8b76e627e8e25bb6f641b708ef37cc0495a8f7823221b59da5af44bc6734cc96

Analysis

max time kernel
119s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

271fa8aabd5f69c411270cf8dd63e79f.html
Size

6KB
MD5

271fa8aabd5f69c411270cf8dd63e79f
SHA1

ac4978463907764eaff82096bb703766a36c82a5
SHA256

8b76e627e8e25bb6f641b708ef37cc0495a8f7823221b59da5af44bc6734cc96
SHA512

685ccfeb25e90bfa185626113e3ceb2a7076edf5c1c2076270505bed0359e6fe005449cfc26c7a1f7b65f98ca7a7696f860aeb1a20d9e2302dfb67c7f74b8649
SSDEEP

192:ln8uqnGDSSW0nqaYwN1BvEtGKXAYZfClrZgPp+qVZXD:ln8uqnGDnW0qaYwN1BvEtGKXAYZferZG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{389FFAA1-ABB9-11EE-AC0C-EAAD54D9E991} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000003ae9e3cf34f443b94cff9090d5a9f7b871b2b2a8a870178436cd948a918a5139000000000e80000000020000200000009b92f21c78078407012e34cad5ae12c97da85d904d4377b88d1eb0c670e795a790000000cfd7233b396ebb688160efcadad9cddbc9d8a492554048da2bfb8b71a6dfd9a26e1043ea8d28dd129e62f242ec7f17a8d09df85d76f8092305e389269851dc57249ac4f7d16295dc9989b458eea78625f4d3621f9c02ca9d2d5a081feb8d80dde1e2f7110e1f82969cd99fa2915fcaa1c4b2fe6dff3223977a2a045ab5a3cf33bec699174b2f071c6410adebc3eda56c40000000c53ed60d725f574437619c8f17cc1079db5218d2513066da09b3da4294bb3a09ecf6dcbcc8a4dc90632ffa80060d7887c0004353fb09981aa149322b0422a380	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410614128"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000b2b7ddd1e03fe05fae51283d8d2572cecf400530e758b1de0df120217056639d000000000e8000000002000020000000c40a5ec10798494e482a319f56fa9c90628e60078bdaa70a10b5f8912dc2e09b20000000214582e5de7f4dbbfc670ffa9e1767390cf1f617cfca5ee48134e63cea8414ed400000008fc6ea9b8cddcd70999fcafac4f29f09774ee8fc64009b092e0f4ce04f32bf1676d439f0c99c7a36a062b8a02094ab7e3e8be1d466efcc904c851e4a7a1f042a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1051e211c63fda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2976	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2976	iexplore.exe
2976	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2680	2976	iexplore.exe	28
PID 2976 wrote to memory of 2680	2976	iexplore.exe	28
PID 2976 wrote to memory of 2680	2976	iexplore.exe	28
PID 2976 wrote to memory of 2680	2976	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\271fa8aabd5f69c411270cf8dd63e79f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c9a3ff8fdeaa29ae8244d03f3b0317d

SHA1
479b62d1c426c6018ada37155f01836ace428082

SHA256
5bfadec8e422c3b83f88d2100b09665b6ce22ed3960b100e2ef94ea25e242585

SHA512
271fbbef150e51a4a354266d5e25d82794d451f6ecbf95dd5b6974d9f0a08c749dff19f95520a9504b1c6e1c4a46be9789c1aaae50b47689fb3863eddad28a71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b42a38fd427c6f1794168aca131c262f

SHA1
ea92fe325801b1da71da67275153a08c2339778d

SHA256
4715e43a1bb278a6c046b5be44006818b2d74d62fc5f3a3fd68a65b577b6f5fb

SHA512
110b4fce9e38133f010ad501d411d150a0489443b48555774ad16f7d4e3038414ff7c56ff3322eb2391158ccb9d0df67201c83d0a2a2ee1e72f40a151dc6cb5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b41e4a9e3e0213838074c3d708836473

SHA1
a3a81fe510a410bac28fd520faf8e46dd1462c38

SHA256
98a6c57e22c2d6b1f7eba64922e19602b133ffeef242aa0706f5861a88e1c668

SHA512
5f425b2830d6a260c464c3829e09658e021bb8233b8c91df104dc923b3c56538369a59167c2c1df30fe05c2aae9bcf0f6e8196e53dbfb0535179ef3fbe380d65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecefc5f2c8f20b18e24569a16f75a3c8

SHA1
e2be97a5d500441177b83ab83053bf428a0b302a

SHA256
26a8e757a90894a46ebfe49e4b9a34dfacaea5f96e43167ef4a148f543c6383b

SHA512
b15f82e6b13af93aeeb4064a66565d1dfedc19648fa515355f0d6028e5fde064ad2827592b5e4275dd632f1c737da5cd1886d7180095a7842320385a669bf570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c2fd07b988db11c3f1ae9553c732c54

SHA1
62805492126ba88f7a806af57c2892b3766b06e9

SHA256
43540d7fe3474533f1689ef9ab59ad174cc177fb93d3426a59c071f5248193c7

SHA512
0dce738b7260e5af996b7b6ac32ba5a489982ba5b537a3ceef76632fe14018d8c132371ef85ed754687b553b906cd12f248dffec6d2624f1e5c7f29ca6115804

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d0b6628a474a26a86328771e33cdbed

