761414ddc878e49a76fcc65af3f6f11af1014409977161b2af7145df3ea17f6e

Analysis

max time kernel
1s
max time network
162s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28a045f5b6c64b092b468b5db8feab08.html
Size

432B
MD5

28a045f5b6c64b092b468b5db8feab08
SHA1

2a4f776a1d0519e23bc49d702748f07a0b15c0f0
SHA256

761414ddc878e49a76fcc65af3f6f11af1014409977161b2af7145df3ea17f6e
SHA512

21ae0e9022b75bf47fb0fa933069ebce9f3ca93b7f4708a622784620311769e760fe88088c69878c69567978f18b5677bb85075b67ee1cf215b18bfd9b44666b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 20 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{32245721-A934-11EE-BD5F-6E3D54FB2439} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1656	iexplore.exe
1656	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2848	1656	iexplore.exe	21
PID 1656 wrote to memory of 2848	1656	iexplore.exe	21
PID 1656 wrote to memory of 2848	1656	iexplore.exe	21
PID 1656 wrote to memory of 2848	1656	iexplore.exe	21

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\28a045f5b6c64b092b468b5db8feab08.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d43c43c697528a10a6ac6e590eb44498

SHA1
94cff88d0bb50e485776b2c27d2adfcf69f39df2

SHA256
e734054450f55f5535ba5b4c2521204db980b72182d0de4c4e6be041e2db1182

SHA512
3481b206a03b0108d334a0579596ba4ff7fae9c1461d924936cced72f3da70a9ff6dc9bf77a15f2fcc19741cf49e88cdbf075db94c4a770fdc6dd19f036bd31c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9f19b34ee5745ae6e3790a2bbb75daf

SHA1
084f5b4cc7b2b9824c770b9a10d5b4c5d904d9cc

SHA256
96b6d87d37bc2f5a9449d57ef6c3daa5fdc0867b06e1b80f91d2b5dfd4025ac7

SHA512
1ca2eba6f988259d8f94dc94d1c17c231225460ffe9573598d2fd9c7f7db3e5a56ac1f7dffa8555b3272a9a2f4c671e92e6915e304b6e775de76c767f31940f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d656759668c85f52f862f305ccadcf5f

SHA1
f244bd3fdedd530803bc8eedf41d9845165fe4c6

SHA256
d21e9aa1964c2ba942d946ca2efec9bd52c3b357ffd8376513f09d9bf0a72827

SHA512
9b7537184c6fa42fd86d414c17f71638235f525085083b883ece1b71dc9fc2ab6f189542f6e4baf279719c9dbac12cc54b63f7bcbab66d4c800c6ed306a6c2cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9b5168ee7c6d5b7061781db2bc72c98

SHA1
9ffe766b1d2adbf05b58379d2d16012448423d2f

SHA256
39ef4166216e5becbb87cd67ee1fec64dd4e264ce574a0dae422eeef1df06777

SHA512
4710dcc74532e97d36e1ffacc93ffc49f5109fff491dc4143f118fb12315183d497fdf6cf829871c3856ac43a91ba2391bc19fe6def42ba7abf735c716cf7ed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d92d97c062e45802f4e3c3769d0b36f

SHA1
35c0b0e2e14516cab98ce903f5bcbc6387308d52

SHA256
f596e302da8d70d16f8ba45afa30056f29755eda5ff72068c0097d412b76142c

SHA512
1ae8e8ca788f461f4a6cfa86f048342b12b5086c2e2026d0b304605b807558e5c13afc9b763a30f23e926fab5621c0e6ef4f9415c35ede5969269af5ab549d0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc376ce19d94dd1b6e1c08cbb2d51323

SHA1
75b355909f1406c78be604ba88317c0b5265beef

SHA256
e262d6127e67c2a53ff0aa8902afaeae38973d132e1afd7946ebccfc5a05c6ab

SHA512
26698497674a3c71f0bd81c97e501f490312a269e9bb917217bc3d18ee8fd8801fee966205b14b2f410dff2bbfbc610defb37ee84c95b9b74b4861ec00b4bf8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3683a85c97003435add1918fc07ebe33

SHA1
62cea2d47144d379638c5e06e8b1bec092e5c313

SHA256
85d15c5dd15742e4cff9a090b2b01433fbe033861170d37a216b8e24f0091be0

SHA512
31f06c04073315fb6470da3f2236a73303c678be3da89a329c0d79efccd184d1c07eca5d87cd6ea0350fc4fd165bb1b84dc02ef9c35c090aa2a86310fb0faac6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
834522b0d7b95f7f024f4b6745a896ee

SHA1
3ea1911623e05d4ffe048ebc4c98537dd89eddda

SHA256
c8366aaa275e2485f4823b0d10caf2e34417a00d3bab67070fa5555480fc6081

SHA512
f77b6eb1fc3409d056a0128f93b332c07d31bfeac27bb11fbd4f00139cb3b7830e66bcc8ffb76249e21ea24385647fa31bbc883363b5ada85b9f3cac580fe819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c488ce8bd1cbd528f858675c5d92185

SHA1
00a81c4a4ea55742a5bea6138b2c1166bc281afa

SHA256
e66618097338ce538357fbdc32e2a334d91820c4bcfdf7a3ecbbc75e5b66b456

SHA512
45caf359d232b58b23530aa3c8b5a9db67b27ac1a3075382372585bdcb8b2787f39db75bd8ad09a861f75c5cbac98c13b947e6af25591ed8a1eb535d194722dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f18631cd4868dfb1c652416b82263f1c

SHA1
a073c7637ed4625a45b18aad192ef317e6692173

SHA256
5f1713f0646582a9face337758578a007e5531ced1c2ee1e816828d719f74ad2

SHA512
3b05f321ebd932d5558fcd8be114658f5fb8ea24fc56d749905b0f673d1a24c2f1441a1906a60a32b7cead3898ec1495c23854b791521fcd36e30f9141d637af

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB943.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC4EA.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit