5255a06020e5ec19cca0040afb107d1ea8638f682911580cbf0d544d64c0da00

Analysis

max time kernel
0s
max time network
142s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 04:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3bdb905c4261edb4747cd49b2b01ff34.html
Size

197KB
MD5

3bdb905c4261edb4747cd49b2b01ff34
SHA1

597aeb9c1df1b16fc04323688f75f3a1fad9a0e3
SHA256

5255a06020e5ec19cca0040afb107d1ea8638f682911580cbf0d544d64c0da00
SHA512

0727cef1ece136cca26a96de029ef34eec1f71f9e4bf6ae5c0df035745936a88586e143936b994f4029bb8708e927b07da52e16357e4ba2b92fc61fd4365a0fa
SSDEEP

3072:p3KxpCjy4IkLvUsXIy4HhzvUBrYyht8aNUVBAqPRgwyIPKXsQ:paHH9Yt8aNKJvy

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A393E01-AC3D-11EE-BDEB-D6E40795ECBF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2876	2188	iexplore.exe	17
PID 2188 wrote to memory of 2876	2188	iexplore.exe	17
PID 2188 wrote to memory of 2876	2188	iexplore.exe	17
PID 2188 wrote to memory of 2876	2188	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3bdb905c4261edb4747cd49b2b01ff34.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
31KB

MD5
c9b4c66ea5324a7ce8f74d4294d65b81

SHA1
455df0a605c0a54a4c45be694e7f78330c36b1f4

SHA256
8b6aee499a9072b1425ddbf1dac4d1a4f937eb09394f468edd01da084b4a3295

SHA512
9cdc9b5ed85296223646ebcac69b13db41fcb84bf893b97c723c9be06c2b18ed72ffefe73e08cb986c390a31bbd361de2db3e26e55df9e96e415337be65f7b92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
36KB

MD5
fa7fc35aa3cb5a885fd9cf4ed4564065

SHA1
4163522e76b879f028d74935ea1d0ac4da4cb25c

SHA256
a0484611b6483e9e13ee9c83afd01d8676862f558106429835292d3cb96ac10f

SHA512
1bc865d22fbb8a403859cf749507e6716ee4fd3d662a51e31ced6447d4c83a5007ad51449a99c66243dfea9933167ee1275e695f48b55d579a30a929ca2a34fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b563e1e93c5a902769b9398c49767577

SHA1
4347db550b76a93511c8c43ac759233ab2b58b99

SHA256
879bae3d8d3d3d4af29615e79006ffb7f4b34425b526e2b3c85f56d816deca23

SHA512
9880718ac15c22d90d231d662163d8177324cbe209936537c6f7ddddacd1b479da524de45bba6a042fd0f0127a09be258e4407d4aae3ad3c20eeb1487d63df7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
349c97a0de76be087b220d17685e0dd0

SHA1
43179c618f8d09a5cc7246406c1b25f1f84f28c6

SHA256
0a6908a76e52c2da7f2ad3850157dfee16457743c6ca20c6c242fa82549f960f

SHA512
b73d88944742bf9e3183f0264ae9e02b3dd20049a551c65b10affbc7b663fb5f51ea9ff85e21c1250b7f1beb38cce8f878cfc5ff7c7856c7c10958e981219c8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04418172f3707b85fb24bb4b589300cc

SHA1
6f27cf672ff2a6a49f51786f4bcf9f49af088893

SHA256
4a254e3695414e4641f44472c76ed7bbc7bbbf20b7e6d83d33966d1ad0ed3212

SHA512
8a0a9669d0a836d9c37b40816b11d5967c21c54a8540ec8466c00569b100dc7ce17eaaefe14773adac9d66a866410c1db2af2e8d9b7bbe72b3fb990834957930

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12f7d52d73a027fe535f0e7b35c896e5

SHA1
c4a74a894fb40e0611e76249fddabf02ef126d9c

SHA256
d57ad697fb211a1d3e1747765a2d01e535ec9ae9f3ff8f599d9a31e2010f6495

SHA512
0313662805879cb0ba53ffe15b46219e3ef5a124f040c6859c0dd19d41a7f5da6fa1498b984250a0cc711fb215e6e133c597c6c073c5fd236266d9aec7b61a51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dbca3a36f4ce833ea8f2ae257911641

SHA1
972e46d9565618b99ec67ee344960a6fde11d974

SHA256
1dae5de0c8300edaa560767df32596034c7712030573e75b7162aabd500c9f86

SHA512
8c0c4ca18075f920385052cdab2d1e0775a382516035ace29d87be2d3e015f2375c60d12f8817e03b5c55d6fe560a35a422f23d11ceab205df8a52877592ce44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe5b5142d4e2506b5e4f3a65a78847e3

SHA1
61020f5f7d815f6f400832a7d905b665272c34be

SHA256
ae495dce2f4ac6649daf2d82192da188803314163162f7fbe768adbed814bbc2

SHA512
c25d9dcf5b72041dcc0a4ecb7ecab91101d0499e8abb7e1dbaedf18e965d9f91c110dd3341d693e41bfb67711554f755912b6af6964f0c443194d407e0ac5abc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f30b187836720789515ddb744b56e89

SHA1
1d43def23a96eb14f298896b24df3c7f97a08c2c

SHA256
48e9cc5aaaa74e329111d8ae4147495d6b993751e37d3ac4611d3519903350f1

SHA512
42d1ec783d094b7048faeefc00d99512aae7fdb6ef2b9c36beb5d03a25ff49e1bec056383d27acc53c2acb820d49be3eb5b17aa82249c284b14b50aab5a8d50d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d9d9d175c0e2c9fa49c4632c52d75c4

SHA1
609199b6c96ec32aed7c1fc4e4d72a45279ba220

SHA256
357f289608c244dd517ae12d282b9c8c86197835c0e9a7581fc2fe021b49a826

SHA512
3f451c5e764e9ec8284079461c8eb84c063d4f28f50b7a9e8af710dd7d5b4e84f6dd9ea77dd5686688a7968219e44d47ecb6101b6248ba8b0d16d5ebb2022227

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c74dc6916c3d4c96d66052e2fa6d483

SHA1
e3b2fea7b91c080fe54c813a503562cadf218cbd

SHA256
a9ea7d8ef2f355df402458ea6a699f5b65d6dfdacc3d0994bd9ee03afb83382b

SHA512
54e798f946139a8f645463b41f365cec70717147fdfed77d657e43634d1ebd006989cef6e6047a151492c170a092a6fae9b45d29678a30af22c0b6f843612ce2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5165a93dad759567c6cc463959155c1d

SHA1
13264c27f57aca8d20915ee205920f7c5dc753eb

SHA256
52cabb7ce8bbc9c10b650cbc0379698c35f0bb149b07f85c9d2612f5f988628a

SHA512
49646e2a8a1a063a1eca494f2ba8e3cbf1030c6cf0f1f5419c27b8027383aa24e2ac0e65c3e765ca60904cfb99285bd8b6eebbe31e2126944e2d898589238be3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aaad45946340e8a6c4dba598a764acd2

SHA1
51867ce0d61b4e08dd19384c9b8181520b785615

SHA256
85849791d98977f02ea273d4ec5e73c89cf42977bf854e484c8a0b6e1c1d9ab6

SHA512
454cbe1e197150267bae3a7bc534a910dcb393c79d8d0a822146f32b5dd5fba06a1293486aab84ae83fbad165960b646fa51c06efa4d0e7ae7af144bcaba5169

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
35aeaf58a83eb667d6b9870b5c21f767

SHA1
69adaa325b235faf8d12e8f2b7df50f967015ef2

SHA256
2b74280ed1cb3cb74f9695a1d23e0f9c2997d81aaa013d7dd82c18f0b441a33a

SHA512
7ed8e5b26cc17d1957762cd316c065f1a3a372a69d0e04e549b97cf52a7971501c44735cacb24273d97ad3e416da7372235759cd6b0b253a6f9c2c31c185c7b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F79QQ5W4\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H60SXCYS\dnserrordiagoff[1]

Filesize
1KB

MD5
47f581b112d58eda23ea8b2e08cf0ff0

SHA1
6ec1df5eaec1439573aef0fb96dabfc953305e5b

SHA256
b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

SHA512
187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H60SXCYS\platform_gapi.iframes.style.common[1].js

Filesize
19KB

MD5
95b970463bba61838c9163dc4a5e7980

SHA1
75234c96cf7f9e7c64c65fc2ffd34e2870049909

SHA256
1a3ec196cb819a20a2bdafd63743e509fb6ca36978a3404f700cef6188d539ad

SHA512
abf321b65fbb060f2296a9c6743ff41684da5b172f52b814723acd48d47fffadf6cb844e4b71e4c59de7cbe60b828c0f56e50e6161fc660238f5b8e1ac3f750e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIFF7S6A\55013136-widget_css_bundle[1].css

Filesize
21KB

MD5
f484a56a45333f2e0b46dcb55ab9730d

SHA1
764fb760079be24fbd27bb2f14a0c4e17159e348

SHA256
6f1f69ce390ffa525b768ab202ac5c8c66991859ac4c9095d600f738c03b5685

SHA512
2e95c9673dc1281d43f55caf78dfc78f3ab64e16c0e3755ef186cac393582bfcd039c59394ca5c51c859533b1c6170a113a63c8b420ef127cf1438ad4de3ea0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIFF7S6A\cb=gapi[2].js

Filesize
25KB

MD5
3017923be76d8b978ead5ee0aa057ff2

SHA1
ba645b62053ab8bb4ab756b82f719ce97aaa1d51

SHA256
4ca5802fd25c9176bf5ab599b4946e26a5f3288e5d7e4353cfcfbbdc158ea507

SHA512
4ee663dfdf460a4b6cc43776827d3efbb573d9a0fe4b056a7a89c28ec81cb75bf1c1178729faf6ee39469a86f08242c6309e54e45f2cceee4c572fdd3b9bd26b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIFF7S6A\httpErrorPagesScripts[1]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1193.tmp

Filesize
84KB

MD5
ea840039679fde46354b3213811a36de

SHA1
435cd5a43866447054142cc1e14ff27b070f746f

SHA256
1e27314f0236e397f8cd04acd67ff6e317b6a68cba5c0b16ac048ca8a24e4184

SHA512
13fcd46afdb2995827a17259618b1e058ee2f2350e0bebec0820acdf6847a425def5d909b243eb5ba8180082544c82efccd8e38a6fe17abb51b963531f0b1453

Download Submit