8fc9483c075e6080344657bc50fd935127ce02626a1c6cead15e1e44ebf7b698

Analysis

max time kernel
83s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2b116a91433a6c322df9609493b6f159.html
Size

72KB
MD5

2b116a91433a6c322df9609493b6f159
SHA1

71d9413920d9f945e191243e0acb1008c69bd07f
SHA256

8fc9483c075e6080344657bc50fd935127ce02626a1c6cead15e1e44ebf7b698
SHA512

23b10694a5cb3e6e8de2c79b99048b25f730193ed6411979fbcb6aadb7be7a8c5d1e6ffa5b5c6ff3d322fb0e31feacd84c8e8e927bb9b7e88dcd31e1099a0c94
SSDEEP

1536:SWbMJLuPAFK99CRtzjyBMyLImq+M9MFFeIx0LE5meeje1Z45vy4wVk4O4AnWLmjh:SWbMJLuPAFK99CjcLInqhmvY4yOooB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39C5AD21-A953-11EE-91A2-464D43A133DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410350420"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2212	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2212	iexplore.exe
2212	iexplore.exe
1476	IEXPLORE.EXE
1476	IEXPLORE.EXE
1476	IEXPLORE.EXE
1476	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1476	2212	iexplore.exe	18
PID 2212 wrote to memory of 1476	2212	iexplore.exe	18
PID 2212 wrote to memory of 1476	2212	iexplore.exe	18
PID 2212 wrote to memory of 1476	2212	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2b116a91433a6c322df9609493b6f159.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b494bea760280cfbda14010470d74343

SHA1
4456dd51b7b6189ca8d23da310538b77a2b39bef

SHA256
94eaca3bdab4e0bb5f3dfa2c78882d0f1d10a30b4938f5e8c531e96022c9b542

SHA512
a41b00714b49bb556ed017fe670cd9c77ed3b08472b3b7ff485af6c98aa4ae8d1a81b6875e8a6e138669f7dc0dc772977a13822fe3dd5f6f2521318fcf3c645c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3fd5478bd36fcd30d3ea701df59dd19

SHA1
d1185093d86dd5603d1c66925275e01f66ce6dbf

SHA256
824fa9b79c95eea6873203b6f995290aa1240bb02459d0883ae3486481e9946c

SHA512
01cbe32dda1cb593eafab798c40a5158fed82f5c420c81594f9640adfb42fb485ab1bd72ecef6f051a171e27b50c103a32c9259c28b703012a861aa014163079

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00bb59ef65194e2118228b2607301833

SHA1
e1e126d28716517118cdf49170e2ec980c4f58b8

SHA256
87ce900c2fd4f6caaa00edb5d3ea420df5fcd5000e980e0fc3fb6d2e8f911e18

SHA512
445ae478e2412b3211fd7f70cbd94a5e2a32e2ed4ed942ef3b67ab55f4a160bc8997bb124945e4ecc4a0c356e20e3c86b7f1ebb559633b0df64a49421a648272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5800bf23c767f0d2fffe7dcadea8b684

SHA1
6563032f6fa9eed6c54e740df8b05abead6ecf46

SHA256
1fc3ce3babb3e88197f6cb7856e0111cb5fa65356964f4d05a75295955045e74

SHA512
a55a24c13b597e3b21e71a5aeee9f5b8703c8b67282223afe521473d476943321bdafb713d981cacb6956bbb6e02cb9eae6f9dacfbcf9a1ea5f2f23cbc4e0c9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b18caf300934653407a26df3d27dac31

SHA1
92f4d202f2121e3b8126070727cbd3961f0ed0bc

SHA256
e9f54401f40fbcc301b48065d97a30e627f7cc11bbe3f12a3a314f8aaefbc664

SHA512
53395fe618b83920586d54842e212428951d972578d7104637d691e9b380b61b119f65caa25c70d48a2dc4d8e8663b1e8625e400fd320024794c267a3d414ccd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
657da750949608da80af004ae9acf59c

SHA1
6fd6300327c5a9be50021e60a1e4edba282b27dd

SHA256
cb7e868ff2b23e354cbbc99971b8b1176f560705a6ffbac715fae5af12501688

SHA512
75f91905ff0394350fca0bc8fc319c0f089b8e3d8d8ff0a449a56f9f0921bb9c21dd925f44fac584672baa1e6a4ff9e78ce08abdcd68ea3a02d8f237e0610c9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b52149548d67a194b3b31477ea35c09

SHA1
8225ba1d229eab8380d75d3cddf5f37a7895aebb

SHA256
b26c610714db6000f68e2eb189080425a1de2d605767e856cca330848de5e60d

SHA512
cf7f79f52a9f06bccf8ff988fa2d63cac53ce82672755465fd3707bf93217b48bb1a8f5742a8860da14486a9fd25717dca4cecaa5a1fca55638374d417975f71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
685eef03c3d2774e9fd35e54d3053d5a

SHA1
a57d96ba640e3481c78d830422cc6a6716db82fb

SHA256
f2892967ebb24b737aaca58d1943895f597585478d195c7fb6dcf2ee496c3d82

SHA512
4a5721077b47a8ca542351ee1b4e5e0a0b270a36fcbc48102ee433965fe96cc20203fd5d0709bbe870ad04dc69bd6cb65cce9f4c113af1199f0083407d4e12ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c44449bb7bf14155c12d3f78fa64b63

SHA1
aef8c384548be1d8b248f565edcc6cd75bf64e73

SHA256
b710c1fa79587cc8dfba7a4d3aa323f9ccbaa2bac220682c554f4a7ce41fc361

SHA512
64587ddb35e5361c85645df3de70c4859612750a561df6eb36f75f775026ff1f89b272e3578e32200f1a02f332a991efd104d76b669abd2d4f8882f073e1aa85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ddb4c3e125fc2036fcad70118a89bb9

SHA1
c03f03dbab9fab88d4874f04013371aa462d5bec

SHA256
954ec8ac543e66a762813cb76df45be45be3e87c14a1ab18a0541398b31e7bd5

SHA512
e6ca37bf2501d8ed1b7df724c1f902eaf6e11814ea36895554639f2c4dcd0c98c8dc49550c74ed13d66b174335cd4bd485a2b067097ccb758c760f5f42f485f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee239217b2da6fcf7ef889ec3e229955

SHA1
4c0804be6dd266e999cb430bd7257d7f72a9ab7f

SHA256
eeafd0a4943eb0c2bf4ad33b1b6f3454df1a78227ba41e6da00335a651c466a8

SHA512
fbd7574fc620a5a0380db774f697e75d0ba824e00e1c570c8cbd0306e05fac902b16caaea45f533bdf1b477786dce1b0113ca243b1c5aedbf5edfd9dd9205bc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0db3bda8bde878dc8fbf977227e0a5d7

SHA1
3a7c2ca44199467f611a977ecfb0af07b3365a20

SHA256
1dba8243e123de50aac0c24d339efb084eda75aa09534c13625a23a7efe80362

SHA512
809be396059a1102317044983f2c842bfe295850b9b26f37f234ce6401dbacb890a53ebd7d065ab40483305a09716972f56dc2a15e134007f4becbb91dd9b0d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e90a2488f942352e00711ca12403a88

SHA1
59e77c19e7662be2c696759cc06b15df8d6c1778

SHA256
b3164b7eeafd4b0cb03d89be93edb35b7f646631dfbada01f88c069a5cba671d

SHA512
ce1ccfcedc13d3d3e6590e42a17dc33796dac0f4bda88434bd6db5324494d5b62c8a4453dbcee97b5b8acd17259dd9572e661ad673e050c46bdb4a55b4afe804

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46ff56fd27297aad45e5b0eda536bdb0

SHA1
a4a1a8618bfe121c62244e0709d24f8348d54c00

SHA256
823492e4a14b919cb53dd26a047c67a44f3cc2586a4c8510291bd92e4bbf6e33

SHA512
f8126baf18107643fc3402050307697fa96ee4e5698be0e0d8b2c2461d375d85aa280070699864b959a4789d87a6f37aba2656a8848493c69b430e0e51a88f92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d70c8aea599a10a086b8d8c4b120f8da