SHA1
60074439d04d2d73fe94ab0af70865034cae99c6

SHA256
b1e48d92d08e9af5462b2c64fe4a7fd847d913562e8cf0df63c3a7ecb44eab30

SHA512
b66bb546ba4c97c401d616bed449cfe28967a9363f6507578cb9193a75a603ec680fca99115107c89aa57616450f1a60046e6340bbf372560cb22ac8d0ad9f08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d0a011c384077f17e14f1c0d442bfe9

SHA1
39d25981a7e861b8ddc0173a7981163021d489bc

SHA256
939035226ee73ec19cbdd108c11885b16cc9f7813924bbc7f2846453bfbf93ec

SHA512
e7a0b2681eddd83d79bc036c14ffa2f87ff348a7cbf0a4cca921cb3e29066fcccea4ca837d44fd6440bacb5538fd852d2b087a7e443f08761f1b7ee11000724c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b40b80459e93a72f1691a9d3259c6286

SHA1
ea7e8aa22b12d45c44387b6a4a5de360720c32d1

SHA256
d4d8e8ed7ef8d4a7fa6d83fa67edb979e422d6cf153da586ef64009adbc94e9e

SHA512
b0644fbe95b01d38c8be67af9544bd2b56a0fd279dabfa5705e224fb20682c702ea759be1718a0a2b77bf4a037f5692bac4f703154167cefde0075b80eebe24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f58ff3afa1943f51a76ee2aa405ad92

SHA1
a57411ef8acbd86b01ab19f11608e32a7554b58c

SHA256
2f2b9b13d769d601c6c413f9599dc6124fd63d994db6cff83508b02e80190b49

SHA512
0c1573a53ed94eadc930ce45efc32ccd75c224c3995d9cc175ee87cb74784881c04db1f26b51ad6fc3f6247b86a4542cf40faaf9925bc1f7e36dfb0dc535ded6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d01d95bcaebe6fda7276965403e1cb9

SHA1
5b211606aee35f392539d331bce1434490022999

SHA256
ab9a528d016ce24232d64261dfc329f6d88ac92adeca860244d09956a095ad44

SHA512
122044a721b7ed967749d27496fd2a43c48847d000566577a78b083f979a43ed462a48f2b1580dea72cb52fcbbe3e73730c5328db762a084e95f1d482e74ecde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf6c8cf4a040df1032e09610891a0e59

SHA1
40e9c68c942a89596916d2698ae2700d84e70ef0

SHA256
f98553db4c164e737fc744ea3d1da6e7bdbde001520c13c28f183d9964593622

SHA512
26d50c5fdf86cf13017499f04def032d5b4f4dd58a58858222c95ee2794cf8993a3bec052b47534d4e8f89ad2d23b9284ed646971d3b02708e6384d48f620a2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f885fa3f226bf18b284e3872c009ad92

SHA1
6357177e3b9e79394d11c4704fa334493cd6f1f8

SHA256
30bbbb175a8a2ac82ece608b21fb4872c30b9f945a3f7a8496f0db0a91200ee1

SHA512
bc82e97259931ac5857e2736a6c1736f296c68a8c03e5e722bdf123309626af4a09ca88735923b8f5d7fc20285531f8b18f39f899fdf83af2e9c0ed1e06a5c20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dcd1ae1669f53db0c749b5d4204a516

SHA1
f5d25b734774407c018b40e12b85c2e7e01a50ab

SHA256
e7674e1d1898bb639539fe1b8021e3aa248c824a6385bcb7a1de185c7f047f07

SHA512
7b465ed3a5425de92bf9990cfd69e107bad8d582ed79c36f02577a3d5a54378c3d05399fdf0b244a2d18885a96c813e3dc9008b5e7d92f4adbc1279bfe04bb90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a42502378b6aa6f3efe81698fa0a416

SHA1
aa031a08e0d8b596b121098b921449d41038cae2

SHA256
88039104179185e794d0a9775f63af6befe3ad9f0af9881b89de6f0a8f7b07b3

SHA512
2aae3027bb167c86d3cd60430052f1ee70760ca03259f1ce1889779ffbe12c4ba899b18046070070a20ef1f245d3fb4bfdcef845a08129d9b499caf6d5291898

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45c207ee09bf95928afcfaf8b461cbb7

SHA1
3a45819656e2730414601db972699abde62e0f20

SHA256
e2ddc86d34e76540ea843772460f260afc53d81d9722e737171ac76bb3c3e2da

SHA512
8db6c520e1c4b3d156af0e99e47d20e15e984e3e28cacf84102e1862428a175d44bc60fd4704279af9373c23c1dccc9b5b75a7d577fcfc9067b9dc9328631f24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
709626e0627981c4c9a58257f86da5f9

SHA1
6c3da2dac7bc49677beb1373767774fc064ca8a2

SHA256
ce3fdb0dff9f3e8270f1a088113536c7e02f4fb63bb83e80a0e8fd8c649cf09e

SHA512
70aa05ebdf79bbe437dc4ef9b4385969ed9b42ed9468c3ea7e0bf22fc5fe3a9a93932ecfa7f1a9ad623fbdf9e22294ef701550a29081cde9761d28249356a6f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96219e21e04ea1bd875eb2a084616ce9

SHA1
973c361544d695254d580f1b7e26f14e149c5763

SHA256
8637ed067561b897b773699a3c9874ca3141adbe94948bcee7095e5850fa44e1

SHA512
5fc86cd9399da21dbb0fec0c683622a3e8f9de950907e773916ca88012a5ab89cacbb957c21559d7e6b11bd9d59223fffa2ca5f5f4c9618625d77bc19337a66c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab71F7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7248.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit