

SHA1
bc09b51202e151aaec4882afd991c9227e857a0e

SHA256
9bba51e81ccf18c9f6f47dc47412aa01088258eaee2ae09b8e794416227030f7

SHA512
d6b6e76028b4d4cddca4c779f38de3df5058d35b9865bdeab107eec184ed859e96411785a486396c07c3af9848b18f6fc7c87382d3fd084af0c68229cdb5c4b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80460549c24744e5d5ab75cc5bf35c80

SHA1
97b228c4a23d54ac6a8ebfd079dc244b0ed6c54a

SHA256
046f0a55558ffbc140ec542ee8216725a403696c5885231a596b8f56c4c829ab

SHA512
f18c63ba12802b501148d96b266de5a3d034f6d8374afde84fac5f3b50d27e2b6fdead6f8da19a9a9fadc9b22ffdc1af0a29e8174cc94404c2311aeadaaf359f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4606dad9b63379cc9ea7bd9cf4b32153

SHA1
29b431c41327cb4401d35b5075563b3203eb2bf0

SHA256
50b699b3f06074329c67c1b35a8ec3ee21dfa3fcb7fe118be3d2704b2baeec64

SHA512
5cb8add37169ec8f8cd23497c766337fe3a09270bd1b767253770822a9fedefb46e45abc4ad5fe6faca65c8cc78b8249dffe658e91e52e6a911e7d735a0384c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4fa6b486276f00651bb69f334b722c5

SHA1
5f955dabc01990975cfdcd63239be988f42e7f2c

SHA256
ec4a75d16716790ae31e7c5ae5d1182ca90168142dd6454fca6e7c7e7eb71bcf

SHA512
215d7623dbdf3717dc465200c37550fbbcb36c1c20bddf6a440cb7e6f57a9ef3214be8308308e617fc058c791092332f2c3a970feb6ef4a6e9ce247e98ac463e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42afa19bf581b5fd58ddbf96c250b6e2

SHA1
caa1adcb5a69a17997917d4cda32818284d20b43

SHA256
5af600625e542fbec80874538eda4765ffba20a4a0885d3cfd308f2cf6bffc85

SHA512
9f15e5ac4d1c538cbfc80b9e16f386a882bff209bd79452babaed6a431813172c1f95f5e12ab833a4bfe09e99257b929d0041b147bfb4db67fefeb512514ed74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2175624a90ed0678f62af525ad8ab72

SHA1
56e9f646ff8c305a1e6e4d41f4fda5c63a49a1ea

SHA256
5bfcc4c14cc61abb275028bde579c279329c0bd934c1a2a858a705ac2ba2bdf0

SHA512
9a1d8a340b43ad9644fbe9bcf5300f2a450c4028e5a4158c31794a1a9f4bb565f4bd09dec49cb752c4b3401743588a8f756c710bf37dba8099f0d4224aea220b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69e5e58fcefb98e7be966c24876b81ad

SHA1
4414e1a362937c078fe58c94c1a173357ea85a18

SHA256
bb4fc4b5f9e3f184f2122b0bf7ba9c21db31bdd54b8f346c870de82d2fec03fd

SHA512
3537d3d93b7697cd7d732dc525b03e3481372e3572a6c28dcde94ba03c5a6ded6452cc99d2bfcf1388bb15aec6a719815428adb25532e5bc94088d9367be39a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f7c4269a05b8ed6d3897ab85ef1a422

SHA1
035bef9818557a313e8299f72b661ac9dcf3522f

SHA256
feb43cebf164938e6a908accac75e5400764785db12c83ae838cfd8f13a497af

SHA512
acd8a10f099c27452975dee10e107fba3c7da05e564874e97b5aa7ab4c70b71c5f79629b71b5f8b6b1f180388ab7705cfcf148728bdf187b072b0738b8b05e2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2e1421410b0f512bcde4e305b0c28df

SHA1
346e4d655da8aeb704d0dc1290c6e74a49881a1c

SHA256
152b59a4cc1329a196e338759f8db63fc9fab0f78193a8085b54c367da1a42e4

SHA512
ff3870b88bb96a26a94d968feef6bf83d96f3aa27e7564af911a754ac9e9ca828b634ece7e90ccee8065b5f1b5ed81d3a5c80880432e884962ec2edd898ae0df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9C9E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9E75.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit