ac37666eec4d01ed62532160339b9ecdb42bc00ea347f092162bbe9b6525f052

Analysis

max time kernel
0s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 14:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

38fbb73e62850bfe656e86c6cce4a229.html
Size

44KB
MD5

38fbb73e62850bfe656e86c6cce4a229
SHA1

d733eb85fbfa471fc6c1cc8c8842a8df059dc1c6
SHA256

ac37666eec4d01ed62532160339b9ecdb42bc00ea347f092162bbe9b6525f052
SHA512

c6da088123d9999a85832e304a8540be83ae048be1e53bc7db8f0c7627560cebe11ff0b61c40d270e62ffee026a8ac7759a60fbc2d113966390aa15f68dddc4d
SSDEEP

768:mwS0l/sGVLsk8ejW4mTNn2oB7elgDMr9w0UBk:mZJtr7elgDO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28F3DC61-ABD8-11EE-BE5F-46FAA8558A22} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1708	iexplore.exe
1708	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2260	1708	iexplore.exe	15
PID 1708 wrote to memory of 2260	1708	iexplore.exe	15
PID 1708 wrote to memory of 2260	1708	iexplore.exe	15
PID 1708 wrote to memory of 2260	1708	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\38fbb73e62850bfe656e86c6cce4a229.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2
  2⤵
  PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33717deafe29234a495e32348719a92b

SHA1
b8a7642da74456d7300ce3266cc07ce8c691db88

SHA256
213e79b96ee5992c91afe17bb06cfb01fc1c066f7257b78b679bcb2deab151a6

SHA512
b832f844770f3ee7155ece210dcae6c1755e8636bdec86b8f20b7c0db0af9fcc895112d44889286509b6b0a11beda487cbb63c51d2e6c8c47d6c140ebca6b3a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94d2ba9a0f55acdbb1d3afbc94ef259e

SHA1
505115597575697da8a68992b41ee545fbdb17fe

SHA256
d64e5490f3c764e77938f261950cb6c3c83da27b2d9a5078de259f6672ef0892

SHA512
0009f399b3241921778ddf9120193bfa5fa5ba90342b377051b332076c3126fda165e44fe8aaf4301cc6971ee1b205799648267a9b46eb3f78d498cd223a1f96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56d5225db3c70760a2a110e2cd9ea9c6

SHA1
addceb4dd5d72ca87a79700623246c011bcffd04

SHA256
82f3c184d290c4284505c7079c40838af23fe4347c874f8eaea1fb69deb400e0

SHA512
f255c560afddf2d3db878c20791f2258521a460d7fe8ba76c6acb6f8912e0f746b7445ff6679f78a5297ab6138f443c4a46d8853d0b444e084aa7ded7fdeaa25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a42c41881602023435b842318f3731c4

SHA1
051c308390118373e69f0c3a9091bcffca22daca

SHA256
b459df1551c24073cae992394e5bcc3270ae76b12a5ea4b291b776c75d385a70

SHA512
60ae53d19b91e7e7f90a627ef66f8d1fddfed28153bc5749c2c431460fc3462e01c4cc363f61ec7ae4f6e540b3f5897e9425a2a63fa34dd85b5fea39142840f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1b116cd2bc0d19fbacf6919e86ca935

SHA1
24b60d15b3551a7e65330673b5cf893c81496d7e

SHA256
0642e7f68a1878d362b43c420fc95090e3b66ed39efaf71c275dace9558ae72b

SHA512
76a98131ddb095fd6e394aeb31a113006ddf82ba4b96c278d7ba3efc5a739fd302291c53f02e6865f5b9e67f29b0ec0797a42c8d389a3c73ada3b39707851ca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
340933679f6fe9822b44feb2130089cf

SHA1
860082177f5e24500a8b61c33b48ede9cf0451c6

SHA256
bc078e92baa23b4bbdbe3332a580c1a04d0b4318c7d5b217dc2560e86a39a5ef

SHA512
c7392f9fce69f0b4f15ebef3224f6ef88039ec462040b098b548865ce20bf2c02368b4a1a6e9588ee43d788a722b5b614880440e0801928ebdff8328588f0b61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5de43fabdfff2e4c3df76c0c34d4145e

SHA1
a70e014635a16b9006193322e8e1f8c6cb546f5a

SHA256
ce18161d856026f3ef288df08ebbdeee04b278b3aa133d0f33da7244ed12f71b

SHA512
8718db5e3d6355d918d6e1aed8d7dbbc5244da90d71cc9fc8ea8745e6ab42c0d3d9d6578b9458d3aa890a6d7efa652eb39a286a525afd47c43d3c1a9ae44213c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b56e02ec2674bb7f9d259b97003e1ea

SHA1
240435adc408102d005f154aa98cb1e298ee54b9

SHA256
0b82adf8f5a233ee83f15fc16f779a48f25441338a5ea4adc37fe71b374c9380

SHA512
a7c3749a549f277e957792a78e648377b82fc0742407c266ce5c5a03ef490065139cffdd5bc15bbfdddc89f12ed6efff75775cafd47aeabef4bea10a90b3d10e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c0f099a0a8c88ad9c2a10cd3ddfdbee

SHA1
8176414674c62073b46f9d7a2bf8c7c65f3d1000

SHA256
03ac442f9e73ea96e355a36347a628c02bde9b82183f85bf2f8f952a76d2c890

SHA512
96944dbcf3d178b2e53b7aadf9c6a5d19b4326adb76355fd3f769abe01b94beeff6da8090e6a80b7187b35becdccfb9ef22053d8f6ce2d4afe62e445dcd3b24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1661ff029b3f8ca5fbceaddbdf2eccf

SHA1
4757510963fdfcc2cfcbae2139ccab0544c455fa

SHA256
4077904a58384ae25accda545d5ebcee79cd4bd4d60b570d4e92e68140ceeb17

SHA512
e1fc578fa508c70449af586f1382470988ccd661f0297d25e350fb615984e527b25227dbce548500b483fd4c0af4e1fc3fef45786a1ceceded5d5bd0f053df2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6004b499d133cd08730d5d4eacba5642

SHA1
613bcf34e66f3456d97e52356227a80ca4d9d046

SHA256
3e1fcc1eb79a1e4fc51213d196c871a4b99e5879b393a03c9fa51b689d9dc334

SHA512
fbecd5747cdd48c0863a41569a854fa7020021ee6fdf59199f666316d1615526b59447cb6aede24008ef493c8f4ade734a1b916ca4a47d33898d7f2e6d813a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a1446ff90fc4cd49cc5f99a72b6a086

SHA1
07bd8aede3ca4470bb1f4d53ef95f9e9ce90c450

SHA256
f444966324842a6c63e52c9547045147ac59a14e6ba07ce474ef517a1a9b3739

SHA512
565f8d6833eba10e5cbb6ff1c50d33b094a8bc47ffd9bf001eb6f22ba8d1e5b77bbdd35debfb9de82db366dc76f0e9157c5b26305dc42dbfb00d22d48b72655b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd74cd5bbd6d4db01a32912e77f54592

SHA1
5757f7b3b919504fc8348a5f0e8d5cf821f69e87

SHA256
6504630ca9694d095deeea5ced383440dec0b83e3161a1241755d33509d7cc03

SHA512
743927e9520a34b76d45fe9b04154f918beefb4e88e5852493cbe0bf178914a42c3d7428b0e11527ccd6b65c0ab7a5e2e17df1bef66adbb9c78d1390b47acf82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1AD3.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1AD6.tmp

Filesize
49KB

MD5
39b1bdfdc99d48d5a2662cfe982c5c74

SHA1
3b93971aa93fafd3d7bf597f09f00985ca4929aa

SHA256
c90583e109c3022cbb8c5a8082305d691f5687f70dbc10a987899cb603cd4368

SHA512
b0d32cbfe3a06a89bf1fbcb7fac564070d3bb18e44746b1910651c596abd10604a15575cb03d1321efe8aef55a6787e78217298ba21dc27a3a369001c2d910cd

Download Submit