a86a250b92e1dfaa678cb78ceb26800459962966afc60b22095c96554c89d009

Analysis

max time kernel
2s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28616cfdacae6df6f451e9369d1d0f0b.html
Size

17KB
MD5

28616cfdacae6df6f451e9369d1d0f0b
SHA1

29e5dda9e446a44bec2dad69c0054d32d3c6850c
SHA256

a86a250b92e1dfaa678cb78ceb26800459962966afc60b22095c96554c89d009
SHA512

a925d3a74e6ac120de526c165efc7586bd46f7b0a55931679b7677b22a6e6ca873ef6b058c2c84b7c148852aecce7bfaf7070b2d224e45737bc9ea1c734cf4d4
SSDEEP

384:I3WK9E6dxftTjCeeoaRlknVpVk/mqmCO2CsuniJi+mBknuD8milIPHs1QOgRe:yWKO6dxfx2eeoAlknjVk/mOO2CsGGMkD

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DAED3481-ABCD-11EE-B092-D2016227024C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2304	iexplore.exe
2304	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2004	2304	iexplore.exe	18
PID 2304 wrote to memory of 2004	2304	iexplore.exe	18
PID 2304 wrote to memory of 2004	2304	iexplore.exe	18
PID 2304 wrote to memory of 2004	2304	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\28616cfdacae6df6f451e9369d1d0f0b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:2
  2⤵
  PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a3199fe3236755e76d383136527bc9e

SHA1
2e7d17996a25d07b37a111ceb3ae6c991160d15f

SHA256
76de2120f22d6c93e7d1d54570b87d761c0ccf8139ef91b84a6a857f8756f3cc

SHA512
0b3c21d81725cdd7ecb2b59698417e28751ed2cb373cf97cd97f8bf44c91abcc11898c4421b3074698246a9db54ba9e085ff694c69fdc5fe6b242e1441934b89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79e5e4502d6d740dcb59b21f8a33ee1d

SHA1
fd180b46b8e360ae145d58f1d2c680acdac2f0dd

SHA256
e65c2cfcdf245ca9c40eaa35e044323271aa65f371d4f1a1ea05459d14b3dded

SHA512
7c3bc6123b6127aafb14f5776170a52e0ccbddca98608e32cf3dea450fd1fa1f1652372365cc1d079b4445b0a9a069791274c111f46b00c0f06933994ef8bfab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32ae04419fb34cc11ceea6a1767b7885

SHA1
02c5c6daf94de1d8438756b69bf564ee09011d65

SHA256
58e13598475e18faad1d3f337c5fe2dca3e51ff8bd5a009970c5c005f64a60db

SHA512
88826b7a8df7de3eb0886ec30be93fe28e3cf9a9f84fb77c66fa995bfd5d61991f35847ddee41d8f5f255e94e12dc7a398d4416488b2c8911f0fa522fb3f96eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50a0348a6c92fd7b975cc58b047eb447

SHA1
e21ea9382ecde64eaacfc0a540528cde646ae143

SHA256
3615804a984f4e5320d247ed449b014c7d4c58c8049b1d291da3e89282dea4d6

SHA512
904cfa9322ac2564a834de6f0c0a9dc2f96c3bc5910c113ee0c68bda17408c5d37cec7911cabb6c2439995bdf2f04156d4addf444dfe6f52afe101711a4e6ca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c7939242f553a787e686d4fae3f5da8

SHA1
c408df49c8c59a09bf8e64274ba4ccb2a5b26b79

SHA256
e3dc22775332fab210dee5132e8670b2d7063b661544aa024f20119bada279c8

SHA512
6eadfe7732161f0e4052ad163b4946d43f5e3ea52fd74debfe908ad06d592320a813161aa0cd57bf6b770add8f44ea2adebadbfba494389a0383d949e42cfee1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41da255338a2d306c5ae389fc1e7f18f

SHA1
abf6af70a193ec671f132cc9dba6ebe5e2d30777

SHA256
235bdefae41ad545ab3e10452ded33c2d1405d83e91f789273cfda83845b3ece

SHA512
bccd278c9fe56ffc638b9bf7690646e24747a3678d1eb346eaa278952e2bfd43afbc7497a6fab46427f147e290ca5c2c1e8bcd98533618102631efdb7789a6a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6f9b3fd2eda48de4ec6dd048d6c882c

SHA1
4ee27055a4c2f410b7f47a1b777c2e7774a3b63a

SHA256
d2afadf475e2ae0ec0b3c0b90108ddf3b82daa88ebb241453ad3d0ef86ac3493

SHA512
29ea312bc9d2ae247ea00a4c90982a833bd23118c39e3c709696136aa6215e640a7065f1f7ac9d31e16cb8348a165a374a39430708f78e1336fcce6e490c9fb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11e7f85b7ed2f1e2c7a6566cbfd347dc

SHA1
222f4174399a88f033209b402b49e7c6b41cb235

SHA256
4e89a4d5ba0c03a58f3cb35ec33965153af1c6bff39c0d2d60a078e7441fdde5

SHA512
4834aae384d528dd8a65d6e779455fe6d2e192918678098a0185b35e9a41b62ee51c889810ca99d07016a09711360145260456c6a833656784e5dea34e167349

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
367a943e7ba6af3116f0a6e9193b61c4

SHA1
347281d0c8196b2d4498560d9becd0b6b743c186

SHA256
aa164f096facdb6189cb51a59181932dc1c99451f914226279edc802874c8616

SHA512
e8ebcced65a77fe4f4e05ebb5d47966444b335298a034a27be1064c4305c83ab9be767b5e1520442ef17bd3a802e316fb9caec65d6fa2041b557c9b570d13546

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAD90.tmp

Filesize
46KB

MD5
269c013582b5222338e0a3ed6d79438b

SHA1
539dc13ad5422597cb6bb65566fff46c44f1c115

SHA256
3bdd1eb40e3d76dcd58db3d22545f5c55cbe1a103d52ee5a714ea4bc70497ddc

SHA512
3e77144b4ffc5735fa5ec60d7595972aca83313bc03d2f299b3d95ef0ad021c02e81ea2dd9e958859b029dc29bc27464b0c7dd7420680f0c3f62a54f27ff4470

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAE6E.tmp

Filesize
25KB

MD5
278239451e555e2bff5877449b21e8a6

SHA1
40ac9866dfde454357a853c7b8f5df700e83b27d

SHA256
dc9153e8563a18c32dc687192b731280e3f9ed82c44e91c846d86c0788151460

SHA512
d922c32b81174e0f3cd20ea9aa79819083ece3d37bf46b46101890bd6c1a1e8c104c23acf765d809c3fc38943873e57e2f11c0ec9f4c7634df4b36ae0a1c9a25

Download Submit