ddbdc676bfab7fce0a020526227f7d30239d296a8243956b963c0ed66d7d3954

Analysis

max time kernel
132s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2bf8e7ec7065d92d6ccecef1d175a855.html
Size

58KB
MD5

2bf8e7ec7065d92d6ccecef1d175a855
SHA1

57d51574212daf70d672682885330d06043e77f9
SHA256

ddbdc676bfab7fce0a020526227f7d30239d296a8243956b963c0ed66d7d3954
SHA512

517a8f1bfd3de455e19d918032e2522d50c35c1165375d372ac2a35b75e3ea839fec8d88592f97da8fa58bb8c5008db2c8f3aeece703d4458aa3dad327a5566b
SSDEEP

1536:gQZBCCOdV0IxCCcAWfnfqfXfMfbfCfrfQflfCfcfdfwfbfZf6fNfvf7fpflfkfue:gk2X0IxW/yv0z6DINaUlIDhSFHjR9sme

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000a45c44a66e1d3d50fdba43e4322ea5f321699f3b2fb25647318655faf9347d90000000000e80000000020000200000002469e97e213d43b87e09f7850c9c66d126b41af16a1b39950c361c2e74b6f5f82000000083e1c202ddfb078f365941d47c97439914cbf3b0b592dbc84088fd8dc9142e10400000004da66dd557f5e9da31aec8f56fe36f8387e608b83bb643c361e277b01332f967a2818f93b3451f79f508bd7f80bd25168b2b827b87c277c4db338bf21c47c36e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a4f6321040da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000a2d52919bae4f70e85bb0107c8e3bffbfa091654be8fa723f610287793f5891a000000000e80000000020000200000009c12d800b7269b78c6cc9b871c8631855a4ac7a0558e2d7e1e8f8df4fad26b75900000000c3118cbcd25e146d2b63693b5c5da0a55c46aa415963d9def0af1a95d4c567cb11fc8e5e8dd7133e7d031d3ee4e05681a3fe44ec50d77c567ff9221d4e4ab6828e8f4916c7ef2fa8029609703b2de8632add047dd3aad377a88cfb6c4ee5a2fd0d0555a50feda797d0c44e759c993f4c4453cb9173deea9f65b71bd3590aa3c689abd2e5dc4478236391276f5c5c16e4000000096b7943d98ee38c123b3998ee6d89dd9b75613c5c4d7c6eba7973425ab99766b752e0c45289982015a9df5fe48d39feb37ff3040b5d7c20fa28a1f264dbc41dd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410645917"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B069AC1-AC03-11EE-A508-CEEF1DCBEAFA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1092	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1092	iexplore.exe
1092	iexplore.exe
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 1652	1092	iexplore.exe	22
PID 1092 wrote to memory of 1652	1092	iexplore.exe	22
PID 1092 wrote to memory of 1652	1092	iexplore.exe	22
PID 1092 wrote to memory of 1652	1092	iexplore.exe	22

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2bf8e7ec7065d92d6ccecef1d175a855.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1092 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d26f6ec9a43ec7a3ac96d477f150af41

SHA1
903ac5ed06b8f619b0fec82cf9bbcf9301616416

SHA256
dce7647653d46fc25d1210dd18f7143451e0e83a5aa94e4d484466c8c289806f

SHA512
6e6b7bfe5c4e6655c70941e9aec7f753cb247e5ac7ee6a3ec2eb485f66c7f5851638b44dcf9a5ce941612e91fd3c91e94e34e22c0f2b7915c88348fd85407c81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f53fb19d46aa039004471b51b3278f70

SHA1
b60766cf9ea84c35764871a31cdd00c25aa58e53

SHA256
1bdde5f0fb1d3ab14648f2cfe1c9bb3cd36305f48769ee6df0a24d6c65db66df

SHA512
dd2308fd6f1c99446adea98489443f81f950653cd51c92f079dc1313f893ffca437ea76a5fb3abc091527314b3de7417701b620a158c33b20dd6b65c64c80488

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95a034adeb5941cd31895143adabd61e

SHA1
d8d545bc9d79fb3fd20d70f62cfb837171ac0ca4

SHA256
eec00d619a198baa30a21ea510efe822de01979de640c42357831f6b4e05734e

SHA512
c0d423788b64f2c9ca670a5fe9e1f3b16c79656b00110c55c0358be6c5434fa61badc368a5cb73d908aca92c7f143ced0b98ced6b4f97c378d5765dbc85f70fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99179e94b4052bcc2ee73fe6fcce39c2

SHA1
18a98366c73e275776fe781ebfce32829b669463

SHA256
9fa567371174d9935b7867e7623adc1719e036724ae55432cbc34bfbb6736e32

SHA512
b4fe70071db3fa27d6ec643d37a0f1df79be8c0ff3ee45b94d8c74751f83c2eecd255fcd1dba495c85782cf3328decfded296f5df14f152ff40007e137e6dcbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33367a01d811fb8636d5e1c5c5e5c939

SHA1
43bd11d5244c33a1f1499f0fb112d0e9e1380eb6

SHA256
00d5a2c31a56c13092193f735a1b4ad4dc7b228b7d2d48ae85f665616c623456

SHA512
8d927a686115e3ca3c4ccd1728aa1a37c83aaba226fe0a03ec478bb37ebba0b21f05b1d45032b0b0275944f24f84ea0679aeb9fe425cd800edaa440659cf1fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c13bb353d27c48ea9fc43d21d68a741e

SHA1
6c34c87fc1e19c45d7d2e3282df1c511fe1e5b28

SHA256
752b8870dd518df41b465ee9c889518bd3e289174e5485bd086aaccd1ebb0bac

SHA512
c102ff1bac2f848eec427d37a74a3c27b880bc01172c93818161927bb1f03289bed5ca4b107d6166ae022f98d08cabd2a8d20dec62d6a4bf4b929e7e14412d6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8aa7e74eb85623697151bfd97905af42

SHA1
b4e0def6e33e9b6cc44a93b272a30920fab64193

SHA256
06a812db8ef01f3d0a246f3ec8c414736da6459a48db614c1efad4931baa7f89

SHA512
d7527a540a8fad20e99d94c59938c8149b5843e5c5b19e63781e719848b7357f049492de2b4df1b1309a76b4a35c1b11c7db31825f82122e643743a44bb2662c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72a1d42b090b6304c81c9aad311d298d

SHA1
f1fc65a2f1300d6b27a4a4fdb8d6ba9437b647d3

SHA256
e5a53feb91f7e523c06532333db99b2aab9379e8d9c6a5e86b29a294e87eb2a2

SHA512
32c11394f3e65f2e90be28b85883b7f3fd29124db0931d2197ea65e4c45ff421cc8924df6845a940f76915844b34c6a04cf21019fa30bfc4287247c07d2de4a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9b09126d6b3b0dfbabbc95cc318eefc

SHA1
edc0cb825337038548a327995ce901801a2ce4ce

SHA256
bfb87a56572d5b70bc305735fc49c53b3a81c88913eb80f6e240d502b3a18333

SHA512
40c6edf3212088e85c9ae16f09d44b8163e616e3e9984f023d55d7d954ea1eadf8fee30619ec55fae0feb835169e05e5e57e87023cfc3dac6a7167e87b111fd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ffad436d2726af2a3288ebc84015c14

SHA1
2035691574fda7fa052bfffb4b9dad2dd3052089

SHA256
a6e603dd0bce7e4f647be43e4059d9c7ecf8964862758905bdb0062db9ba098f

SHA512
e0f1862476b3ab7840dd825704eba5fc34b81f93176e66209cb6c0b509c85f236789e3788bf48a683f976bb4a8d13d368ed09fc5c00020f9174b269c0269bbbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85363285677085865df1a5dfd4df5a4a

SHA1
447f1c269b95f4d9f613bd091ef65d75b7020ed5

SHA256
149a18e58ceeec1c2cfc7c0bf5963df305d9a9ce3a7201cc385335caf6eb5b52

SHA512
ac64533c5cec8a09326e4f74ddfe385abd1bc7459c14aae8d7b27d2153989dfda4cc9df8f3707843e62cf931f25ab78db0634a4e32999090cbc2321d2b3f75be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36c9e501ace617bee2bc716b97a2b73e

SHA1
0b688f8c71beb68143ae6273ba74b94f85d03b49

SHA256
52e0fdf2c9ddb90a164f5da76ad3c11934ae026edb4053b32c8733126f494c75

SHA512
a31a540a4d35b6cd4c2fe514ac358800a381e1b20ee4226bab0213ea073324a0e409585cb9af288442446a6bb8440f51fc5d98cb88c256d35789f2e68bf230b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e80ac006d590e3bdcace1a873d38c48c

SHA1
2da09d73e729f18bd7bcbc49653d9389f8e4eaa5

SHA256
49d39e1805cf425c4938e9d8bc540895a5b3aa8e4b9a78c7cc6d27179bb9082e

SHA512
349f9de6c7bb8c9db66940c44190c206ed0529d03615bbbc98a96479c8314da6bbed56050ee928deec7c3fd30893c0ec66373160412434c13da2e43a350cd8f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7dbfe36c8bcb15c601815edece7c10b

SHA1
9e645d9272eff5613c4f3bba94e04962a3e25af9

SHA256
663c0c3a92037f1003287a5d806621369f4cf14a958e8fc376f438a412282996

SHA512
05b48ec177da4a9578edd3b3bdd491c1f4aac3ad44fb4e6d9339ce02e759bb19bb254031bbcfc93c661788a6da3105c7091976272f8fa6b4aefc027955c6a295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
110e15a22a498824402670648c1e661b

SHA1
2c67546016475785849fc7fca7941a84e2f8d2b3

SHA256
35770ee4e6ced13f49dde06a5d556ac143b4c0f08ab5c6e79595785dd1abf91c

SHA512
3d8cee9377bef58a07abe8fb50d849ae1f5ee84a3e046874389d6305399b6121390ab302e1ced1c6e58098bf99cfd4f63dc08849d1f673e0acd0be9d299e2d54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7023.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7055.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit