de7db242ad12d7e54b480db8bf19195563b25b226de81caf23f985fd1ccfba39

Analysis

max time kernel
35s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

296ba70be845b29715bdef743c8521a2.html
Size

47KB
MD5

296ba70be845b29715bdef743c8521a2
SHA1

038837484bdcd6bca860a2bfb4f9c6caeb7c8f65
SHA256

de7db242ad12d7e54b480db8bf19195563b25b226de81caf23f985fd1ccfba39
SHA512

3f166e0c039661b6bcbf8c70f9f46ef07e558d4042abde719f5c6a4b5afaddc19fb559b60bfe739fe3ebf5975bf95119e500f6c7d4d13f213c0f7dd49a35b694
SSDEEP

768:/7qoT0EipBPGoK+yLKajeKzb0nm531HBdYsNnUiiT:/ZTupBPGoKZkKzb0nm53NBdbN0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5427D791-ABDF-11EE-B9A1-EE87AAC3DDB6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2232	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2232	iexplore.exe
2232	iexplore.exe
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2240	2232	iexplore.exe	16
PID 2232 wrote to memory of 2240	2232	iexplore.exe	16
PID 2232 wrote to memory of 2240	2232	iexplore.exe	16
PID 2232 wrote to memory of 2240	2232	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\296ba70be845b29715bdef743c8521a2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
2b7aa1dabc1cc4ac63aa9eb7dfa27f16

SHA1
97c1935e7502dafe85a515ef4357684b3b60f6ad

SHA256
63a2f67f885e4edcdcfe26fa01f8c160a7a4ec776dd2783185476921828a4ec4

SHA512
ecadd9a2f929a18446d33ab3593e0be03c75e4c8cd2039270d3825771a6cfb8261217c00e9c1310e54ce4e0ee3db08431544bb0902b3d5896c09c2fe1fefcaf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

Filesize
176B

MD5
804ba0d477538108f0ae63ff1ce723f0

SHA1
e8db0bdeee48273e8d1c689fac1ddbf20d11b9e0

SHA256
3e5e1a88346295db5d77c1a7a96badd60b65141f6c3462da0715fcd5abb070dc

SHA512
366560263947a480b540a719cb2e6866e946dd7198896b43abb957dfb567ce57e9ac2f375b43f8ad0d3f871d392b019e28cbe6714ae5d20f49dff5a0c4daeff9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a0d1b5b555609088454ca3de08ce64a

SHA1
9e351e96934fad5be9312a0632b9977f3958db19

SHA256
c0943fb30f52028d22db0f6f70d0c5e13ec5727c3fd28367c17168f78d9dab44

SHA512
26ed6e8850950d444daee120e414eddd808f319835def4ea60d586b14b1a03b1883151a2a36d8b09eb6d8ba41a836b052fd11a1ed3d11afaf460ee96b64c3e08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b65417d4f231abb42b77c69e1d2af943

SHA1
a957b75845103f5246b6da90799c19a00691561e

SHA256
23902a7f820ffaac90f98cc7545f1541ac32fd85aec51bca69d94bd055c89fb6

SHA512
553ef451aafebb49c4eec72ff3c059a35de0fd029d28aff9469e59c443b4174cffb97a54488cd8f9c04acac48f921ed5f01c7009fcf371f97a2a7f4de7cd5832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd937ff8fff2cc0690067b444020f1b3

SHA1
ce5f1490f56a1c0323f19cc02111570038df6198

SHA256
18e248c3853755043bd6e423febb9a6bcc2ddd342303b181ba227520205ae274

SHA512
7dfb53a05a40c3527b7291255f65f863104405ea30a5ac6a1fbf1dce7823124209cb322b0ef53e36f97d1ed10893e44067cba535283164141a4c375b3149f7ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66be2287faaa1db7676832bebb13500f

SHA1
fc3fb8bf2ef57c9db6b4b03361595ca1f2d9dad7

SHA256
d0fead0af35545a6f49e67fee2e114169cbb65aa922c9b26ca9039eb7b664d24

SHA512
2e82db4dcdf08fac3733107ada3bb50bdfd7646f7cff01ae5aa8581b55ec8b567f8586560a9f3cf7afcefb831f1b01490e6508444e8a343d9af65c1fd408da7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b60ea68906250b7d110ca04fc06f8d61

SHA1
332000b07a7b08c6743fbc633fda23272ea6de6a

SHA256
c5b6bb6d25dec7739916820b51c6ede4a88a85ff692006f3869595e2d0692769

SHA512
d3ca9c594fc695acddffe4c9e020c9eda4594eb2fe3ce6fc40553214fa0f271ac175367fa488a21ef86d552d0f676a2c2167a9944463748df357921a636f34fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dc6be698634790a7d7dd9442ef700a9

SHA1
01339ec86e2d39f07f368e5756126b39fce883cc

SHA256
6dbb68599a9481cce22f939b75ae0e704c76c4583332e718ee133401d1d6836e

SHA512
30e0f65d85d8bc354c136f7a242a3df270fa8ab51256795294e1244d05e537c0824044090f4c9dd4aa2550e4f70eeabde8b540d328cb4f2fa262fee1aac1a741

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4283371fdad2c8e8e8c813b3ff472fc0

SHA1
a572ed2f8411c4fe1780cdc2b6c4239fab9921ed

SHA256
988c9870a9d3967e50ddb250720cdab66921b48aaa72cdbb93ae27d51e198b29

SHA512
e21f590f6ef3aa0e576a72e5809815bc634755becc4920730a83019c1138d432c16d6dcc546ab530dde6271a05d2552a1b9ba2283046b3b9023a633e56e59c1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
daf7697c654d4f9f4b09d12dad09fa10

SHA1
c2764fb72e76efff63315dd1ef089abaac27f987

SHA256
1d2718d831c8a21d73fbcbaa8168151bf6e485bc0664913ab80a3b94ea7ebeb8

SHA512
b12c932038fe64d85ae43aa9d4bdcd18efb8fc0424e6bc16135989180b2f431b658b62d9b41b82563ec1e7364a527f146d1d02ec6563093385479b83f46c642f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d95f3ad5b541d4f9d78ba23a08f5f8ab

SHA1
76b91f8b7b0596d1f061f5a25ca7fc8e69513548

SHA256
4eaf06a4cce69f997dccd66657b43bebe219bf6f68929c43692085c1431f93be

SHA512
b5ab27d8fd4500ba05c7d8d32fb3fb37e9d96a7c052824184aa21d3400fd0ba3d16f0fa0e67a1edc0fee34ed9f124647ec7b7a7dcdeb9e37d83b6d756587462d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3V5KB0Y\cb=gapi[1].js

Filesize
133KB

MD5
288c5ba5b7001fe841c32f690f62cc93

SHA1
29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

SHA256
c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

SHA512
e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3V5KB0Y\plusone[1].js

Filesize
56KB

MD5
1944af3661da46249991197817b6cd8b

SHA1
f952df40ec79fafc7c798f37aff92878977376ed

SHA256
63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5

SHA512
0bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1328.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit