aae057ce85a2fc07f12fde8ed8a756e617b0b025cb616cf8c9e02ddc73465d5a

Analysis

max time kernel
0s
max time network
127s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

370cec792ddb051637e1a9d3d9ff9f37.html
Size

984B
MD5

370cec792ddb051637e1a9d3d9ff9f37
SHA1

cf3288b231d758dc1953f144579195a83c1a67af
SHA256

aae057ce85a2fc07f12fde8ed8a756e617b0b025cb616cf8c9e02ddc73465d5a
SHA512

2002015eb41b92d436e48ff7b1d84050035deaf0124796e97d3c241ab42a7b8b0d010ff9833ded5dd364d2b168acdf5b9e21ee0c90212717245ca226873e91da

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1ED410A1-AB39-11EE-95F4-C273E1627A77} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3040	iexplore.exe
3040	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2196	3040	iexplore.exe	17
PID 3040 wrote to memory of 2196	3040	iexplore.exe	17
PID 3040 wrote to memory of 2196	3040	iexplore.exe	17
PID 3040 wrote to memory of 2196	3040	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\370cec792ddb051637e1a9d3d9ff9f37.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
  2⤵
  PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1857fcf73333fbc1fb7108bf91a9e714

SHA1
4dee77a106e592fe2c0fdc62faa570666f0f5062

SHA256
4b256ba501331eacc9d5b89e3f2717d001ce0e7b9fd700ad1995b2924d49751e

SHA512
5aa36987a670b47049c87e0ae8bee852e0f1aaf789e749e06d141933ea7d0009327d3965f74879756c008d1b7dfa79a8adeee4b554d31e68ee0e6682f3fb96bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba3a68ff89b4301ab4a09b4585aa381b

SHA1
22f4e32649226c92820022ec57e37809a95d8d3f

SHA256
1fd6bc7a106e4adb4952705b327b3f6b7236fd26456066a11791cdceb5f753c2

SHA512
d04b33af0efcb1c585a95689f679586cfbfe653d48e38887ccc71ef7894627bb0cbb1608daa286453ba316c17061307c7b9b421b97f471ed67743bb60019a873

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00d3572d4b4633d92d38ac20dc42ecac

SHA1
84ffcaaba52669aefec080ec906c725e5a79de68

SHA256
7b95fa5a82c9fb2f27897ba35de16176712e8dc5a29d4fd32090c2c12e6541e3

SHA512
ae0d1746f2c2b1ecf330b0053309c32d59e98f8a2c51f2fa85a308f0466a380705529a183b91241816a5006cf18b32168c20f9958fddc8d6ac1cf7d3f7aa18e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2fd3186c905a56b52ce5fcbd9616125

SHA1
65209192e5b88d9f82335fe2e0506ec5a02951b6

SHA256
427f3b08e609e9051dd68dab1a11a06439f6d672c748390766fe0094849e0ac4

SHA512
2fc1c32af6e9be5adef8bd403a64e1a3f67167bd768bcf60457335ed0b7539ce81694731fdc2d7dab90cea5135b305eb0b0d7e2d4e891c2e13b1a9f50b84a3d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f9832ee179ddbe0597d402e388ec185

SHA1
d653a65252938600e006eb4cd43fb1b51f0fe950

SHA256
ee42aae77affb9c89b4b9a614d7aeaf2112fcd8bbe7070c4d0066a59eaaf3327

SHA512
30649d9e032f1717648a4870a2fe02613c85c15c95f4e0597b2abbc37f28e72a3fde9b8e7ad2717b60c49be22d309d02dde1c1c2fd6beac2af17a75469a2decf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae0460e7926d3aa32f7319e2d6e86230

SHA1
c61e6669deb6dc01c771a2b062e2c5ea7a80ec00

SHA256
483c8d1cee93710f64be398bb4c9212ea103c7ff4aea64515db3db9f83a5da4e

SHA512
c33b8f9ab415d6dfeb30d2fcf20859f28089dee232ba085bfeabf8ab61cfa7a028e748ba221dfbd4eb0afa192dfad82c3e66619216a60a0ee6a32f839d28490d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e8aca8fa08199f6a9593c7c810cb312

SHA1
63d22e3e136c3daa04ae58fb4ba74ea0703b6bc2

SHA256
5fe1ca0d1ac91c41ec02de934b77072761016898370d28ddc72f2f0780d8417b

SHA512
8f5876fa87fe5e468c960e984662bdb06f33aea5eb1874ef5faf9245aff7216ae4aa048c2456ec110d4999a143a9a46b9027436a582a081672d987957b226082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76d8f0b32d5771358470085f8ad4872a

SHA1
7a5e8eb022c617b574b4d60f6811790a9f813701

SHA256
ec5609b929a7ef10c7b867cce363065a1b33a3b1230c84682c506262a690c521

SHA512
fd8923017ed7213bf4cb83e6a759737c87486b25a153229b2c3f463935f0a9ff92bf85c509a81694f09110977e2d58060fdd8e5d7675e1cb5068829edb9afcc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee90d8464f28b61ff296e907b0707b9b

SHA1
eb3fed3525cabe4f173e674597f7d20d3c302151

SHA256
032ba5bb5f5664a71f3fb506ea361ddb4e332d832b4d1b892f2bffee221cc9be

SHA512
c4caf059ec68148d2212a4582667674966a02a2dbc0dce61028f4aeebb3a66ce6892c880b7757fec4a144b541948496fdf9ee28da4174b3ecb0d9251be438927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
60de8ab7624baed213eecda87a7aaa27

SHA1
72eb4762a3fc8525b1385413cb892bc5609b52a8

SHA256
f63492a339accdd61c7edac9471813729ce296d5f4f0d4e27c07df71259c58c0

SHA512
464668e90475ebd5005dfbf49ae5011b9004239658117ad3f7a6eb1f431fff7da671fe30eae32b6e80a8a31ee8fe10be6e53e09057b23c11383760676798fe16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
6da48c82e8ba5100295a0a193a69f546

SHA1
18a29f3760e9fd084fd8a9282e3e100c133c085d

SHA256
0bcedee6d4d91004ffa4edf536c3c65b66af24d251928c0752cff7e4c2049db5

SHA512
a37314ddd076aec9bc47664428412f39a7731c42ff43135d6ca5e7e367cc1ff9f5e053bebda5fb8e967a80c5a9957d87e7a4b5da6fff94216522718194f73baf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2EB4.tmp

Filesize
116KB

MD5
4d6d860c5b65b79b1a7e55407baf7527

SHA1
1e0c7c78e53e53d4f334ce420eb0974adf31d67f

SHA256
3f372d65c111722035c8510648c34f49d164829859d2c7b9570caa3006307a4a

SHA512
90f66c5545f2448ba49e6f23c9f766cf2a235799f3d061301cc9f5564fffbdfe70c7f78d456cf2a3719a14af00dcb4a8b91d0e8499f834c71e81aa9083a7366b

Download Submit