9cedfd993dacb5287ba99752a4172181d448eaa2fbbccd9f5d87bc561fad75c1

Analysis

max time kernel
0s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

277e2c1fab66dee6569efb1025a4ef14.html
Size

118KB
MD5

277e2c1fab66dee6569efb1025a4ef14
SHA1

e4b76474745441040f9027f6863ac0b79c59e4c4
SHA256

9cedfd993dacb5287ba99752a4172181d448eaa2fbbccd9f5d87bc561fad75c1
SHA512

347c64c3c495757a83c7e0b990c2d279dffcc83587b686f2ecb8e2113d6a282d656429d02a81c869243e75348f11f11dc20e0c97f0fa4a3bf5ef5a305beb7e9d
SSDEEP

3072:qbYBEwavQPmPJufLCfw9lUml10mc04hRSS021B9/:hBEw9mPJufLCnZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 21 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28491C41-ABBE-11EE-91F8-4AE60EE50717} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2480	iexplore.exe
2480	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2324	2480	iexplore.exe	24
PID 2480 wrote to memory of 2324	2480	iexplore.exe	24
PID 2480 wrote to memory of 2324	2480	iexplore.exe	24
PID 2480 wrote to memory of 2324	2480	iexplore.exe	24

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\277e2c1fab66dee6569efb1025a4ef14.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
165c13efda9389c074251b4f75a3a460

SHA1
2eef53323552c4ffc17085843771ff995e1944d0

SHA256
6a77b604ebd48fe6df72c7418558bc4ec8e35d3639747a3d42f9bceaf4c91c1b

SHA512
842cb524dd906b16d32781243a5d2266b58a65bf2c6ff7952f0176603129528934132f8e1e15d39fcb45da979149566c02cdf8ee9c829e46abf849af1b3dc623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab63bc12aa382cf91903518582b6f6b4

SHA1
e6a193d4ccdc27b60cf9075d66f6fb93d0032922

SHA256
562dbae57ca6a90ff36a49c540f6d17031ce9b02556927482c0306c2a1c5e062

SHA512
694f3f37bcccf4823c68f1fd70e86be81523dae04aa5693214a2f46d9247014f25ec53c1aab84ba3290888944f518c2293f0b2982af5e59584f087d663fb95bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5200b4c52a9e8fde1fb47edb52ba9061

SHA1
0d6054b61f95356d06ffeb43b2fc583bbfbbb447

SHA256
f68cc1ac305651d81b61963841e218300eaf01b0afbcd8dc404d886461aa6862

SHA512
f8ed9406d2d74a32d3d06691a0229e81c5ad7b0127a53f08faecc86a8d4abcd397be22f817c2318cf2a9628a72a2b2d48392e1935118a1e314ebeb1966dff7f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5721b405a4b37e1c3e24944bb3d1dcb1

SHA1
4eb73495bda0f74adc5137a1feee340c2fb0d5de

SHA256
fcd77f6d09ba62ea40c1ef015c3f032f3f7eb18e5ef0d994d2e7aaffe1982343

SHA512
505659f3baabe6800b7ae0e4c203a5582afe0b5cc771d247bbb41f61b6c53875211bd7859ffb219411973e04ded22f062ffe1722ca6b87772984ba0183bcfd4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb3eb4ce5f90120fa37e062a3f27e88e

SHA1
1eee5d21a30b388af4649b0e47ba7baffedc3f50

SHA256
8398e302613ff62980985baae22af6a3f105688dc51f48b6800f8794007b383e

SHA512
68e30dfb709564be581a44f4296b7ba5f9daa1e8d2e1fe29006c832ee96871effc0afa451e8942625c7c45e7150d5e87e2240e5199d7ce57e3cac10cb70c723c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
222efe6a2aaf9533d62e3ea60fd89ee2

SHA1
a58bd3d25f39ed7e74fd7ce99b1ee9e3f79f255d

SHA256
06c2cc0e434b38be96c9df8b6ed6810189612a3087aeef0d1af2889e8f187f92

SHA512
982445d0a9f2d8aeb7b285709d6715a600bdf413df65b21723317beddb5415cac43aa886e612c739b5cfc67c329b0ee11edd2a5dc8d5fe3a0dae4b4250e0e5ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
980978f39854c3d81d06ed6cf85c3828

SHA1
a68f2bac7ec3de529e28c42a1176ac2caffe87d3

SHA256
e2ee398f8435398a6a31ac195e4659f270ea1f4a1423ee032ba8521234703b19

SHA512
d4895432951de3cebc09e7601d06fb9ba34bb84b3e981908e1b87dd7dc36ea518ad0a8d44b343f4dce388f8715d6b1465baa61b8e116e24125e8552f54618aea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c3fe1610aae4871db28eed5c55673a1

SHA1
689c367251db08ad463ee51aa42bb7d2746492e6

SHA256
be6c527752139c3735155e20de76447ac65259f835b028e58f277564ddf9f8fb

SHA512
4a366172a9afa89887c911e0ce078489fda2f0e6e91f080805360773ea140947f63fe5bbfe257bb88857ceb6921e66207eb48c0a4af68a9d54f5da56294c686b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13a7270581cbfad7716099f5488f5a59

SHA1
63e4bcae8917a5cc3c80def283a5efe89dff2e76

SHA256
a3c0d6b1f4b17574e0707a3f3821fd2bd816cbaaa4b9653ec81dbaa5e5deec73

SHA512
02ceff1efc678741aa7a84d5f0e31c023e2d0015ff0f56efe9f5fe83e8e72dd48b53baf100957fabf6817fd18521bcd46b84324e2d3c4dfdbd8e9651502fa39e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c00f826ec9241481a4f851b1974bb87

SHA1
31e43c749ad7e173b00516b574bc918e419f8561

SHA256
439562798459172ed7638f247d50571676ff9197053552bc2cd9b2d1e070277f

SHA512
39fe487a2205227aaa4c77be8bcfede3637f3c6a170ac9bdbc53b464d9534efb3d5305a7d99e8629d32fba6b9d32ac50c949d7da04e07856c6a40c19f2f45e79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ab4d04e808302aeccf3433b769b88d4

SHA1
671bc69e1c93494673a8e85dd91a9dc2996d10ad

SHA256
d65f33f14959eb904da39aaba361be19c154ed2fa46f363373336e987515fd90

SHA512
ffa33514df41cdae2259ee1533a71e2c723261b112659da66bf66b1ec3da0ba6d4a979ef0584b4f14473fcb48943bebfd0cfa18d64774fe668d9d527e0bd91a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c2ecf8b0b8826c4786cda829561c9da

SHA1
ebf47548f832050dbcd36c47fdeda074da29e26c

SHA256
c1372b480c4ee69ba6c41b9bc90f6ac4294f8db8ab65c446a92efcf121132ae9

SHA512
c20c68bcd0d6132c8c13d66649bd130f536341516775e11c1eb3e2ca87d3bf28bf0478dc3e4c1a52975c0df5055656a04bbc3bfbd878b3f18bc8121a819e7a14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a26bb9e31af114edf5925e3af117708b

SHA1
7f6cc1a65404b4c52841bdfbc558a43b323ea5f8

SHA256
88852c08bf44a7ab9c84ba4688dfed90f7bde326f59f1c3dcb64b0c133811099

SHA512
5a039a4a80211f33cb2184085ab0ca92d00e4f9462ee0b765bb76aee4f1982bab1ba904fcc3af8a51dd688e8b5089858edf58dddd826b6ab3f8e773f38656a26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5ee352707a1e6fd7449227873344861

SHA1
cbe3b36144e91d5610550168b8fae45352b6ef18

SHA256
158015853149706dd7afc733f546ed396f2a7e5845c5fa4302ffce94a34a4492

SHA512
faceaee84a00d37b0ad7d74772989f45e091f9bd5c3549eadca5ab45c1c0333a86e03f4ee8434e741941fdba0d351145d3bf8111e8d71548114b03d8d3b3f5c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed27c4799d3ed1b7c217a681065dee40

SHA1
535ac112be8c13ddfe3855cb456ba667af7cdab1

SHA256
401f399630d5b792567a956256e795622aa75a3e60b984c4e54bfbbdc41b790c

SHA512
b4cdaf57f0bb6879f5f3df80a1d77633198b7d7d4461a1de7bb8f1d1739054345aade101bfa8b165cc195140f5c8ff23c998779b8bc81146dc7bad841f329ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\cb=gapi[1].js

Filesize
104KB

MD5
65e4f68cbe1640bcbf086bde0dcf279f

SHA1
82cba1641732ab73f92627c6b50e8b85161b4f43

SHA256
92299d7b7b8a7d870e57612ba04f19f56edb6ffc3e1810b2c4c07f6315d4979f

SHA512
f9941ae0a8c76b2b51c9ce7a34b684c28d341df13189709b0ec05204a29bca86752091ba2a92298644ee3d1b93203fb7ad6dd21f039270ffe076f36b9497e45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab42CB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5E99.tmp

Filesize
69KB

MD5
9421ad7d1fd5c492c1213453e7bb4abb

SHA1
6d0cee3e1d3afad45b65ac026f6e4bd084b03850

SHA256
106a02b66c90368694cc3e9d57f2dd8ff4573be4193c8a311a20918f022fa3d9

SHA512
5e368c3920d60931056ebad7ee7c5ae58f0a651ed42777362da4b739938a4a84fc85fa5d181304130488ebc41d66e0b2c35f617b993eb5334250d9548f6529c1

Download Submit