347523ddd87e66a2604d6424f1be379f6d58bc24484686aa94fa0cb9a0dbb1ec

Analysis

max time kernel
122s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28b0e0656fe8f4706da24c7a098951be.html
Size

3KB
MD5

28b0e0656fe8f4706da24c7a098951be
SHA1

c948b0afb9b0b086e7c89974472f51e172ebd87c
SHA256

347523ddd87e66a2604d6424f1be379f6d58bc24484686aa94fa0cb9a0dbb1ec
SHA512

e054614d7c281509665c8ab549d2231b0142856029037a7ddc6118f7f9b90824b9af19e6add6d82a87146e814b2fab23ba0f592cd397ae7867c3d44a06064a92

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F19D6651-A934-11EE-9E63-EE9A2FAC8CC3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa000000000200000000001066000000010000200000003c411463c5a6b81369f7016e3c684942553bba25d7e66ac117578073ca67703e000000000e8000000002000020000000d1d4d7b39e29a0bf0091cddbe9546438201339ee6f5d503a1127e81a6ef95c9b9000000014576ef4d10f227c703ff6b4514eac8955d0882d160401c69eab885cf15542a928328e65b5ad89da360e9c179f19b8199f44c0eba89f1386ec04e6710bae3a906c7989b079441d0f8649d95d101201ca9eb7b3528a20933889df2b1f4f8adcaf88e8951ccaa0aef5ad4cc3c39cfaba31e1c3b5aa0db139f6bcf689c20ee703775f0209212722bce42478864e51c9627a40000000ff4ed360a6793bacd36746d4f61e8497c6015e09f836210811fb2d994584e385c2a1655287a23a95f76861178c58b55ed8cc2f68346dbe935b7efd4e87af033f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410337411"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0edb2d6413dda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000b64abd9e08ee4e5c06fb556c7c83b4eb785fc595983c5ec2d7a9748793fdfd88000000000e80000000020000200000006656fb5b8cace9a3405545a06b5d371dffee9a9cf1a469a916c5926d74e39a1620000000247a6aaaed6c8d6bb8e28d04dfb143d59b2c0fabb4352a29ddf5be00a2093fc3400000007052eec8b284345602d9f37daddd88e84cb25c9804232b883f4892dc3d437f3c2faf705236927f2336c087d8f627c1cd3a09867c7e44950f36a48b163f30a45f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3000	iexplore.exe
3000	iexplore.exe
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1404	3000	iexplore.exe	28
PID 3000 wrote to memory of 1404	3000	iexplore.exe	28
PID 3000 wrote to memory of 1404	3000	iexplore.exe	28
PID 3000 wrote to memory of 1404	3000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\28b0e0656fe8f4706da24c7a098951be.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08e0bce7f74222d3aecbdbe9820318ac

SHA1
bbde25053c256ac36bd89dcb1001d559561bcfa6

SHA256
2c987a95edb71c7efdd759b8d2252ecc2b7289fe4677cf729791c6e9a5c9b29c

SHA512
25acec5015532217118823fb7527cbb0fc8df3410b4b658b8d4a949f81738ba5e0103767e1a9d5a7416be447b648c3abea9b0e4ef1d0913fc2b2c33c36afaf5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a043d13009b149965952a54da33d36d1

SHA1
bf9083c08543975d23302501ff603cf9434bd720

SHA256
c296aa0307251cb7f2f38d889f949b790c60491bef10fdafa0420df5bc2c302a

SHA512
ad8085bdfe2324c341ed1e2bf1615cdb83a44c3d3ddb0ca627b03023b0cb46a06058115daef73facddc4ecda7160eb851dcd88f80c455380c5674d35af565f66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
caa49bdb0d487153443d53e956f1db1a

SHA1
554f57c8c37342a5aa433dccbf8ee8af15ae2f0e

SHA256
1deab06284f1f0fdb37993fe93979238c3346e47083956dfe09e0db12cc5e3fe

SHA512
5babc8bf57bdba3bdc28d4b498d67f7925722cfd2a2ce742ebb1ed859cdebd4f55637fd28645f70fb06e216704abe969e644dab668f544fd0922a6a4bec180bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79c55aa2d7be6f1d06ea8c044716e20e

SHA1
fc455f890a950b114ac5d11f8f014ccb8549b5e5

SHA256
75949dc4edb6f34f583a28ee1324bbbf2638b1cc371a457f3c7353a229e29b8d

SHA512
1e3943846c742a966d5736ae6b8182ac920857a3f1dac3e114ac079401bf3bae83ccc660d38cd48ab670991c80a665d5d7c8f51eff3b25f050a63b72663ab194

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f4a054a58051cbfcaa5a35136e11736

SHA1
6a2bcc3d269439c7f5c147114a271e2dc0e7734b

SHA256
cc17ee935e175f5997288b242707564bee7d6f36a4f82d81bdd7e85088c8f028

SHA512
5aff76be68e4142d1e80505ad4769b9164637564d2cedc7c86f9d47667b05ce209bde9b005f1ab8f81cc964e7b1f231713961255b067c984379ad2dcba841876

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12a1cded823bdc59c3a5effce65414ac

SHA1
9668aa79c6caff832b904d74023832e44e17ec49

SHA256
3ac294aa77c79aef4c97216d5a62791ddf36acf6a81c74a0e9abba07dd18572d

SHA512
6859bd49f491244064c01c211cc33e15a34d88e02eb2a5adc450f21c08b25c17cf2ac22f16788b028572d3894608255e0521929eebd5fb217b77efe4a54d6e3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a83d31a0c5313f474c3904d4c1faaadb

SHA1
8331c830e6ab39aaddcd19010c71fb541d990996

SHA256
b76eadd23e3c30fb1c4efd2fb3fd8c699cb2ea24a52a221e88335032d49a0586

SHA512
30f1bbb00103b936693be3cdd69a3691dd50ef9f698d3a4965c9b8f23914ce94225be2e22c3aefe5e3ebe926e393d2014a7d71f532510aa68996d5c485b1a9d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8115957bfd7493c84269cd82f492b69d

SHA1
8648cc8de3e083dc6fa5a8e98c9730c74298db88

SHA256
379ad92e93109d0e3fe75d9e1a52fea33e96b59c7732d4a91c8bebcc323c12a8

SHA512
cedb1165b33a0036d38765e6dcaaf187c90814f60df92efe63749fb73ffcfa217480270f26a1f1b8534cd94b286a68601341dd0c69c1b005dac104006f7d4be9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2a9f127bb2f8d631540179c41e8d0a6

SHA1
dd6227c448f5c92dec5cd9bd8c0baedd6308fbd3

SHA256
52a57f40139252fcf01c08f7dab8ecd24dff1c9071f005425267fd9ee4c5e285

SHA512
4e7a7f3cae6278d20115e4ec63a94e46c401a73eb80167c85b8e3bbea825f68285c8ffdb03dd8bccc0ab71bd59934ee7606b58fc7809ecf4397a4807006bfbd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b0e8d6a22a52d690d5a6032643f83d8

SHA1
a70c46b644a7ee3c3a9e94a96cd45baee7f251ef

SHA256
fec164f30279fd831a8dc17b24113c91eaf67d55361fb6d9ef555e55e43c1349

SHA512
f9ffc3e2ceb0ff1935a470d6b847bacb2193e6bb7276a2e45379e061279ee29b00d3df20386bcd2af2af5896d067ecee275e8318997b3523bc91445c4416288a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a622e7cf4147ac626868cb8b9701e943

SHA1
48facd791fb92199d97fd91aece14ea86e1b6b6a

SHA256
173868d8de3b0b030384226c219b4c66387e2fd52116e9c28f5ad360da989a5a

SHA512
93df3792c5dfaa645202b7efec4f47a039a40888375581928e392f7d47d1f983fd1a5c35ee9dcfca385595bdf332c61b8e0c4ae7165d2590ab4af03b08f85c30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f927099626e885ca0693478264d0d186

SHA1
0bc87cd40bba66b059ea2efb3e5e46fcac339ac4

SHA256
0993ffe692b9a33ec9211500a024394ac1d4c8cb7efed6d59b7c4156f96715a5

SHA512
65042ed9c2e85db56d81c26b898ee67f9336bc12d8b13e147c8b8c4742ac4acdd98b78ae7b1a586f3d1cc6a0e84d6efdd5ad8cc3893cea39f08eacda98fe0a4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
542ae43e97fbb3a48f2abd8cdd817d99

SHA1
b0ce3493eea31e9f9ac3b2f15489ed5da8ccae27

SHA256
6606c5a0be0b24379db44dd0c23980a9e4a0d3871b568edac0759ee1659de067

SHA512
0cc363fb03cd9ad97bea9d657aaec201d92492a67186fb4cc17a4737d1f381f9cbb6ff686b77aef2ff67207a205ac68d756e209c4067d7fec7e86030a6bd5083

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c917c1f422565f4a44216dda2e05e3d

SHA1
0a3952b1e3ab122f6a7f69d11543cb606155f545

SHA256
ed014ea908b96daa9d6df807af60a6a52aeb4c6c0de1cda8482c731918c1831c

SHA512
7f1a252977c7eaff1ec8e3497175d14589683ef428e99b497d39ef58090dce8ac6dc1c0c053e7b116ab3f5944d997a3a1360938f522680edfb1d81cda71671d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3190d41447d32af996679d01a654c87

SHA1
81e04001a551d2a5d138421579f522462787f912

SHA256
3581dc4cdefbac8540902bd9cd5e9a477eccd57446d01934abd6bf243f45311b

SHA512
5c7a86776403fc197ef2b38c521e4a57ff5f5c812aac4d07677b878e28b99619e2d44e6b63a15f67b8d2b39bdc5e9cbc6518495d80b21ee9d4b2317794da8d2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9793b789b706b9e42940f7fed814534d

SHA1
9fe355095fa2db3650a3546101d8a673adb598cb

SHA256
d34db5f524356db302e870698291f6bc3db68dda3dadfa5f6738636b43e3722b

SHA512
eb378fcc7e7b41eba513fa60233d952022215d2412cdd0eabeb52ae53fc8be17568c7800ea36fe36659ef27afe85cf8efa28fd7da902d271acb4c407cfdb0322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34fda33de9531d93c7355898a0b9ce83

SHA1
133cb5eba69e4083867efc5a730f4e4960a794e7

SHA256
43e2d208812e618df207f3e96a19ed2a8b0f21fa54ea310208f81b4bcb33269d

SHA512
456510e27f1da5b9891d044d75704dd792b2f899f0b94d2e86cf2f5daa4722fb4df00ed55fab1aa511e9a093e35fcca60de5bf16c06ff86ca04b6ebec3b3baa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
376885d4cd146b3b4a85b2f4de3105c2

SHA1
bc59f6666f04d0642c2c2532b056c9611a7d627d

SHA256
ef3bb5b1c15604a7e5ba7201dc14d53c635d4addbd3ec42906d82eb1cbd6d84d

SHA512
24beed6a95b58488cdebe4d8383f1501feac0e113cbae8c6f71b3f083b57fc123d137352ab0abd82e41f33db16224734bf944072fa52e794697f3eaf1a517027

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA64F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA836.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit