b903901fc21b530404d6f4ca30f240f4bcc1ff32f80a2749d7dc5991bd4fc79e

Analysis

max time kernel
138s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b7b050a6a489dedded18656bd9a7fff.html
Size

4KB
MD5

2b7b050a6a489dedded18656bd9a7fff
SHA1

d9642360d4c6e487283b45abb1ad37f4188cc177
SHA256

b903901fc21b530404d6f4ca30f240f4bcc1ff32f80a2749d7dc5991bd4fc79e
SHA512

bfa4e453d68870ec4cbbf25db89b5e662e3df87660d5bac8a2cb92bb86d02da5a2e8425516c1420d8e066b58c735e6dbe5615dcfcb60a4aa75eed68418bae60c
SSDEEP

96:rf9seakGiwLsvfpFFOxUEKNHvBUqsOeN0Eg9jag0MwpZykYR:rf9FaL7LQFIarvBRlVEg9+g0Mwry

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000aaf7af368394d4905f8e069286b333d8a1cc6e4f9ce9b7bbf98f913006c2bd91000000000e80000000020000200000003a494c0aece247155472855299236fe33dde5d0f29f427834f063d2bae0383cc20000000f5d3d2d5957988e9ae111834b7051bb0901995403a07093293ff65825a649965400000001f7e8da466ca94007c1cf51d18c216a942e6d6261b4755d0315f8000d623266b05a392302b1f61fdc800ecd326a667e4c4a19ecb87b9bd9b46b1639fdbb13301	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410642884"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10b4800e0940da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000e10101e0cc31d73d262b6d5a775f921e1aa8925c5ff48533ad58c745b65f9e3f000000000e800000000200002000000085c56a46b424f706df669dde4e3ac729a3d19732d5ae21189469367b7f49008790000000bbc4a3e554378486cc3ae673a7c95ce8f946cc25f7b5e210dd7da709468da366c3064cfca73c2ba84e88d13edfc31e71f4c68a75914d779f64c1ad09fcfec083745ab6e0793eea19bbcf640216fffc25b9740f25853d774662067776dc348c6ca9280131c53ec38e8d1f61333dcdacd6cdd1b4eda6ac172e73c80137eb51e7747f47a75630433e8d60a8c42ab8655d734000000015abd0f8eb011810d117d09dd7b5a4c94bafa722fb7015bcd14fe386cab4e4d34d74d8e51f3539a961e41ca78059aa1fa535923a59345b9f21036cf0a81f6f2e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{30C6C7D1-ABFC-11EE-9D5A-6A53A263E8F2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2436	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2436	iexplore.exe
2436	iexplore.exe
1464	IEXPLORE.EXE
1464	IEXPLORE.EXE
1464	IEXPLORE.EXE
1464	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 1464	2436	iexplore.exe	28
PID 2436 wrote to memory of 1464	2436	iexplore.exe	28
PID 2436 wrote to memory of 1464	2436	iexplore.exe	28
PID 2436 wrote to memory of 1464	2436	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2b7b050a6a489dedded18656bd9a7fff.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2d864658971a0435bf64b1d13db2c75

SHA1
4bde8eda762ba1c15fd74fbc524356c5f5311036

SHA256
0a44ce73b46fc009e1470186cb920868cc3196bb269d74e0ab327978c86d7ebf

SHA512
f5290eabde1c19f7bf4b106f0e1964c42f9894b39a7d84085f52810251d718cd26695d6fb0a8fb3f49bf7e682246582dd95358e1a3f9a352c04290d69e1774b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7edd5b659266e829d711e0597d124479

SHA1
a203e815bf9b576cd0f2b4404f54545953b37bc2

SHA256
280bc779a952e728c278b1c4e65cfb26a639ecd65a00a5527d80fccea914c32b

SHA512
2429052a3c71f3ef00e1f51fe78f43d505568c45c87eab026509e11d61218427e3adaa54c7792ccc38da10679a12a83d9731db186b37c85eba9de1e65cd6970a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9222fcf6dda052571613a9c2e668a553

SHA1
a99302e397c251b87a81ccf86cca6fe8437dc616

SHA256
2fe9c4f89048576792f764ae1f3d1fe3ceee6e2aa24fa8123e39468adeb7bd6a

SHA512
09e19d0e3ac694c6fb6a9341d2a423f077f904f0d516e7bd8eabee4e048f77a109e3db4cc35b535755309d7c1521b2903cb5b5c4d24e5473ee39e16e5fdc2cc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7696d2804744017daa1c4cc241d02e6c

SHA1
880f632e6fed4d3ebd1dca999b336faf7af39d63

SHA256
fa344675a7cafca087cfc90d8614969b26da5e3a4992c0503eb3ee1f5587f7c3

SHA512
9812f1cf2ad7ec46612898a5242ecbb8ca0a4f70d0c55340d83d8682298708deb8558c02ba7a0124cf8170f6027d89d0c24b2a143f0adc005757b7f9decf8111

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7ffe499faa487484cc5ab60a8d5e9d2

SHA1
600679f145c832aa95f7b21e1adfd03f182ba45f

SHA256
bc868bd3fb97ababe07dea10050f443d2ec5589d4fd96827b3eda3cd2e83475f

SHA512
e35989e8773410a501e31720e8379b744b28e5a036b224e334583a6aa0c90873a9c08e0389e5b52a81a00fdf923ef4482b8dc19fd30c73ac329f4fd8983c6ef7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bdfc30e889737bcb010d893a3321108