SHA1
00f60c3a31ed4f58556af6e759f24b2dc09658c3

SHA256
068e7082abbde3b663a968a0829fcac518830a3c28fc5f4a43c44924ca050982

SHA512
4832b2bec3e36515c5d1fcdf237c556cc86d325deb7cbfb92c178262a347d323f036801e39ba92ef7a76a8c5f3aa8f928c641ffb8ca34a5cf42594c7284a9ede

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b080dbf052dcfa125113ed246f9932ed

SHA1
fd13cb7b468ff92eca58f2df52b8128b4d85c386

SHA256
a2dee9c592bbcdcec86ed57d4b8aacf6c49899f9a53b25d755af8d20ad4d3fba

SHA512
acd4ae312c1847b07bddfc3c4127302c5089d93b2ee54258c65dfbd1f81bcbbdc5f71a8ae26f490a267b6b0c4958f054de9d061624c5f38232d1d0d4b81bf761

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3eb9bc6c355cb884d49a601986a82004

SHA1
9850b775e3bf55007c8ab79383f3a0fb93692f80

SHA256
2a624a0e9f1e29d8428def7a48fcd33faf6ffdf981266d0cbfd144d391b9bc30

SHA512
3975d0567a7bd0bb147a8e112a4281c814d2a84e0551ae3663dbc9c251ec45afae0a5c5760a9b0403962accf5168f3ee6594969ec64536443be7f49359c29660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c830b61700bcc96ca1acd4e337c9b292

SHA1
0aed4729c51fd987e06b7b330d09ee0c0e9d1094

SHA256
c54b1f667040df4b14adcf460cca090db5c1800639e49ea39c37c81786feab4f

SHA512
99022f54f2bea4b17c7c8fdc0d461ff94b55297431e19107942ac4fecbfab7b4292aea243ff77ccb9627e7cef266eaf167ca18001d2a08c8d20c7d712534c73f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ccf644779762128af7525a1c3347ad0

SHA1
72d9dc7599fe57cb269a2c7950d2b8d781580633

SHA256
f21423cdc94401fd1c460cdef29ce89ff0e1cbefdd245091ed7971ef8a3b88c3

SHA512
c17376640dc19af1052f34504d9661afd18b1e03ec5fa3c4860774d5a7f0da77a064ff9c0c416d6d0bef9d06c5d6fabb32c67a6fef2093cc80ff7009c3909155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSNXCBKV\caf[1].js

Filesize
145KB

MD5
6a369df28c0c4bae5368d75f8e04955e

SHA1
68de1a1444e8edb7dd0eb6bd5d53fe7a20e06c03

SHA256
c06c785d2b1f0f8f13ac51b9d00784afa6ffa2952c7dc4af8632ff9a093883be

SHA512
c10dbc22d8c059facea79fa877dc86d1bff01081c82aae6947edadc50fa720a080a5e8457e30fdc71a012a95f9c7909542f2d49bd7361b3d80994c05b1d6208e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1EBDLS6\caf[1].js

Filesize
92KB

MD5
48b9782f9474963b05263166b1123672

SHA1
d67e73e21b565282db1e6d596363286a3f9fb231

SHA256
27f54bf7b57a0237a0c0c2b409e7272d3f43f9e744758637f9b5d09be1726d1b

SHA512
835639cb4ebef800b6e1fbf92d55ad89509a65973eb34f67f150d3c2b9529dd5835248d69212d952f4a26deb6b5421c126f10cd9fcad4bf43001950794170791

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab207C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar217A.tmp

Filesize
98KB

MD5
371aef904c2a44b47aeefa7c5bb3312d

SHA1
b1058296c351474166e45ea27423122bb191efc3

SHA256
0836be0716e46b765bc8c79b573e98af6e058dcd5ef6a6f38e29f30b7ad77ad4

SHA512
8a40153454ad5319c7e5c6c5e6d818a483bdb3bd4a7d250359e8d393ff87378a384ff007a80ee9ed76243f83a7db1662f3b0d5c7debfe704fff8e724f7886812

Download Submit