155206decc2f7808c2c2a6ca63bb07d5ca1f4e1c7be2aef3f1d3c5faed88a06d

Analysis

max time kernel
118s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26eef2cfe5189e22208a96f46a6568ab.html
Size

432B
MD5

26eef2cfe5189e22208a96f46a6568ab
SHA1

5be4d4ff579825447586b024d2529ea67e327ed4
SHA256

155206decc2f7808c2c2a6ca63bb07d5ca1f4e1c7be2aef3f1d3c5faed88a06d
SHA512

eb6968769bf5978e603d4a3f722836e9bf95f8c13955c16a6ce0ae948a3aa0cbba9cbd36159a45c3b7a9ea2f1004d7e035567d53b781fa8c09a8227b74bb5c0c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410327977"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa000000000200000000001066000000010000200000009a39b4fe3e6d2f5631f6c7788f05f485584a7b7150b6c2145b8e9616b4f95f53000000000e800000000200002000000071c2b226295bdad6f3933a234596ccfcd38fa1ec6cb4c955ef6adef6a762084a900000002b24c59a134d9a28d04424c3e2f389536e5cb1d26cc51a6ae0199a4dba5fd687d578fd8d31be8b1e33bec63e0d1e15aa554d1a9a6b6d063e243887d28a492ded5865bc16002639a3e212f69585d4b741b6850fdb873dd694fe5379cbef7e12c7c96aa8261dd5f51fd9a177e19e2aba8ae2c086746720e62e9c55c50213bafceb6e776227709c0868b79c7be480efa7cd40000000e904caa34d096721d899346140124e7eadb2d03ccfc1328355b799026fa0b07197d175892cfea908796276921c41ead484603648da4be868d5ecb7291f7f3da2	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F6E86351-A91E-11EE-9BDC-FA7D6BB1EAA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000975da228d65af01af9e68ef8c4e6cfa0bb62bbff4aa5590ded9ff8fc9ed9d914000000000e80000000020000200000002b94f013fd59447854a1189635bcc2a83c32c12ce4b9dd5f81d67e5eb6532dc12000000071a76aecb7b4e88f72c56505e65ba6775991b5d7dbe5b97c444d6a1c768d85e340000000c0f0d134d5c29611b39c5c462d481bbe60d40f6fc91575c868848b16304083b706c6782b980365324fe5656dcc81ab52fff956538693d13b35a294fffe642c93	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20222fcc2b3dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3056	iexplore.exe
3056	iexplore.exe
1820	IEXPLORE.EXE
1820	IEXPLORE.EXE
1820	IEXPLORE.EXE
1820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1820	3056	iexplore.exe	28
PID 3056 wrote to memory of 1820	3056	iexplore.exe	28
PID 3056 wrote to memory of 1820	3056	iexplore.exe	28
PID 3056 wrote to memory of 1820	3056	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\26eef2cfe5189e22208a96f46a6568ab.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
979a8b4bd8a00279be4169ca5a2f342c

SHA1
1c374f38162a91a0a3dbacd2a52560c67723528f

SHA256
7ee02e86412167da6cb023348562e03b9b4e2702f309a0360807e548fc81c11e

SHA512
9426965b49599eb1eea2d5e715b3721d567f61ee4eaa8448f4b63131d40eaa6623a34ed7cb39041b087bb5bf87073d8b19ebffec052dc2ec4659eb197bd52780

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e9cac900a94d516d24e387d5d2b463a

SHA1
4fc13615f39ad19ea103b59e895816e7e30029ad

SHA256
d8d50b7fda4546d244373c6e39e923c631a56603b95b65eb08d42fab88719fda

SHA512
e7dd34017718c8a9714dcfa93ce18af50e42aba788eb55dd3f57b846691c8d679ce0c6219501cd17ff5bfc16de7303b8c64ab1298aa0cf77703b962c112dc9a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac857876c4e49e72eb4eaf3a5142484c

SHA1
680a182993708cfcff265458ca65524a17345a31

SHA256
745aceedc4b3cd0d7a28cad7ba196afdef4478eb1a37448496608821b768ffec

SHA512
33d3f262e8ff1b1423a7f70ef3493c5d07eebce8811b1eed4d1158833803dacadc272bdc3ef8efc299e506f5119b2add039ffbba5b3e3916d8165218a241215f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcc8e2c8b6235f35041550c32d7a4249

SHA1
474fae8d0a9f1a4dc1e70a355453d7e75ffd4db6

SHA256
1c352c362132ae4aca152d3aa1db9528c4ba57c165fa2107065b4ec6e0a72216

SHA512
eadbd857c65b5da4745d57887de1f0d42f53c5d928dd68022d4f0299b0d02daae108e1c1c941eae02acc47ccdb45d148baf65f5daf0b336ebf5eac7ede3376ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ba346fff715e5aad79d5dbe458c0730

SHA1
e36a213e9681c49b9502472fd30a95bb338b9eaa

SHA256
dd4e4b1203e3557e63e0f6da68850eac8300001a6e3bd610fb74f7c98bb5973a

SHA512
a5de2715276f4a8dcb010feddf9feaebb34378d88f9ebdf1d676c80a7a05bed62697229036fd87e7e2e075a31de228c0c9ba1350f3a863300dc0838b6a9e1182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
235e01486d632ac7ccb62799bda0f178

SHA1
4238be8080e73b83b36f8743ac658a6bbc3d4822

SHA256
d0ed3214609a5a2065907c8a16bc8f25ad4f1d5190e16e19b7db98bdc9125109

SHA512
694253c9e03430e1edb81f9cdf1c6c312a0f87de8a39ef64c4e4895f9414e5ca42bfc164be5c3ba50c62f1c1aec869b70b042d3a0fc44466443afd62bed9d455

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
470b64dac1f02f7699f27814f2d207f0

SHA1
e439d4d8894168d435586afd31edac3c99ed82e5

SHA256
1088aff566aaacf555c0c758fe6f04ebe796eddb6897b5a67032253d986cd469

SHA512
6e4bfa0b615bbe209ecd3a794e7ee870b56fccc2328318fb101ca84498588503fdc747238c70bd9adc4091d15ddc6040dc8157c469de3aeb4470123788de54c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d9abd5f47241aecee7f1bbd20cd9f84

SHA1
a0eaa3a7268215eb06498604ecbcbf0b30c1f7e7

SHA256
0f65703730d8c1a4bd16a0d7fecd8006ea6e6b4ba479b7ca81f8a3b97d31192f

SHA512
f0d038e9cd62fb4e07b97016b763cfa52f97baecc21073b148f52dcfadf4aa1b66296bb5b6eb99c3be038b760e1a6486cdefe3b1f32471410ef52b3af3388b97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e81ea1523604d9e60ad7d9e6286cceae

SHA1
31bd55752c6ea3c5f91af3fa54470da8202300c1

SHA256
0068710aea1769e065d17fa91e2563110f350292513682a5cae9b7ecc1cd9759

SHA512
33f8f599775f76a21fea17e77fe93d1ccd795ff5f43fe9d8ef10bc2858f0b8a55e7c9a61bd2ff57cc57f77dc11521076d1c057fc10d10ede9372bd1a729b0463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e08c95d4e33991ce2251657a97ec29d3

SHA1
c2182517a1601c955cb0c79bca46a671f7878085

SHA256
604b0a1b2849c7826863e7880df089074faeec4ebf44e656ac38b018b20df181

SHA512
679cd36b818dac486739e60a52279c9541e5e7a4c6c080b77486e566834ed1d6533600561872a814c364e9ca2662b3bb3ba9ab9c3ca8aed27ebf6a5ce58eed92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
556b8f37c86444e6d7e9c3e88e7a1529

SHA1
74c5cbb59b68c21a940b3afcf41a8a0185ae74ed

SHA256
8d6629ff490fc640beb442044100c6e7e0d9ef603bcb5df707b1065bb1413cdd

SHA512
3000f2db34461c936ab12f400802c83e7f51c3ae4c4085cf551ebe10f16e5c6051221ed68db46873b873cd22068ecf5ad4a7a0a36936117133dcf2eebe4b9287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d17f1163503cd4cec352db23c63ed750

SHA1
48402bc6a7c90bff0478bcf874cae28edbfcab06

SHA256
50248e9c6075aca9a6ef96b15f0f818ce503dfadd0bba304e7c413f5f27999b5

SHA512
ce2b7b6878ba50b6db564a9f6cc5ac4b644ed2af3ae7cf9468cec7e155744e89ea7abe73b4688f7089fb91086eb8001dfead5e4bdda78caa7479d00004811fd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aaa837677588bc3bf8c9b80859114eb0

SHA1
6639cfe93adeab00e04832ea98e99c9986ebae85

SHA256
50c6ccfde6eeef357d4dd4d4473afe9faa4fb970e09b67feedcf7739676a1968

SHA512
fb5a9e6a38f8629eb3e0dd27a984a5f7f92210b4acb045bab60c69c15931147cff4d2511bc2390dbce7d55678c47fc13e8bb3ecdc4321044367b98627f0daff0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9283a52de1706cd0bd62254a4809ad6d

SHA1
196a627a20a131b759dc05791d5e03b1e2468f9e

SHA256
21448f66cf96bc62938b5879134cf385b21dde380c02b49507cf20a9004ddb08

SHA512
8d4581a2ca9027396f2674af74f9db0cc52219df23880909b1ab658cf9e5c9beab40fd6d413b0f62119ff1398d84369b5f6d09bdf02d319ff2496a79ace211f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

Filesize
2KB

MD5
0ac5401e63b4a7f961985d569075de49

SHA1
4684c54048413d8528fdb31c03bf5cbfae657798

SHA256
4defe466a1e7b54d59948b3900a62e9cfa03b7a1fc05da06abe675deeb7fcb4f

SHA512
5596e1f7f1aae6ce55fee9b152fc308e5ca9594bb8788423561ed68bad45fe49952be764599cd657d4be67a57ce22b1cf0a72ac53b6ec52abc5e32db16104d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7EC3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC48C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit