dcf89fede688fc1684f3d5de543ff1584c0cf98064fec104298775ed0b861244

Analysis

max time kernel
1s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

278aa77be4b805f2740beac9386b1878.html
Size

27KB
MD5

278aa77be4b805f2740beac9386b1878
SHA1

ec10535ad6c5b0931a56680b4e670940bea079bf
SHA256

dcf89fede688fc1684f3d5de543ff1584c0cf98064fec104298775ed0b861244
SHA512

c6a57082642907de488beb06b247bea5195c5a6c1353c6394b0e053eee9de4016873d90ea9bb114d5938c0a2aef2b39e971106d174b8b857f931615d87fcbd41
SSDEEP

384:FX+y94cVppn9ts9V0Dwk8GG+rDezNHTx7QprQxriO4WVS7wwtZZbCSM17tWw8tIP:FHzPwjGhr93CBcw8mOO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 21 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAC355B1-ABBE-11EE-BB9C-CE9B5D0C5DE4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2084	iexplore.exe
2084	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1508	2084	iexplore.exe	19
PID 2084 wrote to memory of 1508	2084	iexplore.exe	19
PID 2084 wrote to memory of 1508	2084	iexplore.exe	19
PID 2084 wrote to memory of 1508	2084	iexplore.exe	19

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\278aa77be4b805f2740beac9386b1878.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:1508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3b5eb4f519ffc46c6544a6a3c393bff

SHA1
bb1503614a3ae93edef4938efbc5ac42c421e006

SHA256
b421faee7f34c3e2a562d644e8b2dfe14d6b47c00ce55415bf57eb8eccd768d2

SHA512
f322470bb45207dfc7d9f72202524ea039012c82754208ee7427bb06eedd892b95490af2bb05bad696c868d4c1c659496664d00319239a363ff547055790b596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89a3839642be4b51f587c34ecdba8153

SHA1
c1be2690e794fc8177849352650de9b5a91ac0bc

SHA256
b135401324f870b30fbaa82ee049c2a8590b64332e2fbbc774517249c8c29e2a

SHA512
785a4d62421dd59539258e7d65d9cd46bb3524a24faa9886de7ca748c749dcb673651c64839bd7883c46402f6e4adbbbaa059635e077e8ac25da7ab79ce563a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65661427b5368eb777f92ead9c2b3bb7

SHA1
eb1c97e57c9d7f952b71fa24b1dd6173df38c60f

SHA256
aab8400cff8b7460a942802604f27e447d8a5081476c3a1e797c948ecc78fb8f

SHA512
e5ccc74bc5218afb57b1be2c9b5a0368b1353e326964c70377ac6c494d084719f766deb1f0288ff33707cf384115ebeb6b41d98fb6bbb1d5408d722a1ea9e8bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10b62caf43b060a25a5f86c2c56265e4

SHA1
b221a118a593bdbe19c6379cce61bf83121b239c

SHA256
51b38409ee9f01007219d1408a714213c0b4c100a67d382c49caaf41705ab80c

SHA512
05894e7857ef5ba407d65c1619c713ea4dcff9f2f366b935771c3d2556068160e74f9ccea818e95d6f32bddf49058af3da14cc1eaa3a1c92ceace8a8aa4dbc6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cf68774f4ac0dc52e585ed26679c5b0

SHA1
e3bf25e34288e23b0697e064325a5c45143f1fd5

SHA256
e1d4d8951152b003859d6be58d668e64079fb808acb50aaa5ffeabc3115906d1

SHA512
b77f539f0a3ce8f9d29924f883f259b6c405144e2710d4d38fb1e173c58653321cc72de47fa481ec07af4f7b8da884325b2d444dc93397de7bfcc4f4439d4793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16e86bb4dc3e36826a5aea0a6cc92b2e

SHA1
a74aaf5086847ebb656604e2e1c684c3a4e0e2fd

SHA256
4b8a1029915f8135f284743795cf6cdc06489cf3d11e51286cedcf8208c24422

SHA512
efa942bb91643907a34b14de69c2ce83aa4c272f4a0c72b40812765fdc4eb2c8369311f752ed99dd23e9de85b9784a17a2c304b1ef710d964cf18d148c3f0c12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38a6a99275306505a90a872e9448c688

SHA1
2e0d7320f2b999bd96a0b2ee0129336ea23e0aae

SHA256
0bc520eb37a72aff46ea6d8c352a81fe03426ce3f808801db8440a3847a1d446

SHA512
ecc754d9f2207b0301a0263e5d945c2b791488873b476ddf64593d3367acd74974751dfb20b800c87630f6232101e33e433b7bbc15e12722d2ec1071d5105e77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e211c102066a3f5d28077cbfe11bf070

SHA1
2b610b4bbdfd93cd7507d395dd6f88b9474b3b63

SHA256
2013faeb3fd1562e3c37abae087559bd886df5180ca957503a2f6fe76857d2fb

SHA512
d25333c8cb4215ca9606d1b9845125e44b0b3c2070df590184de2e7d7dd74ed088f68e9d5f78103f1eaacbadcb2aad4f0340e5945e3637190dbb76d17d497bf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec60424d90122fec308db99a77a9ce32

SHA1
4319aee684f76c7b55b7edfc4fa47e1a57eae630

SHA256
07e4c0ca2b7e296dab80b631fc3bbeb34b7fc413880dc0c02d95a753091e4a31

SHA512
b73f1cd0c54bdc58468d8fa5aa28b27e36f73c4a5d6c54f7e48b2a7c195bdaa6eeef2143cefadd696d0bdccd3dcbc27a4e0c746196ad5e18a7919515a96cc3ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c51186e5003cabe4bcd64bd3c7b85897

SHA1
4580f8981cef5e089ad93778413a4a68b98d0775

SHA256
d1ef67e416f78d7108796b973b7c1a41c8093d3aa7a40927b1ca05effa57cc93

SHA512
60ca78cf1aedbee63d90eacbdb4cacb0ddc209c9515602cb2caf7ff9e9a58c350ac42a096ea385f1b738e75481eb2cc4af111bb4ec20fa8f6b5269a84a9ab3a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52eb099fd1bb12fcd0756ef89d173cea

SHA1
4c7bf6c7458aa88631b73e594bdd7072fd0490c2

SHA256
547a4ea78ca5e9a0f0e192e4e970c2e8f33741101a925bde520ed5d5c4289c50

SHA512
47017570e164c89951a3836eddfef952245632633ff513c7d7f179082704e1c776e71b48e240bac0d5d2952ec5d9a3dc659526ee8ad36fdd4b1b89a8522994b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9c2161af3b64c5f2ce0992fa456197e

SHA1
bf51b395daede5edfdf05e792d37b3777072049c

SHA256
18a7f65bab92c7c69fa5e8f0e27a28231fead19e94b55ba7369aa79773c0fc75

SHA512
87baa19f5453d4a79dc49626add3202685d02d3e6a1b1a301f62e12ee67c67f7b1a26e95c5633e5aaf84c9a9636a725ff2f486afecd794b347db482109caa6a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f58f78a4cdcb32b5b7e6123ef48b4e95

SHA1
eabe944ed7c2633e1d09fb96ec3ea89524c19962

SHA256
b095ff4cd7b505969d4c160529975d2a9369feeff8c6c15bc2e14951b133ced9

SHA512
b04cbc655fa87e85c4ae088ef93bf78f632f0ff4d2dd637fa42bdde37fed9cc57a9ffe66d6475164f9057ae88518acdcdf212cd7e1761c5b6c4227bfdb73a6d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab758F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar76DA.tmp

Filesize
74KB

MD5
90b908eb6522bbb5e796de8e376b35e8

SHA1
597959e240a615b4b1dfc1e0cbb0b9c360b37206

SHA256
71c5faea4eb682b4375a3a4b23cf9d0bd247dc194f564fa07d7fd929ef4c7136

SHA512
5c7546a4f7e0130eceb566b08a03830d8eb04c19f288121a5229f2073a37c6ce4214abbd4fc4d89163d21230ea224a4b192f97cfb40232e696fe62bf6a562f7c

Download Submit