0113c83304f1c00b8d42da2328810e8cc48b1a8f8dc275355a470aaf84526813

Analysis

max time kernel
0s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d30f705aff7c4fc6c39ebeaf8dc984c.html
Size

11KB
MD5

2d30f705aff7c4fc6c39ebeaf8dc984c
SHA1

30ca10edf2ded934b6b4d7e93ec4e66c32a93443
SHA256

0113c83304f1c00b8d42da2328810e8cc48b1a8f8dc275355a470aaf84526813
SHA512

962ccedddfa8ebd043c77d0439436f4a00bc8e27b10336b1d6ab79d1b0ebdb00b04e358f7f44e11b7a4876c65a8692d5ac4010878d8e414b508bfa7f627cd0e0
SSDEEP

192:ln8uqnGDSSW0nqR6sgw5DycUPcK/zwoRZupOKdJIE3EZcAKvmwZpU4c2CeAavfaE:ln8uqnGDnW0qR6sgw5DVUPcK/zwoRcpx

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{49F39591-AF43-11EE-9610-464D43A133DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2476	iexplore.exe
2476	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2004	2476	iexplore.exe	15
PID 2476 wrote to memory of 2004	2476	iexplore.exe	15
PID 2476 wrote to memory of 2004	2476	iexplore.exe	15
PID 2476 wrote to memory of 2004	2476	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d30f705aff7c4fc6c39ebeaf8dc984c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
  2⤵
  PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
732daca8ec63cc4cc69511cc42e45c8f

SHA1
4f80e722070dd0ca21b4c1442ff96a171364f765

SHA256
567ec132777b47acc66ccb53f8fff7373b6d4ebd16e0e5dae9f069f8b24f3bd4

SHA512
cab7c4df2a92d8b32b830ef7f35d4df8952a61e73358e722ef760f872e308e25ef8e69fa430f70455020b50f178fbfb6551d36c2702eaa8fc36f109d396e2779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3d0854d8eed945a7a3cf80a3a1da319

SHA1
66757d840434a25f5265cb916703edcb9573a135

SHA256
a176db1ce8952cecf3eeb9b63f017d9d4b0818b6913d761e9ab5a44ff7fe0c60

SHA512
516a059b13b59c26bbaf345b764b3ded5545c9ce532d29e5ccda76dcfab122d9f46360b3d1871e52ed86442f55684b1b8899a6e3fce01e8db592d64c52ad2c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e51855f36898ee2f2499b7d17ad2545

SHA1
6f761351e3cf1e05ba9fa8e4b257eaa9aaa7a45d

SHA256
0d58790c5f49d868e6316337b76451a829bf4bc5d1f2a9673b9130fc704c8c1e

SHA512
73269492790c22386fb1c8ebd651ec0d63ad832d7e71f476342d815b99a23c3d261339eb3cd0b218fab8473e57d91a144223ffe36ad17e74f9fcb8a7fe4a1573

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dd83fabc873cff4dde32f2f24a83538

SHA1
3bffe4a27671dd25f923099f35fd8259257738bd

SHA256
a4e15d3e155be923c5fbfab752fc2eebfcbe8219b1c4d5328e0a929a7db8d372

SHA512
120b3cbcbde40bd1d1a96aad0b09dffc9064d7e24f98376b0b9ae9e54c359fdfff368e54c77e0c6cc3665a3ec714e135bd27fd9103426ed77eb1b7b261846806

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee01cb7ef231b49f55ab2174e9d33152

SHA1
2f9713c9c2ef829ccd99bc3be3a2c6cf9d2c73c0

SHA256
acfac53be2222d7351183ab5db9b20a1f0c264eac66a20077c2439e06a7be4f5

SHA512
72582096f99b919a0444e9a5c537e2e682e1fd1e79fdd52c74a2cc2af0c5a8a5f80915dc3874ee17d4cd7a77c637f3861a11377982f9a49ac2a1cd664d38345a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84ef158bec85caad73df6f1b84d4a99c

SHA1
f618a1fe815faf1ba86eff572a4481189d2bb377

SHA256
e187bfb9cf1f48b3b5cd22f2029c2073cf113de462de8a9ca74a73e60de5b4ee

SHA512
d720c0a18c69df42730d0c6a8a74369621cfa3b55b30b4711629671c955ae5616b39778de362112817dbbc47966d2f84b7b88ba4982f9ad8a9ccc559025b5bdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83effa57b24afcb20578926207862cfa

SHA1
d5e9573d8048d8f8122487bfc58d801cb81834cc

SHA256
f3eb8f5dd507a90927b1905eda4e4a608675ba25faba33d4a3bed8840158ce43

SHA512
57adb306b5e32e350d8347b6691350fb5c89e097938f797bff4dfe884e4351a8551de900dc4c8d7a588e7e0b1a7c20bf488e9f286ae20d70e86f7cc93f2a5abd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46b83b522dbb9859d5531bdc230df274

SHA1
4f3486bbd0d2ac0205c6ca2af2ddc75b00ea3244

SHA256
494fcfb01c3d8a22193d559c21012e456702524bd7c1629fe0bde45be0b54965

SHA512
b136ddd08c0243181baf32333e77e17bed0c37ea6c6cd1b79c43b88251db3a8cdbd1631778a1e7049451c1de76579d19c57c5ceeb869a7299f35fcfb35c52c9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2995aa61ceb4dcd4b8cd0e27bc0b7f6c

SHA1
6814d38651b58dd28935b3ab23158f8be1b2595c

SHA256
88a4e68319836297874b8452ea295a242648849f0f8f20e744d9d415b343c8d5

SHA512
e6be96a707bd116b20e77374cc5bdd1b433e6ac2d4d2b4d03946187ccf08a0fd8da70bffd2d133524c3266cd5aa45fd4a23e925af8f74e47867d2c90d66b43f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b260d4b7e66f0a98f68667466836784

SHA1
a02dc061855a7f5dd493cce8873a06dbed0dcd25

SHA256
5c9b9e681761af509801c95622912d363d818a219f817cf2120a21cce67828e6

SHA512
620900276c992a37743d2b0406ab3526064d4b2a5de1871afccdd16e319b0913fb7bf30845c30910e77a60288d124b9d0b6024961f3107db06ceecb721aa5dee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17c1dca99af09813b13aa533fcf3b32e

SHA1
0b1db12b2fbeb9bbcba64c08be65084e7c27a666

SHA256
8f4e1216ddef10fa4c6357d8f509f04c660a8e353b8565d4685bfad3e108d635

SHA512
c8574e8bc8624668669bf96f68532a491e8d5be696b8bca985e13f4e384ddddbb268cec8544853548d1847b03bf5655f3e9791f13017e378112e7421462787c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7373dc6994648bd713693daaba33384

SHA1
2faa2a0511f9047b7fa46db105db05cb9c87f826

SHA256
0b22a51e9be0de30773677e1c250c2a59563ff28e452d43efc9d204211db6190

SHA512
6493b1f0ec8a5bd27095d6ad5aa15a9739010c227b7d2e5c0191d26a21aaa95bbeb3f16345c6aa1563e8ca99e101d12e0fcd05a50a692b0ee40e270209532817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f85d41ea2a03694ecd95fdb865818fa6

SHA1
f5f5c381b7032616823de9a1ae1a2b4b7241d2fc

SHA256
873cb0e7f0c8dc16ba3b9c4398e8b80c5d96c269f3ffee04ca6d35e5758184f8

SHA512
3b7cb2e611a8efa32474ac025a03d85c3a6e882cacbacaf939693cd9b9c717038a392d5f61e167713fb8df8cf6974c882154400f8def959e511ac5bf6347ec15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07401b412115f8c427c695561cdb3a8b

SHA1
d8949d564979d5e1f69abd9f711caa13f01b4de2

SHA256
6f84788a2f674b97a712afb2468572694e1b73f3d3042ee0279a48bd05f23575

SHA512
d8751daa3e29c5fad27462a740f7889e291f0b7662687b3a0369690f4cdcce835393d27b04b31febec156fbac87cd70671ab0c24aa75b9a98b52a43d8b1696c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8cb0f3fe86faff5ef2c4d45782f7a0ba

SHA1
2a08156cd5b1e4dc96be886205a5ae9a898706d7

SHA256
6d4601d20fb02222dc0113b6b14b053efc6e84b4c5377249525ae046693fb691

SHA512
4db10fcf274a9183056fb803e0b2d37ff160507b02f8e04d4638b321928fd370faf178e83a8a8e71af8f30757580a3b115da6ae0396a49ff8f079776ed9f6222

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d359d6d71167a268daf106b9670116cc

SHA1
7ab0b2383cb68f9a49a9b3bf005b90e58fd67211

SHA256
31c4d8df675add4b7d47c386c344bd4d7eef96acfdc6fc1ba9bd41650ee4ae9c

SHA512
066e6f42370dae5521a246ff898349013779f17cf31bf053ca7c71d0e9177275e993c62591bda641c69aaf544d792c6dbfeda3b3582f711de611cef23d84c60e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecbd2bdf71aa37c75cea4891c79f3772

SHA1
4946617856f6d86ba5c99f5237e712d5f81870ab

SHA256
14ba217fccfbfb0ea3f5d38c4f8bed664a9cf31c706a2461bf76dfec959338d8

SHA512
e6f9e37897e96a2d4cf2efd9df38f62b00094643980e1bd8c71de71960fc417076480af7b5b12de3b3c7b80b6d0b8b1e245e9f5c89a1780f64f797942e8ba3ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf8a6296665c2d9f7b5045f0dc1341b5

SHA1
c7f06d65251876b60dfdf38326f2547df84db4b6

SHA256
d588ce1baca6e71fe4255e457effc5e37356a7f9ce217cec9508350e30b93af7

SHA512
ec8f4e7605cd39d4b78e23d6acf4ef609333f2c10b90c7c8b8a6e22135e1b4f55cb1984580c07fd63a3248cd9825cae10b6370ddbfb359bc34b8e0869c1f532f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60dcbaa3f1cad3f4f1f3606f7a5f01e8

SHA1
b27d651547238917bd652e894af4db522a87b566

SHA256
9c0944ee5a325e1f465cebb16560d2e87e416387e91a0a36e781b3c47a8250c9

SHA512
4b6cf0105f56c237f65853f533da20f59cfaf6bf0928bf6719efc0d5d15beb661d2f884e08a6f19b8d69b1319faac36a44b74778722afe8eb376fab9e3a36851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5E58.tmp

Filesize
39KB

MD5
91522261ef242527ed59b53bb42708ac

SHA1
f067158c4840301cff6af5bc0e6398e40d000aca

SHA256
99e6aa14ea330252e655c2eb9215823ea2c4bc08091cec612e5a1815398dbd50

SHA512
f7705e58cd6eec10798370dd074befc141306b77f93ae172c3347bba16fe3cc9a28112276d4f9d86dd395d235525739f8227b5078299a3315a5980478e357b65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar64F0.tmp

Filesize
10KB

MD5
a46ed5ea504d38a960c8b982270330f3

SHA1
6c14d6781679acc7b877bfeb6873bf530ceec957

SHA256
904d7bd39b0edefc15dac04ad664d7764fdef3c300904647cfacb910f58f0622

SHA512
414cb615b9086b23c771fdfab08f851ccff2cee768646e17dd8a37126b8c39aa7bc57ed9a05d4f1c3c11c91a25919761c81e9bc4ac5e551079faf6dad66b76bc

Download Submit