2cab4c9ea643e87c9c46c21011d681b16f5c46088a8186b34d39d3a9c33ca229

Analysis

max time kernel
121s
max time network
157s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

26fccfcf6f1d9106932f32e52272aade.html
Size

432B
MD5

26fccfcf6f1d9106932f32e52272aade
SHA1

2fc714632812b82b46871f9367e5da860a093092
SHA256

2cab4c9ea643e87c9c46c21011d681b16f5c46088a8186b34d39d3a9c33ca229
SHA512

5b9830b250d6278dc6f39b25eb58c77ee6224e93b6792bb78a20dd4dc3faf7e1bfb3e292deef6073430eb8bb51778cf7b77aed2d36fd80d479c1b865dea92426

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00d4ef912c3dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C9695D71-A91F-11EE-B1D6-C2500A176F17} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000067a2c59357209121461d7708642a8dffabed6f9ba82b3d15beb4941d564e2f6b000000000e8000000002000020000000ec84bc25fdb39b0729404058d4d6c7277aa4fa2dda5f96f0cde52cfc014acb7720000000a2112b01c7982e78295b6294f1894077db4012c3eba1646d8c0d92f3aff93c334000000094a12d3b6cba2dbc1b4a37145b450bb0f0bb00399fa42fa7fc12c579aa239212860da5e28263af75a29c8aa0ba19850de74a16fdb1ebc6e8135ff914f4cdfe04	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000005268ebc2ce3d74354b1adf0beb8613639d4863cd7dbddab76d1c38e0fac82b3d000000000e8000000002000020000000f0fec0982eac1ca106478c28198f4b2e1bc3edb8620b0fb38a9fc7be58c3429690000000937b87800272113998a7df97234e12c67acbc5688b0684bb5da0894fde6eb56fb7ab2098235b9bb416121ffec7d8826c5ad742dc042aa8c7efafbcc04e6ebad1badc19cb6f8908216febed88bb19342b40584ca56bec02d3b578ec630be0bd069cd75d707f2791966c45b43ee358863d3a5f5faf1a4ee7d81d9e405f2af4dbfbd6a45adc9df6ae286543ceb35f470acf40000000430665f135488be21a23a537a149a8aaf0a8c5b81b0f33f8d0ef37f184b6026a57c8088ea59e1b8f93e256b84010fa99107704f38116edf170cf228e660a1a36	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410328324"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1880	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1880	iexplore.exe
1880	iexplore.exe
2472	IEXPLORE.EXE
2472	IEXPLORE.EXE
2472	IEXPLORE.EXE
2472	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 2472	1880	iexplore.exe	28
PID 1880 wrote to memory of 2472	1880	iexplore.exe	28
PID 1880 wrote to memory of 2472	1880	iexplore.exe	28
PID 1880 wrote to memory of 2472	1880	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\26fccfcf6f1d9106932f32e52272aade.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1880 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
345e77e795747e11990e29855c5e5da6

SHA1
407b28f261cecdfa61192ad3d000a137c669cb5a

SHA256
95460d99e868755fc270240d423e1ae14b98024f8b305f42486acb57cf0f0c35

SHA512
440502a79a6f8018d7f22285a580dcfb049c9139d949667558d0bb7a5f43c5e8f06bacbb9edd14f63f25c784f4b4fd25dc809fd1cc0a59395c91e5cbfccc2409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e781587aff3992f5da52173e9161191

SHA1
fa8b86b6fe951ce83c8f1b38838f2d83d14ceaec

SHA256
fd571bd3186eba07cd0049cb1d44e0eb5d4b287d7027fa1cf6021730c9433cb5

SHA512
4214acb35cdb9780a2a7bc743c936700187fc7afa79d5b1cfbec78d6e4eccd055959dcbd5fd99d3b987eb1299107d1c3af7a42cc2a55b8d07de373bb04796528

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
852df36292dcac65ee31beb31abed220

SHA1
2039ddd1e5707ac7d40ec3b5fdd3ff9ab65f8455

SHA256
423d1bc8024e99b41f0c789d17029fcfb086b94d6c03c1ea46147c2ebe3b8216

SHA512
1b83390d5dd4b123ff0f3562e9e89e5c01cb84eb21e13a4050e92216350a01f4f001f21feb16e3c62bf1ace7a6595a233050d8ff40e0a4772301098994ad1586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2546c8245d3ec10bf135d151af47429

SHA1
3b2347b2f5a4c48be2d10b52b26b6b7968061aee

SHA256
c15d738aa0f91a60ad6bb3a09de361d9d004b1b16656e27856726eefb38e6b9f

SHA512
7ac4361369504e778bc8e4fc6bc8aebf8039e7e940f34dbe88ad312c1ba6c97cbaa7d3f5cc57aacf8c03ebd8630a5ddd4148880eec14802d03ba353a146c9798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03e3df1a3510d382da045756ec410039

SHA1
c6f400043bb63fc9bcb2b72f05e29b02019bf086

SHA256
ee70ee04469015419da9fa1394464a555054c381cfc41e587ab35b97a589b4a9

SHA512
125773cb223b9a46d2176ea68f956735e7a2722eab81870c7d7af80d9e81671978a7b082d4581f85fb83d8a4f58e3e5c56bcaf31479ec88f587fae4c7f16f144

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72fec701ea77d8f31e03b0746c829d4e

SHA1
d138cb73f146b6da0ac41670c0716cb3144b46eb

SHA256
554c6756ae7913f4cbb23dc21d112f824840824955dea26f4e4d5d7516e26380

SHA512
b9a49ec8bf3fcf61db9f1842c105f080f29bc1bba69289e06703b829a2da6d777a5cd076ae1f41dd48ecb464d1655167936340280de6d026ae078404c419d8cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8159700dccb0d0f938cedb82f8052d65

SHA1
004b076ba06a51cfb34e18e470fb1bafe656518c

SHA256
607d0154eeb942becf65512462739170b56ce2f48dd8540c3e845327619e49b9

SHA512
934f56ce335e336a4a45e94ff784da8a1bd0d4d753f39c6d7135518fda609aeefd935f3e9bf52f5037b56559605845b487e95156e1fafec097b7186b4e74748f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aacd71037ba77618317f4492c1a7d09e

SHA1
b03d09e41b3393ffb5d8c1196223a84bdb4a84b6

SHA256
ce3f4756d892cface2969f40a6256e676042c7eb35d8844a6e51c94fd10ab057

SHA512
f19db2dfab156b893f42d10135e60ab182c0b46129e195631ca350743717c53da82dd94d0494cf9e30cad048bb3fb2cf9126d636cbd87df1d0ea14e966e013b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54304f8c72f59ef95b14c1a27d5d2c25

SHA1
c45b37d35c26ea416baddf17c69b0c69539f6bce

SHA256
5086f8bc0fce2cdd91cb92c591c67d7f543c062a5827e5c96da2f9b7ef3ae82b

SHA512
555bee90e058c2233c3053fe1ad9d5b17b58ced4884dc77fef888894d3cc31dd33e201b7030b806c052dc592d48fa1f2d7a6cf2036a6e3310aee0121922c31c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be2f031d29f7c2553a784360ff8abb38

SHA1
7e1497f4426e7dfd13bcfaab6e435f365d34c8b3

SHA256
63c0d2c32f422c5b7f7e8053f785dd19f48efeb9831273f60eb7a768bd7a1b1f

SHA512
33496c9c6d506a050a3973c285f0d26eed2d38a2758fb39754d213a868ad2f9061c1f1062539303b9f22dbfe9dc9749576c6223b294c90ccdcf6193377fa8182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcab68de604786424d8303a67f735cc3

SHA1
7dd74d2ba4106e2933e1516452158eb9aaa1e7d4

SHA256
a990f638ea680a7aaaa2ccb2c02b5d9625621bd9bc642504ab7e4d5dffbd4f4c

SHA512
871c6859c1f683247b7ac046f2dd45c90eb2c9bca4b91dd6591cb369604372c539612bab7c0d3609ac27b26bb1d019757d8c5250e4394f8d356efdf237870f34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5040e9ca4869972fd0b343facf75c5e

SHA1
aee0320e18a0bb807c6d850ddef38d2def681444

SHA256
3fd501eb2232c6c319812f607b8290b764c7dcaaaff5425627275f4dc04a1dc0

SHA512
3ffcbc3bed1d3e49616cba3d59ab29f2c3491bea798c5b48820165f192719597484f1703838b2acd588f474275f27f56b7306a2da4c28459a7fdb1e4ffadbbc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5401e0a0402fd669f3132d2635ffa119

SHA1
ec902af5e26540ce207ac734d6af26a0cc3e1353

SHA256
43f42b5c33c7f253d09d2739b3651deb3623a6c1ee4811dfbeb9ce18dfb32dae

SHA512
d40226aa2e838e494bb07e4c9b8a0b9a19d73ac0dad17814fe1f9434c640b6bc11e89861056f36a090f669fe845cfb541f0ba5b3ca2944d8a725d643e9e1bce9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ff01695822c70cbe8d083e658d86fc4

SHA1
b2d21624da9d529ba10a016d4b7945b5accd725f

SHA256
8f640ca835773955eb724ee32a835823893b5a412ce2b5c2ab37530c2ac2103a

SHA512
ecd2487d268dd1a5d4e3a92a78dc0f2af3963b6ff6f29a90650730f36a61988d9583da1d4d0c06c7615bafbd9924e567eb43b7c824e5c5cbdf3fa8d85b99e7bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34db77b10d425e8f0a3f997ae9057b68

SHA1
3712cbd985c780bb05518204706f1f70451ba6ca

SHA256
b16e0649545f6a9457bab7a6e2dd1d3988fa2e8170dac0296fde55bc6f810324

SHA512
e2a4f7cd08fb7bf9dbba02a190e2f2725acc578e0ec140eaf990f8ceecce8ddbf6540783eb0d32c9ef75694f357363c7ce6b3747cb66cca509e4e548fbab69d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

Filesize
1KB

MD5
55a8934d1432bed4a3a95a126fa7e66e

SHA1
f6656bb304d03a8e9d4bd6da3590135fca447673

SHA256
ff7f6641e75def45012c1f74b65dde7cdfa3300168c0406002e583ae61e1b99f

SHA512
fd4508a159f6b52ed45d90d4f3bcab38b450d26213a3cd363ce1396aa3eded8a2775f831311d18c36438d0640e26ed32c853b8c2068ca6854e14de3239112b72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9629.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar963C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit