fc7f62fb590a6dd8423f30f8f0ae17c5586a78eedc2888a4d1911836178c677f

Analysis

max time kernel
0s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a27bb2884d8370da6b914465aa73105.html
Size

3.5MB
MD5

3a27bb2884d8370da6b914465aa73105
SHA1

16bd53b9aad50721fd37340cee46caaac43fbc99
SHA256

fc7f62fb590a6dd8423f30f8f0ae17c5586a78eedc2888a4d1911836178c677f
SHA512

db9a8e9b141c1a8039750cd6f8ca21a6e573b20af37bc8c0c5187c6e28ddbb634f1364657ce9c97a1c7262028f7a109503953898533ea5ae36c1306fb0fa5205
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NNl:jvpjte4tT6Dl

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 20 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{57854A71-AC12-11EE-9FFF-CEEF1DCBEAFA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2928	iexplore.exe
2928	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1744	2928	iexplore.exe	16
PID 2928 wrote to memory of 1744	2928	iexplore.exe	16
PID 2928 wrote to memory of 1744	2928	iexplore.exe	16
PID 2928 wrote to memory of 1744	2928	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3a27bb2884d8370da6b914465aa73105.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9bf313f5d7e8f6ebd1453b3cb5e3d17

SHA1
c86bbf3fadc5270a3ec19f710cb273ab649cef06

SHA256
9a506ee1f439ff28056a86475b78e5913438e61c7217e45d3c3c8517dddfb073

SHA512
7848d33206121f51bb89fd4c88de2acb8baf364e2e423d816e1fab1e58f93d3282927d3cc1ebb8e050a35be6d6e4066ca268c20ce7b10a0fef490fb18f7196ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41bf43e52687829c56f5dc0a349662be

SHA1
45d0ab140676358d1896bb8dd7d3bb929fbc149f

SHA256
50a57dc5618a5e07842afb51886fdb1313a4f986db462e2c59a7dd10c80dd8c9

SHA512
1974c548392ad6140b0d6f6f56ede3e13285680d4eef19c27602a4f4100f7ce3a97ff421e5d6cd41e1199be06b336c3c60c93c76c2f2b7847eb993813b01574c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d514b4f6d934e4307ed5593e13f5c6a0

SHA1
f726347a28effceb3b09952688e13484e0d46a21

SHA256
520f6f7fe21325f69eb7d4ddda2740f05d2aa5bd1c72b4a5d1e1a33fee0ee083

SHA512
7e12d097985306ab7904a0afe0f5b6a679a99c835e3d576b8ce0c26199ba392835fdfc48b1e6d4939fd9946b8b528f4fe7eb467e50bac955f37c75c21f17cfcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86d300bb1f5f5cd016fddfda98a9c11b

SHA1
71ec851bcd7ee93e576c4b8de8ea20ef8e6a170a

SHA256
34a972af21ae37675412c992d5c8da03d25f52bd8e1ec6a698339e09e9c68267

SHA512
8d9b3c4e7c45e6da6ecf27811e8d79df610570e0efdeaba8f9cc785f556fb2a88e01ad8d44670086027652ba8b14228666816aba07e4d829e9e4bb8ec9cd1136

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a6b88bedc65b78cd283138e83024cf5

SHA1
6a18069792b33bf0442c6c956ac2ae849b2d4166

SHA256
cb0fc54e347e623ded7838a724f5ad94539d623c97139dc40d629908888615aa

SHA512
a56ff386375c362e58297c86ac0412bf5f70931dd3441901628c9317be5ed30de74bb91b1e8a5580ba68631a6ff100d3ed7a30b7f2ddfb96b623581f18806073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7c8becc5ec5d3499d223ea60ecab201

SHA1
77d72875afd06359efebecbea01ffa7b2fade7e4

SHA256
0a6ecbb7246a4adb95cb9edcb718da2943bf62ce4f51fe494d54dd050ddc4bb6

SHA512
6f41abed808944dd8a7eb23cd492ab0c6e39e0e50c0892b6173fcb6a16e29aa6e85a70d71a097bfa96663c913e7da9e6a62381a3ed4c8cedfc01311b998e3fa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b66f437c69f5333fa20438445e80a35

SHA1
6e627f1d43eafb96e633d6c604cba90d8039f539

SHA256
c1bdba0ccefcebb08128d371ecff896189c9daae9fea1cd84e9d0e5207c9e968

SHA512
ab74fcb8ae127b1db7a496ac750a6348b3ff627caed2c6458c23d69c4d0dc350979332b03c2ae939ad1afbb96275c7db6385e398c75d1ca2eeae5bd7da7eb9db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a40ef5f8b9ea5547b5a58c35b3a8789

SHA1
49f2fdf0bdf97fed0d2461811af00b5459645d0c

SHA256
709920f85faa0009d4d579c46f6770d60ad3fc42b4f48e7c6b05724301ec690d

SHA512
3c182da9088378814cc0297ba6f6de33f9dbf26e7bc5ef3d6d460df1af35310fcef1ba693ee68a6f212972cdbca9bcda1d176e83294c04c8b97cd0eb0f4620ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c741d1aa5238daa92117048d0a58f14a

SHA1
ea39991d1f57d91ef73f47956b8b58d6b946d13a

SHA256
567c2747a7be3ee1f7856bf4d8d2b1da7b43d3c8a0ef79eb90cb66f8b4cfc388

SHA512
5f6eb5cd6d8d18ffd8a0aba95f2980e3e3d5cb7c28875e45f8fcddad36b36592eb02a44833424aba4cb0c67e0f2c359a41ee2d7335aa08587d266128d420a7b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8465850eb8542b85436f988c54aa9a31

SHA1
d4ffb46955e53e2859c7351313ad8cf0e069d71a

SHA256
9c6c6684a33dd185d81bf6ef18e48a956f43272802b96b02a8aa791199f3636a

SHA512
7653b51d7d8f97a4347d948cb98383ccad0ba8f80ce77f46689609d106c30e1b01e5f14bb5705bca49e6e7917d9bfc1cae29baf701faa0fa9a78ff5e703146f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdda92bf5ea8325d9cc38b3de7c70bb3

SHA1
1d6707ed7484c3a58d9514046ba90b3ec8f28c46

SHA256
4ba73bc364ff0f44965c7c91656fffece420945cb17700517089c3f14075ecb1

SHA512
a689e3146febed558199f203e11ce82e3d3df28b3c48584c1c247763c04f90c4994a4e2be64db223cf69ef018ca5dde85395695c69d7cf15ab4708098dc3a57c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d26eab8a2f908f007e32ab38c22edd6f

SHA1
e7f4cbb5d3d3b56fe8edaab84526f7e58f0d75fd

SHA256
eb5c9a898ad5cb2a1658c53dd6b306909537f60505a6a0d59e13839de8d04526

SHA512
03e1b32703e6e5f6890a863acd011c540a367c327c5f23741fa54587b9cd426100a4614552eb0b79bb23a36447b1fdbb17c0eea6d773c8385c55565d677b3c1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
706589ccc5078aae70e812dc234eb4b7

SHA1
1770c41e498f6908642b4418d1b34b8c3a59dc8b

SHA256
5e1167db2f5896ade78bee87897560e1bb2393dabfd915bee8ea34d44b3df148

SHA512
6276844603357f5fc10e6f5bf5bdf49aee1cf69197f0f682b3b1cf015b6d3451c84a246a7d466c4a5263e40ca2f96b97c01fef16e993dc685e3010379b380eed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dde63a0807079004529476b285cc9538

SHA1
ed7078b1eb7121ccab4d96d6c2696025ebab2924

SHA256
e74157acd9afaeec7dd435ecb4e1a21c3194841c8faa2e2543a89c7824a0bd55

SHA512
8226a53b8aeb4b802afb4083994bb569be82e1f245a014c2cc070d3700b28f0bcbfbfb2d2ef47992bba1b8739dbda578c87efe465b6abc5115036df125ad108f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
274e09f8f891e91fd71b4b33588d7114

SHA1
3ebc722fe4e782553d954b484e831cc1b9a9a73b

SHA256
f02035f2c2ea3592c5511d8c0c0b589ae007bf58b1fb976e4180c3ed39a6fb7e

SHA512
4f2a47046af10411d490f8fe3bab3dcccfe56cd7fa137dc09bbfc5afa70276eca335962253bf2ab10a91ea6ef14ce68c34294a9bba0eafb469ea9b0dacf136a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b7b54930e9aee29329ff8df1a6d0c9f

SHA1
9ed04aa64c070c06596ee6557be9d1a6e3b9a6d4

SHA256
fa367909f7ed6793cc94202c997aa4680f879c53d72b40b5689535b14a757a7c

SHA512
05635680b7a0335c2f74edb361f5fd575c4fb90a3b4b893c5775690b2b6d7deda77c36fcb9adf93ae2dacfe526dbd84a7df4eefca6a3c3fa1c4991e6de5b69a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75dc1d8476eb426ecf077e2282681daf

SHA1
3b747879dad2015aecd507092a086096d207a427

SHA256
870f520d54e53d4c16f2ff68e33a7a7b12cf8244d45780932699cfc5f3d18b26

SHA512
b10efccbd3677cfc9ca6c06125bb92e0421aeedd0609777ba4a6707a7b733b624ff58ee85cfc81918a6b332a98dc3db0f3391c4c2951e60aefc739287b285aa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6a8650116624e7bf863243f6b3ec55f

SHA1
69ddaf563a35d51abcdd309753b202cc81cee944

SHA256
cc012079d74462c888af43dfaae7ccd3b6ac8e6418ade15951affc3f52ccd4f4

SHA512
1c5f5e974f680d4d1b6355956f17bd9de044b7caaa4ee94f9474e45c5fb8c9702ae70d3079572d3dcf206d48e68f8a06fea4fe3a0bd155e539ec696a7cd9b4cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a96332a1f9eba26dcee9026569e14f6

SHA1
5dc4465f32cf992e37a522782f51f9926b99f71f

SHA256
296e1f3cd1fa5f7698b7153fa458c77e8f5925acd985241b26ae7bd69f518e80

SHA512
70894697a1f34f1f49be696a962713194938414ad39db293ed6f8311ded3e2c44f1624cbb92f2ad665d8eca8c04bac09228d53674ed3cb6c9c1174838637b65e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0502ec58dc18b112b4df24b745e7acf0

SHA1
f1bb73599e4503f78b1dc688d1f6947921833a41

SHA256
2600972b0db360321cb3238362cd80971f2751b272145f4d672f3a667c86b249

SHA512
1f7f0deab49ad1bffd6b9bf32905becb50f475bf9234a6784a3ba7e7b725a9c519bf00e336bffcccb71b175bc696a1a26f377ad6e1108dc8b00b9c7b008da485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecb023937fa6f97e9adb626242243a2a

SHA1
369193d7d8bfbbb654944828103937baeb6fe3c7

SHA256
17aeac36375312e4e7857f1a2a8b0a1c965195956ac7a5a356d875a9926031c1

SHA512
e937d2d5439dfbae0290b090c39eab5fd6384bb8e85cf666fd4ca9f36fdb55d707c3ae199e4fc7f744b0b41fd0e672d06c7ae075fcc498c03849b64c6ed9abe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7a174f0c5e049b8251c3532805bc4dd

SHA1
aa1766ba558cd82764ec08f525696326d7fb7d62

SHA256
6588b0a2beb60baed2c0f126bb31c904dbeb38d41f212aae5292d338faa37889

SHA512
34346d68e37ff97f190e777c7c5a687952f9ee1fe43b2b3d6587ae228a0eef8a49bb43f154f40087b5cc9cabf7ca4d56208660fa176ee8b7e6554f993fb02159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\beacon.min[1].js

Filesize
5KB

MD5
aa3a5ac3c8c109fd3539f93325461067

SHA1
27564f6cfc84bf7749dea2aa0804bb6814a56476

SHA256
c8b2ea07b9197bdbfa77ae092ae29629ab5ebf50db8d8b39cea2e7ea8beec3e8

SHA512
9812a8070f6f6b85ddaa2633b30752880648e5ae91ac202ebe26d3e79a236c8d50373c008151b7e73e3704fe5fd484a70a1d717fa2f196de4dd4ae21f6a1e353

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1038.tmp

Filesize
54KB

MD5
2db73d325845fd1a6cd2b22e6183c2e4

SHA1
9d40c047ccc0c01684c3cff89713fdc7637da85e

SHA256
c5a4e025849582accbc3051ea14364aa818780f0c63341be0ce6d20e44ad46a0

SHA512
b4956ede40cf01b4f07bd5bfc124c0d43049b86e5dafa4c255670f1049c7ac1e61668332d61708aa706d91f1a0ee58cd7e1a513cc32e05b141a79f9e4391c20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar103B.tmp

Filesize
29KB

MD5
ed57de7b9fd18d813ffa5f191cb5be25

SHA1
0d1b4d864ff6a0209181e868a20f6196517f35f7

SHA256
571d5c3cb1a35e77ef59a81b40ddb6d4ce5b3e437b33e90be57e22813051de29

SHA512
fb010d0fd0a3ea1a579e1593c68c5664790a0ee0e0c78c49cf1768391b1cc5d4882fb58c17ec8b87d09095173fab1df8a4dfdb59683ccf09c047e043bc197e99

Download Submit