c4d2592853d84b58e5fda21d44ea3ccaf51a8733d44c60882e7fb4ee23e0b743

Analysis

max time kernel
0s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bbffb787af25e47b7644ef97c4c6995.html
Size

56KB
MD5

3bbffb787af25e47b7644ef97c4c6995
SHA1

4c66ea14e81740d041d983171fae3d98130dd85e
SHA256

c4d2592853d84b58e5fda21d44ea3ccaf51a8733d44c60882e7fb4ee23e0b743
SHA512

87da2ea6e104fad92d624b0ec02697db0a56bcb977d466423185553027d17a4727e183fc82a1589bb23cc018031948e5e4e16dd06983474074f0a6f2a1a45f89
SSDEEP

768:zLtpHvvCIoolzb7HOW4R3XhWBwCQvwWA9qRHEnlFtQ:zrHv7oIzbrZ4R3XhWBwCQvwWCMHEnlM

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9E36221-AC3A-11EE-9A90-DECE4B73D784} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1564	iexplore.exe
1564	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 1800	1564	iexplore.exe	16
PID 1564 wrote to memory of 1800	1564	iexplore.exe	16
PID 1564 wrote to memory of 1800	1564	iexplore.exe	16
PID 1564 wrote to memory of 1800	1564	iexplore.exe	16

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1564 CREDAT:275457 /prefetch:2
1⤵
PID:1800

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3bbffb787af25e47b7644ef97c4c6995.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
cf71bc1f570d04fa66959d5eddf8d726

SHA1
3dc800fb785f12609f4e22fde7f3f899f866573b

SHA256
9b52ab10493b9f0c34c01e1971abb27672a45fa25dc471fb3a37663930f4adf0

SHA512
8c491eff16aa64f4dfc59ea99897b5a6c8481c566b5544c2a2fe23f161819cbe003dc3e7080b6a19e870e142168515b118cdf813fb4a7368436f68735a1e046e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1018ea97c053939a94319234ef15827e

SHA1
3b3c0f05305ed7537c8289ab3cc8685bad11d3f6

SHA256
d445dd52eeb70894172ad412639e556b10a4426f194ef9a6696b30d10ff88d52

SHA512
ca6c43347b8302fe0c184753b01869d86e7a9ab1ca31da14172266c45d7115d0c395e2c49951e7847fe19144625538b226fb947609b6eef6e423f39f2a227e82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e680388c472cd748e3d7ea8759e81ed0

SHA1
3965485438edfe4dc602471732619c3017542cf6

SHA256
ebcd50209b2fc4929f8ef831faff9aca21319360014ecfb93e4dad2e155a57cd

SHA512
597f2d90f5635f5462ebbf6621e5e800b25b8e3ad9915461ed23d6d1e050d8d76fadf82a5da12accf1843563cea376963653c0823446ac05f56cfc1c76a15243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6e1ae73fdc5cd1fe19d3878b2353c19

SHA1
9dfbf463a472f8a913535c8f13613748be087b83

SHA256
52c566888274c92ba27c95c53bd7cb48558a698fa56d369682cbe367f5067528

SHA512
c7eef58470baef257fc82ff893873a8acf19742a3b58b69a591e21450b8e8aa29283581c71751ce4a44fd18545155ace648cfede481196579ed62e0a97cd8e51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3777a2a463d96c381f5a8c0c6d6eafd1

SHA1
09157674d6fa55780d6ca6aab020fe8882b04ff6

SHA256
88661d4104f5a7ab3c83660242b7d9eb349bb3cca5c41ff6e7fb0891238bf19e

SHA512
2ff45947d7b6ea49bd7cf8dfe7a64c09a0a5de451184632153dc09920d017c41883de1a29acefa87b26fe8b6fb9343be2eac1b24e29202bcf5fcc9b50f481c2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e0bf667c06f78dce3c17f5e061dea97

SHA1
c3da765d492776847ea9c37a897ef3eeb51bc250

SHA256
cf65e150b4dfdfdf8603e7a40038b82e70b9d239a1ab2271bcbcf44030aee9f6

SHA512
436992720189919e509670a04c76438bf37b8d9d3eb6004df622d871bf8c2dd7c5cf93cd486cd624a8f9f7200ae320ab5c1c60331ebf5bde2f9a84eb2ef35f6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c73d815ea8c95d272f36fcab38e81433

SHA1
ac2be1220063baa262f03f46878013658d01acec

SHA256
f337bc8670a1f3e014ececcbf473e8ff3f90a4d3518cce3940f052c19215240c

SHA512
5883fc4d3d3b03e6ae493a5cf06492ce0948cd94ae22fe0572aced1352c993c3b5192f1c004209eaf72c8ca21f04cb41a52222f3ccc7ac5e2a70ceb2b2553125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fb6cb84fd4cd89a86b6072cc18b1699

SHA1
71216aa6ebd7fc5736f0dbbeef4f7d41ea0364e1

SHA256
4e21bee14565133d628255fc01adaf2d53b8e101b9928a981e68be164a86208d

SHA512
e4512c202712b1b20ab4a005656c14185ff6db42a0fb4d23a813bcba0163264678ba6576ef2554bf9e0edd7859403f6b67bdc7d01f5f5650cbf7ad4ce9bd05e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab5db0e1a722c095b3d6bea0ec23e7a1

SHA1
f46152071fc85155d3a08e1b315afbd8b8b371ee

SHA256
2dad7e3f10e0a1d49db8f16c416ff35e90433ad7d3fcb0c0ac485aa6d2965ba4

SHA512
f714f2fff63f69a937bcae5f156be6985c56272cb1adf9d2f0bfc4f3a38ecfd437ad0b8f10efc758f7ebb29bd0a06e6b88b870b9b62a9131971baac318e51e1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1275b152265421613b1cb96223c41642

SHA1
f24f3cf8a52f2b1f3b227c4edce911020d6a9643

SHA256
a8bc4bbfa997238bcb8544116a4a1f5f361dc627234be552e731900821c4ccc6

SHA512
44fcd35def5fec2f0c49566f37673481e371a4fd54720a18714d379d4cdefa19d8f4dc79bb7bf7166a328185ccad6e9d96893cd730c2ad2c969942864ec34872

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bbc210eb78ea3307be2e4dd46d82c55

SHA1
4f8ed21fe3ff6a50ecb75e57881d436a38f92cfc

SHA256
91ef8e1d492f28287562243063ae6631304005a7fee759748b3ee985a7ed4ba0

SHA512
8ded261c3846ae50f67673d9203e5f1b1bb5eb25352f7b8cdc78d6b51776f3f242346404e1cfdfccb8f9c13c2569f47ae381e3dc9f95cc5bdd32f5d8dfbc1697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\cb=gapi[1].js

Filesize
85KB

MD5
dd64119156799daf589ad0b64c29a12a

SHA1
7304a8d8e363d5d98c173ebee08210c6a2c7a326

SHA256
387a461b8b56f4656f49d012e4949e8d787f6f1e79ded269dd9f6d5639b522c2

SHA512
ed99d1c96d94c1c63f7bdf49e78341a83b16fdcb5de9e9366fa90d6177f631a1fc4a4a028df161d365f669a74facc19b28aebac87ab1db3c26ab09a65ca843e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3F53.tmp

Filesize
4KB

MD5
746d9706f0596f72ec58310b3ef1ed75

SHA1
0035bfdae769aa65debf37646504a2650a30667e

SHA256
3722d734b5963d0ebd1796bcee473aaaf08e7691671316dc93d42f797f92e55a

SHA512
455b92ed34242f83a3d7259b17affbb211d3fe6b2bccf4d624eb07de89788f79010292fc943eb41a2a255ce1cf0f576d260ef38f6e918607bec69dc1cdef1418

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar43E8.tmp

Filesize
136KB

MD5
61b7682e703377c60d2522d8472ec424

SHA1
205fa2191042f4986eb7d2d930d81070f4777a05

SHA256
8068db10134871dd7f3fc5fff4638410a902bad7822622eeb933dd7e70dc80b7

SHA512
16ad4bfa04927d716b9f64938966c803da8599694c2b0304d34cf57fea4eec03004ca60929930879879f012a73ffed89f7c7f181bb2ce9ed0db3988af00b4ec4

Download Submit