ec9023c191f85941645963409120aa0a47a860ce3442ee79a04505d81b146740

Analysis

max time kernel
0s
max time network
23s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

27f0f5fddbc568ba4cc3f2832821a23c.html
Size

8KB
MD5

27f0f5fddbc568ba4cc3f2832821a23c
SHA1

52315d0f2e711d8af77c73f22012c1a222286583
SHA256

ec9023c191f85941645963409120aa0a47a860ce3442ee79a04505d81b146740
SHA512

083c5b5162f741f63286d6513a3f5863126efa29a7591e23c0aba3157acc629d8019784de7ae7863c6e5e5ce7866fd6bc7aad83053acd9906fb736d26f0415b1
SSDEEP

96:JvHea+P7BOJlYJl6H/ls8tgzkoTDXhnMEQiFYtgIIminbWupwej5Fp4AuH9k+MiU:7k2h1qtv4Xk+ik6wKwL6b4p6ME6O

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FE42C0F1-ABC6-11EE-A3D4-6E556AB52A45} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2212	iexplore.exe
2212	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1308	2212	iexplore.exe	17
PID 2212 wrote to memory of 1308	2212	iexplore.exe	17
PID 2212 wrote to memory of 1308	2212	iexplore.exe	17
PID 2212 wrote to memory of 1308	2212	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\27f0f5fddbc568ba4cc3f2832821a23c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
  2⤵
  PID:1308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d9ae163a98f584c266e0ad8552b4bf0

SHA1
f3d68b60da9b11413a8e6ebbe94ccaa08732b568

SHA256
d074038509037feed1ecb3e1dc61ebb1c8dbac3931848fd4a5577d2e0e1a95f9

SHA512
5358c8344aa2d0537025050cb9c22d7a791f15b490101c1507dda269a0bd5dd6fdb78f8dd380188983851b258bf45c3d3f9993e3c8b397efc40e5fc8ee30e5ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a4a97d4b8f37893309021446191993f

SHA1
e0d458cc757f2031c9b8b0f1d146fd2a86ed0556

SHA256
9d7cee285b9d224799fc79d6a486d42f4086ad227728cfd5bdc3619eeacf2cce

SHA512
d90caed6ea28c8d54531973693df99ca39007d002cd6f819e419ff75dbd75bfcf842553f41681898d6c65bc3227828363275cb006b93a1bb6ff288b36eec8fcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b37609bf9dc55333d2c10f97b805cac8

SHA1
f2ee5fd5bccbd1c417a578b2af6cc0623572c0dc

SHA256
10b04a4898b8df5e4868bf6cd117f14253402d8d21fb9c5135eeb2ebefd6424c

SHA512
ee243caab481a5176494b6b9263fafa21a9ea1c35a2c1eb2e29beed7aa543c36aa06b2fb572c927579dc8cb3b279bfaca6afb974e3fa87579b92d07a8956bf07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f9a63488fd8363bbcb1b64f123b79e3

SHA1
4d7c32a12b077528d30d75f9bdda9634982dc86b

SHA256
91ecbdbc3dd754e7daf801e0757d454a11460ae13d44fe11e06ab5bbf50b5348

SHA512
e0492c77392b2571b35d0163e3f5c8fab8af1c331e3166ffcb917f6f5fde1d8b4c11338ff61e0cf1cdb588d1339a3f4cd0436acf0d7e49ff9a852626adc73b4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75e41f66cb26c8322927b047af38f041

SHA1
e2a0b9d01c1f24fe059c62c80013df0d6b6938e2

SHA256
6d32cf29af4d7575e05fb4cb191ccd115edd39a9f76b3d45d95f65de44718ffd

SHA512
c4362e5ebf522fbe7f0979dfa52bf0812ec6eac0c3ba1ce4d385fdfde238bf234d111cda9ab6e562e41e973b8d5c3bbf763d1b14d7fb32c81bb7d4318c876096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a4d46d04af08ce391773274181d323c

SHA1
493cbb467c9f3a0986fb9850e22130c9437ee22b

SHA256
b39e0b31ee8b8152fb5f184eedf9178d4cadc0f702cb7bdd0f66636e5d598440

SHA512
f6ea913f4ec31b1f145f844f14f8e460bb1c721c5eb0a892fee151ee81b672d433bf6c9130ff8cfb8e17323b0939aa1c1b78a29df46f475f693a2cef7f49f5bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
327e7edd390ce420b809c20182eed007

SHA1
fb1162569eef85460c3170651802885d857508eb

SHA256
6892ed67502cb172d520bf2fc50186b7e2ae6c6aebd0c785f417a286012d2d06

SHA512
d1b53482af30f9b0edf4825c8dd1079f640122687d3fee1b4f4208096b4ad03aed2ec493286ee6e014e9c4a4fdd146a8b029138a6bbf1d9ae2f0724882d15c15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe015b802016bfc613976856330e488b

SHA1
a90edbe13f15eb06c102573c4c0f013038e67057

SHA256
2128f7b10e666def6edc94eea15131a09639a3311ee50d81e7f3aabe888ae9a6

SHA512
35a452e7f63e407a514b0271631548a651dde20c7b45b57b28d5a832c15821b2192379670082e2ed8ccd4a7f28ca1ecbb1451dd2cb730b82f69f1509531cd9b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d8fdf4f44bf580ea9090fdccc9408e4

SHA1
978297cc1399bda5fccb8e11c7b0d613b231026b

SHA256
3721d23f7fb8646f05a2591ec417d4a275b93ed09f1275e1e884c12c92a4c12d

SHA512
e416a6c5d52909c453011aa06b2506a94e05ee6e0f27332cf18d3bb03a08652f752abfd5b38b4653be1cf89fb01360815c5b25728a22ab8d8bf98f3177db73cb

Download Submit