SHA1
6cfc7cf8118fa7d5926c36aa8c37dfdc6911f862

SHA256
97db1485fbcd32df5d187e7d0bff1993932c64ddaff03eec02ef39fe3bda52b5

SHA512
f3588cb6fdc0dd8f0b56e87481de80db83005de468a3405fca23bcba04367dc5fdaadcf4e8a9a81c060647bde2e773a589b6ac7bf953cf6b270af3434d22ade7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fed43b783d9257e46c8ede6ba49448a

SHA1
3924996a52fefb81324574a996f19a07dbc1b049

SHA256
ef5dca00d083e8fb7da75d495ea3270561a310edc5fc1ed833cfc7d7124509a6

SHA512
86c8259511fbd8593a0dba4f104d1d63acf306db4dbf13cd24ad3052469302b07247f6772579fe81b0f2ec2e90f51d5da9bcc3f9d4cc4936f8b9f1c023154629

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3171771c88191b9f99ce45934ec6118

SHA1
5a250f6a322aa776726d1d625fcdf89499923bd1

SHA256
c0b7f696f70faec3964a360195f3b2a693d8311f7ec3ae4c173f9239f3807b99

SHA512
6bf33dd6350f7041795317d74c19daf9f01c81719098664d54b1afa6e84221c5eef33be6bbac2be2a854e061cca49056130d8af27d62299c2c70922203b6e6f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed09e9b107d91c4c68ee5ff18b4fdc37

SHA1
a3fe958f54479e9a8f342819621c209157383fbe

SHA256
f017d18952450f0ea65cbb49440db14b4a59b73a8836c8c06f9d4911af135241

SHA512
72a8a1cc5c22ff4ab44d4aa8fdc8fc9951d0fa8927ed13543bf376b9b65bc0032f64ac7a1867cbf6aaf68c1514a9798bce6da3c1465875534305951bdf5b4a3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63f4206a947ae0b38854f06358166733

SHA1
b7331cf5f14075b6fad337016b2e051e5318ed88

SHA256
b3f98721f500a0eba244805480284ffbb759e52bccc6ee392a5a785ec9cb616e

SHA512
9e0cda1c7117823b423ecf6bc88be05b5736bd6e9858cf72f24c1535636bdfd5495c47284fd38f26c512d8c67b706b82898ae4235056aefd8f156bf6bc6d396f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc45b8aa9cb6c20612ebbf6389a363e6

SHA1
9de9784059af3eefd4f8b84203fd327bf916d92e

SHA256
b5b84e6be7bb1c8ba63712b7686bb001ecfc8005ef225e669fec44abb9b915c0

SHA512
51b59edcd7b6bbea99d111531f455751d573ac9a7bba08ae0b00e341c3768b8810f189b6f32d7a8f38bd4d14ba841208940539c87e4bc5add5bf1ed1629bc633

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb6ed3a92ee3cb81d5bc13bd4d38e96f

SHA1
0a6d6d409e09188a57333cbae74cb43cee0e9a2b

SHA256
c2aa96a900884d0fb05bd891124b96bdbe5172d5032aa4489be7c8cdd6970326

SHA512
f1996f2f1897d23ab70e48b6f7d8363e4c53f5f7af6ceeadd33be54106a63c225470148e1fd1011abea8de5eae7e1b6e90b715e9cc8d64f2906e6e2a72c123b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ae0889299747c3e5c814a90fb517b74

SHA1
82f7082b5bbca57ccaaa4c82205d99e21a41b9de

SHA256
e316a3f1b3e70304525b95513e170afa8e8c972f17ca90faea7e61f35fc2680b

SHA512
b112be31dc88b675203f2dbd9e71325ceacfbd67d5db0a261e90a6c293a32917f4666594a3488fbc0d70f7a8105877f0f354ad023fb9fe937c3ec014ccdc8e67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfad96d2949826f020774abfb3337bee

SHA1
20310bf2f076284583782f80090af6914c724c19

SHA256
840393154d6674f09f8b57a0c498d5cc3dab60d350165556438652f975497ccd

SHA512
8c58720bde93774578138625e904e075bef83b81abdae258ce654af721ed94436317a4425056d635dd0815f117c3f88a1910b5abee48201071c000608e9e6932

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad60c30bc9a24e2623ce961933a13a6b

SHA1
7f1f3ce81339616fc46f1826d8f0b39ac9b7a28c

SHA256
ddc39bb8004e6bbac453fde7a5cb429bf20df8e76ce242f49c833dcce8069602

SHA512
5740743dd5be2f2cb30a3c0732e27d3b8139540e1126ef932bd0d38616b1f5d6a8f013ac009bc42fdae3a6a9b3a7ca67f9dedd6fc3da1e5ac2bb75974fe655d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2532ccf690c142f24d0d607cfdbc9abe

SHA1
e92d5e94cd376b2abacc927b8eb895faae3cac51

SHA256
e81fcf66d2ab9a889a1f27dd25836dba8b8c4e8d92aabe19ffe8e984217759f2

SHA512
52695915808599eec3f8f40c22840a1337a8f99a6405e299907baf2d6af6a7bfd9ed5ec98d5cd9cf2987dd10c6ee29bb3c5652e323315826d39b2f5eda3d82bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9528fbd788ef55a66e75680fae57aabf

SHA1
b8d48949464948ee2bedfc018286b55c1b9e299a

SHA256
95202a1e258896ef4532a32239ecf060eeb0b2b88ff8b696b6e0c92e192749b2

SHA512
22600e02ce48fdcfb2e1c165662a0615760e616d2f3c67188180d2f8640b6af7f240be561691e5d420c790a569a5073ceea04a5783bf5fbf86bf8da66a6b20ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9CFD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9D5D.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit