1f803c3a4aee948cecab7361902e2538887a554b055da70a870914b37e40ee11

Analysis

max time kernel
0s
max time network
132s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b67d690ee480e1cdcec74c12a252a69.html
Size

3.5MB
MD5

3b67d690ee480e1cdcec74c12a252a69
SHA1

db032a8fae2f5a12ab32cf3d10b0fbfd2fef1a30
SHA256

1f803c3a4aee948cecab7361902e2538887a554b055da70a870914b37e40ee11
SHA512

03dc076db3080e08a5f2b75cb87cc3614cd62596ca6fc1b74e5876a351f703e80e55b0c3c24a750eb591af3becbddd69a66e0723132cf80e6cb8b5384904bd0b
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NuP:jvpjte4tT6sP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F96BF951-AC31-11EE-A140-5ABF6C2465D5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1712	iexplore.exe
1712	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2660	1712	iexplore.exe	17
PID 1712 wrote to memory of 2660	1712	iexplore.exe	17
PID 1712 wrote to memory of 2660	1712	iexplore.exe	17
PID 1712 wrote to memory of 2660	1712	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3b67d690ee480e1cdcec74c12a252a69.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
  2⤵
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
17KB

MD5
680139ff7743c271cf30793491c79c01

SHA1
572ead15f897040d85498194c617409ad5d79988

SHA256
fdb75ad85a084eb473199c8edc856b9a8174cb62d68ad20c09b59e6e79f3299e

SHA512
da4c923a69b17d2c503f52acc3b191b80a97ace877e09810f8a8ad3280c3c791f69c1a8f388ddca18d3182e9680e5cd3cb1b8063226d874ba9e0e69b698b9272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
15KB

MD5
cbcd3484a71f00a1f81f6a42a578f177

SHA1
5eef1f6e082db319ebc87275d8e8d50661198db0

SHA256
d6fb5b9818b5725e3c9274533476d7d0948797d1cd1c8cc3638ca93917791804

SHA512
b1d7f676c792b1d7fda8cef3fb8816b3c4327f950d78a85821ea5aa410b8d2219ecbe46abbaec8d163a015d617ea82d1b6bdb8ddb7ce3a2f51c32add3821a464

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
00dfcede93e66b869f9983f1dad60261

SHA1
e5d6162dd717e0b8b1b8390e5ece02c9cd7ac02b

SHA256
fb7f68aa89364143d5d56d8dd0b6f47c84f7b8337ff89b7644dcb4ffdea928cf

SHA512
8dbd41420290ce018a9f1359b6ead95b1408489ddddcf94c5b5f6fb2fcb81f52a7d1457e900c10efb7b92af5fcc06b6cae308444b79dee1421ddc4a890884f94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5bfde80d3d25a9cda0df95d33aed5059

SHA1
18705ca550802a3b52bc787d37ee082d4fd0fc68

SHA256
86f16fe8e8ba34edee8ff46a835d77ad3a0975bbf0d1aac432876caf5dcf5a3b

SHA512
34525db259cff316614ada08880a116d2c01119753b6121ad50006ec68e49c094e2e9694d5d7e927ce9888b8a909575a8462d3d0ea5de54946a311349cdef3cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62d8d79290b93d3791cd3bc3bed85c01

SHA1
51119dc72938e28345b7f7bb13228d9f8cddce41

SHA256
a1cb9dab486eaafb5652a28b242030d7986280749ebc56517d34768ece430ff3

SHA512
96664abec40e865a284a2968ea4ee62bff016f25291d309a7b5e6d4ac71ed589b1ac3f8ace1f796419c79d439e91487bbcd1f092354565d9184c42d2a11cdc90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81e92e1a64ec8ff46408dbff3bb1667a

SHA1
42f7ad4a5809605bc31748b4e81ca27ef6c5df95

SHA256
00b491951cc461f3062d4caca92c10ac21180b380f80c72fbd40269de777186a

SHA512
28509fd6e0842a9c9718114ac24d157e068294589e05f1a5350f92a88fb460c40a7e38c6c614bd6201b49e05870185b2237c41bcd5098822daa8404fea3f146a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87ed6b22bcb97a44a774d5d9a0b6f0c2

SHA1
4812c377921c71ffdb741dc2ef73b2643e04cbc4

SHA256
f8e69e7fc0b80322e9679dc42359f4ffdaaaca8f378fb872523fdb23ffc3d114

SHA512
1cb52b84b6ee0f2a8a9c70f5ae739a3a83769304708d24c3cf23148b9be17f40ee7a04148bcb94aa22392978d2789d9fb8d22fa8a0d43324c677ad6f09740be4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5b565c3b0a4c7aeeab9c11b76961ed9

SHA1
79711d6b358f4bf1aaeb8f9fef756ebd171bf33e

SHA256
3a15038f5b8a0f0bfcc267145f478dc3316bb3e3750bcb0b5cf90895500bbf53

SHA512
96d445bd81f15eb2edf9458fda83828115ba258e154e4b1d0fbfcd5b3dd9eacfd9ebac537f83496b297f3abd081a71e2c32f26d096f156586e2bad5f0ceb6e2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6997ac4decd545f9dde0e3a767c7ca74

SHA1
0da96000e4c4be20a2c3fd6f69481acedb416edd

SHA256
b439da3455e267aeb36bd6e2f7a194855efa348e73da9fcc5e80c2d47f22b530

SHA512
aeb16871734593ed75a49b32f8fb9c529c593aa5acef8d2a16885d5bf6a2e885f5fd8cbd4fd13bca4910d0e3e2769aa57dd651422a51f9980da6aed025717ff1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a2e2741df7fcfa0d54b4009d0b5ff84

SHA1
d8bd66be05e66904905a42379fc5c22ea2fe2350

SHA256
2a6f6396273b40ac59513bbcfb4e0dab1d8b0016842a5f681039b168df1e3e57

SHA512
1764df454ffc4bdc56fab1b287d0e2345afb780d395802e335540ae643359ad77fe422ff8a76ab0c83ec26f8f0b08e9a579288666c4dc10bc57c5d4e534412c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93baa183cb3fd43fc3c52f9316526a06

SHA1
3c478a24fd9eae264a55a4df28fa671d3ab6167b

SHA256
2ef7a737cc0f563d676c9430472190960e226e3ab4efcb782468e9b8c6c8219e

SHA512
6eb85bb4c0e6aebc4c1c1c8ca7cf3083c374d1adfb5796563d31a28d8c7c98e0d86ecb370e3f07008d37a63820446cce7cb946c8e429e3ac1c35d5032be1b974

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0db4589ddbe841bae37b61bf4f82304d

SHA1
6df190b1e3a6030b7dbb84b3250635c0d05b404b

SHA256
5ae832d4ac562f6ac688a9eebefb2a22470e069e0f35631cb045c028c924be13

SHA512
6f167d9f5f9a666d7687b26e6ad4c429675aab3f557320b9c6e9f2c5a7ade449a8586f56c3dd228fecf1f3eae6ce290f8fa03f8c67e5a0eedca8340927c57f16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac43755516336cd05769fc9c9a47b31d

SHA1
f67890e5ae2077f8d896ff1575ec9bcbb95e4bfb

SHA256
56fc4d06f030bee95bfad7c010bf6e3be670f8032627ba4e2a003e0fcdc67bf2

SHA512
a8092845ab43b7926700c036bc4c09383c8d953981b3b710370a541a010531e76304ad21ef2f06d41837195abb88d1806411a220131ccbc03dbbbbb0796f0060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ede49e152fb0ebd6256a1fa166bc12e

SHA1
55ff5fb92465f966fa9f5ebc4b5de28cbbb33d20

SHA256
9e0e4be75020157303616e342c0dd6fe771dce5dcb059e8ddcfbd0dae76e6696

SHA512
a6765c060d1025af6f982a513ba1465fd0c154aeaaf4b255b45aee3739adc1310240443545ad3e79e77afbfb98a40f80ef54849d7872b96ed6b127530b63bdc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0e01693ba30ab7a7ec422f38e19a538

SHA1
34d0655ba17fe45a7160bd6dff42d9a0cc4327f7

SHA256
41ec80254ae86088d8cbf3d88cbf6424a49483a726eebb9532d46700558b9a39

SHA512
9661975211c9c792d1d37dc18d8818338a5bce1d4c08f7ce8ad7ada9a00d11e2031ee250b4ee6266e896b356c4413542ed96b838a376b002a6d66a9e6be5779a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
451dc50299533e75ecc75930490421ed

SHA1
ef432292a4eb7ecf3387d3c1905ddbc7a6edc00a

SHA256
41cdafc605cba4a7a68e8ed120c5f8b6580958fb7b1d90e7a11666400ad65009

SHA512
7888b9d800715d283f72e5834c2295b4094dd5a21dfbf221de3855be19c63012bae613c183e39d118ad1a1287f9451eeec907a1693af336daf21c7f22a6c2740

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e43a0e480acedf93ee2b036df11b395c

SHA1
2e03944290d9abac8847d2822eb0a1d25a0d556a

SHA256
17ed3ec07edc6b266176bdf7ffd58f2548faac36952204764489effebee09b08

SHA512
aa52b08cf5d9424d14702cce10c7d6ae5e31e09b90b117ae111a85b4f5c43feff5d6e5b87a9e4709858a5a02d1392dee19abdc82ec34c9f40c3408f338a31b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ffa17304ab8c01aef58c0229ad6528c0

SHA1
c567d739d336b400d2f7ec52a45290036ec01528

SHA256
94de55ade8cfd4a0e77afa2f81dfcf2a2a6a94a14eb66c342c59ed90d940dbf3

SHA512
f3006d552ac4860b2e668f05522e250608aa5c4809df4623f1edc8f8b9daa0e9054452ae58a6cf1d7c03a583a407ab1fd7523414e4b41e55b61cd89d5877fdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30CKIH6M\beacon.min[1].js

Filesize
19KB

MD5
dd1d068fdb5fe90b6c05a5b3940e088c

SHA1
0d96f9df8772633a9df4c81cf323a4ef8998ba59

SHA256
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

SHA512
7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHVZK0FI\jquery.min[1].js

Filesize
1KB

MD5
edb1817a52ae1440612e77a918d5c69f

SHA1
e57767b570f4d80546a978b2340e48d05f242481

SHA256
b1a7624538f9aecafbb205e68de5fa36cddfb8c7421eb8f2bb603daebdfa7490

SHA512
86c9eb6e72b46f0de245612bfcf7c6c6d0b60cb53a50e8bc59c4393665a0f57f4e72f7fbcc66057d5a6ce24f9e0e804b56ab334a06d58f150e09d56ef6901f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar22B2.tmp

Filesize
1KB

MD5
fa527dcd6b5eb05e72fc51570a2a6608

SHA1
3380c5ef74408265fba2f67e790636d0ad0a51cc

SHA256
4dc7a4a6cb3be2c334a27a49df89f18f8f91749fe6aa1cf28d548e0e0c75ce3d

SHA512
05c0e217c433949cab210102a26ca7f6a765515b228b217e25c7409408fc167b5a59a8494e1181284e9ec72849c90288f3a066faa284e29d871097ec76291a5a

Download Submit