5af9f44eb8246ac0bbdb1ef66333bf40eb6a422641a9c42ad037bb6918992026

Analysis

max time kernel
9s
max time network
166s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 16:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3a92e3ee965d432567501ab82da25b85.html
Size

198KB
MD5

3a92e3ee965d432567501ab82da25b85
SHA1

30873f64e8e9fcc3a01ce26dedd38c4b5b55f582
SHA256

5af9f44eb8246ac0bbdb1ef66333bf40eb6a422641a9c42ad037bb6918992026
SHA512

002ca2551e5bcd29d260f58b1221b6a4e808bcb40784f9053cb9a6a5ef9ba63fd0f9f8177ed6779e73ffd35ac693d82dfdafd3f76599c04d6ce4c65602ad0d6f
SSDEEP

6144:5jQolcsyNhW3AJiHailjwlQ7wb2gtO07rOJIKO:FQolcsyNhW3AJiHailjwlQ7wb2gtO07p

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2E57131-B008-11EE-9DB1-EEC5CD00071E} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2404	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2404	iexplore.exe
2404	iexplore.exe
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2756	2404	iexplore.exe	18
PID 2404 wrote to memory of 2756	2404	iexplore.exe	18
PID 2404 wrote to memory of 2756	2404	iexplore.exe	18
PID 2404 wrote to memory of 2756	2404	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3a92e3ee965d432567501ab82da25b85.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2f9177782d94c627f1aeca3e0ae4ce1

SHA1
c7a267cc71dd06beaf8961e3e48305ac957ae426

SHA256
42ede1506b69490f55ee97958c953fd64d14e92e4ef75b8b4a58caaa493ac4c7

SHA512
fe19f0859d2f21248edf1221c86dbca6ec7df0ad7c3240663bab617d18b9f55889552f213ae80c3f7a7e710b2196407710edbb9b2a2fb08fb359c3286f6c3d9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60ff53f2cfc616224a07a9fa44e21025

SHA1
85188ffc643bfa5fbdb45382ca64380d9b207f5b

SHA256
75d62a85539702dd65a8d6842bef5bae4af7af2b0f8550189c9227bca5bc97c1

SHA512
5a19dd4b1095861e55514ca8fbefba5d01a4583656cbcd98ef97a789d4dab05d4cc483e9cfd01e1bc8d9d04aedd86229cf78210c30bbdb28fc1fa077b87752d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
668e5fbaadb7c0a92ae38a911c2d9177

SHA1
9949fba3fc23b47ed908f74c431b0388c28bed7c

SHA256
0ed048ff4045890dde66500c9b70be1fbcc7d1ec9760c03b52bdf3a2376c8408

SHA512
6293cf2bf906c461e8b8356c604e2e47860f860a05be454cf642325f8e362c2dc99331780fa9c9df68d3181b3d6c0093c787978a20f7875229105fd8f4da26a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2200f1ed8ba8b21858eef57691e4acd0

SHA1
08f9821695d513b3546d7e0780211585b4b66551

SHA256
56c781120c3d883330d52f928cd66de37787ebfd8bef2e447f33badc9d8afb07

SHA512
258a843e64b3197d1b4f8c10520c6ef5f194940a3367de588a5cc2b409b17601f136b22c27bea5a1dc451128daedd1a0e7844826459b436d71d1695ce7e00e11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16bf69dbcc308fb6785f602239e0da72

SHA1
c78ab4308646af0b3bfc00bc01719e8d6f47f87c

SHA256
7358d5664dc56eed5d37926b806fa828e9dbb0d1713cb41ccc577454c93fcf85

SHA512
e5f2ee67d984baaf946b53a44a8b544b00db755c03a3a3c1ca4bd9287d6b1be20907cb5895db7b8ee66bbec3ee3bdf4101ef65e5a1e635231d2ac4b075940781

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e135bffc220f5d7a555908eb5f821f4

SHA1
4a94f280a26cc1cac725582b3890587df6e6b5bd

SHA256
ff7af19d770858bc78bad3c89ecaea3734f78e01f4061efa7262cbe6d605d018

SHA512
f13c4ffd63a638e67b16d96dee13eb67b55006446bef43e6130e3c582d055e7fd8085ce03055ca2d20eb31322ee0d12e83ce2e268f127fa37f29a2d72bff299f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a797441b8d0d185f2a97f5a17f7a688

SHA1
aa287166574d409eeccfda05f8360235fe078422

SHA256
6e7288be42970b2114b7c167f1ef76ef67c40d30f91b58762d9b15f8c18916af

SHA512
5dbaff67a94ed1485cdce0051cd69b5ca97599afcbaefec21bcc56ad061af7bef91a69c6440bbc55d89cce05a1f51a9a91e97d88135339787fa3fe57ee03fa67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cb42f2fdb7c965ebaf7118f16985322

SHA1
51c07963491938512893ff96b81fe759ffe440ce

SHA256
8dbf86be2b58a0cfe65dfa2fce4cf4aa42fc84823ef4663c8000859d73040a3a

SHA512
1c08eb0e2066e4bc7817e03ac95cde3025ffe78b01fbc09843e308b28b05631eff831b7573cd926a3f7185fec26c934a91e7e115f36b97bc07cbcdade53db22c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ecb8794d350c1bd3bba9269bbedb6a7

SHA1
5786596de7ececcc6c133dfbdfd64c03f21067a8

SHA256
a456ab003e0683ffce5db46a68a7605f2db4fb7abac1f4e32542b924ad4a3aa9

SHA512
0fde089cb94db9699f6041a55d875c43c7d8307b1f8e919943826e2c0f2163de7b60d905b80bae833118785cb851ee56a8b46a8765c9fc74bbb06af99f44c147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a522f13f70e1f5cccf5d4e06e2f0acd3

SHA1
9314db77855c79ab94026b150e95b346a0b731f1

SHA256
ad72b8df79d7ab36e68044ed16c6b5018c05cbc8d51225f259b1dc30c3fd24c6

SHA512
1b1ef3c3e239ab06e478a34cbbc3d2f094f947369c4e13ebc9af9b4accc9011fcbade6b56ea9f18240f7e6375906793a2a682bcca342c55cd2fb082688821367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59954705e803885e8d85caefc79b5081

SHA1
68e2fda691901a9684369532ac38dbdb1fa9dd77

SHA256
d3841dddd80af0f69629bd33f5d2bdf7c8bd934efbea7fa6dc1e5619549783f8

SHA512
07a4fe19e5f28981913194e0c4100afd6adb24860297e420fbd3207c4c211bd1deec240d281d0d2ff2e0afca36e9beb8d917416eb0898dc89c3acbcf742c0a48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4eee8809d70208189f4bd0f5e4a5ee7

SHA1
237803a971e628449e971cf2a14256b7838ef330

SHA256
60c232f79227fc99ca409d94c4a76b86ae484f681a7d7125cddaf1002484af58

SHA512
e8f2162dabc535c9d70e1ccc1881909bd9e3b3f3b297ed35a99c8a32b61ca478c77560f2b801a3199500b60040b422689bcf6d5d5fcf313e53dd00819e532698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E25VF8N4\sale_form[1].js

Filesize
761B

MD5
64f809e06446647e192fce8d1ec34e09

SHA1
5b7ced07da42e205067afa88615317a277a4a82c

SHA256
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3

SHA512
5f61bbe241f6b8636a487e6601f08a48bffd62549291db83c1f05f90d26751841db43357d7fe500ffba1bc19a8ab63c6d4767ba901c7eded5d65a1b443b1dd78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\px[1].js

Filesize
346B

MD5
f84f931c0dd37448e03f0dabf4e4ca9f

SHA1
9c2c50edcf576453ccc07bf65668bd23c76e8663

SHA256
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

SHA512
afc3089d932fb030e932bf6414ac05681771051dd51d164f09635ca09cbd8525a52879524b6aa24e972e7766ddf529484cc1ec416de8b61255435a89ba781f8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab92EF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar94A6.tmp

Filesize
97KB

MD5
2de1e4e8b2576ad69bced02259448c09

SHA1
307dae0dc8875ead7e838e67bc12c80bf0f2d3a8

SHA256
32bbb3aa5cceb5db8ea1a20289b37cd28cbf3215580075f464b9939296ca161b

SHA512
e016f2005fef09df335925365c96a2d0e17b42e14b838ab6f94409910704dde138728fcfea725144e78bd1117c474667031dfcc3ca95a836c40e09ba4c2a99e3

Download Submit