99b9819767cc8fc2813f4d565d6098f04e08cbf2cd94015e58e98e743ce56e13

Analysis

max time kernel
0s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dd2d6f30f733f7da1e59ee46d352b08.html
Size

83KB
MD5

3dd2d6f30f733f7da1e59ee46d352b08
SHA1

1646997a6081236f049cd103454e13d9d065963d
SHA256

99b9819767cc8fc2813f4d565d6098f04e08cbf2cd94015e58e98e743ce56e13
SHA512

8a2f0f59787f43dee4265ae4a809597f79c2fe86928fd7308a4cb9c2307891e8cd88f8eb6489545e595fd2b15a0fc475ef6695be3adf5d200b657d8ae9ff8c11
SSDEEP

1536:vWZy93SIPUQu0NcNtxNSNeNBNYNoNJNbNMqxQ:vWY93SIPo0NcNtxNSNeNBNYNoNJNbNM1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93E91FD1-A8E5-11EE-BF7B-F2B23B8A8DD7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1204	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1204	iexplore.exe
1204	iexplore.exe
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 2688	1204	iexplore.exe	16
PID 1204 wrote to memory of 2688	1204	iexplore.exe	16
PID 1204 wrote to memory of 2688	1204	iexplore.exe	16
PID 1204 wrote to memory of 2688	1204	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3dd2d6f30f733f7da1e59ee46d352b08.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
034ec3b760b9b922d37ec2d86820ebfa

SHA1
70ace12a56aa61e58f53ca2a3de71ff18966278d

SHA256
015e7444eb0fdf2cae85aef5c1d3d1aee98ed7e692c848ea45bfec3a35ccd821

SHA512
1257126cb3ffbe026affeb47918d546df4fd018b1ef53971bfa8ab53c67106d7dbbed03695340c8b5a446fec87ecd100f264966d934a0982586bc45a7c38188a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_2066BB08297F715760972468E8DA4F62

Filesize
471B

MD5
ff46466a72821ec1975c01c4c37c9feb

SHA1
3f06982b8cf0cd7e2d5e720bcc3e8cc4848d3121

SHA256
d4fbffd1c8ce278f7f57793939240075cd2517a922a4a0782482234bd5f8872d

SHA512
729a9cddc9ed25cf686f2f15b8638bbe85bc54b4b2ba55243a05e6d179e25f9668f3f67c50a4d2b78d27477dae692d4edda972c230ee080011b6981c4cf8be63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
1ca1f7d412860ea0dd76c41383e2e48c

SHA1
0b63047913f15f0facf42c32162b32782cc74b98

SHA256
5a546d422d85eb6e62faf68956ebe4b4bd3235aa4082b801c642f24d9b972ba7

SHA512
a6e43f3a9192aff47ee15486a998b9c38b3026c9f25fc1d336ca3a4cac0bbc379acf493c64cc0593e4b8178f16a00172e6c86a043988f8793866d6e6a9f8e996

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
65f735ed97651ea531d93ecf013f9aa6

SHA1
9c072a9de5ee7104ae635d0ebc11a0ed4af79e89

SHA256
a6aff45c857454c76eb4dfd9e5a47d84ee26a780115c8810264b5e7ce9efc84e

SHA512
9064dc3ad313a273e7b16830fc4145592e8be279ccf2607adb570ac42158327140c823ee1dc3e76bbfe0e08c2949d789fc80250dde4c150464a7dd1129b7e70c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20c96c3cb0cd7d27ba0e73498de26c57

SHA1
3c29fd11a43dcef4edd1c195bb38a7d8d9315b29

SHA256
6c3b3acc63bdb7efffba9450cfbfe68086adc9ff60c2e3220f30dfc2ec16d7aa

SHA512
24994ef60399d3ad629c9741adad4fcda3ea257b65d2cd14d9b5f3874049e15b2aabbebdb25cbbaff0902621666d4ad686af4dc885e3eab50fda34e802b4a336

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ad08a3e6fd5d2a7387a4e60b193ecc1

SHA1
18294bc2cd612478fb8467bf5bdfc690de562906

SHA256
9954b904e4734fe1b3359b04c81e860d97bc04332e37d698448016c24300bac6

SHA512
187c6ecc52ff918a5b9d4a0bf2dad1fcad224315536bba189d86dff6015bf8d35fc5b19487e552a3d91ef76a0e98bdafc547ba1b5eb0071ebb305fbb8968bdb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
351fa87c7e23cd1d9dc0fdb1b29aac07

SHA1
bb116d9f73d575541123df4984fc14914addd739

SHA256
eb35aa938427e0ab7f51fbd23164df67760d091de843a3d5f6e6d96ae1ff1dff

SHA512
777c1c2281a2d01c5479d4f52c8e57780b0557ec6a536caaa82cf430f0be1c0e12ad23202383681c6164a1fa3152263bcf7e07d14c6a503c1cd7412a28ea9818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b79a0ff847964f09d4fef95b28a0c6e

SHA1
beefe99763be414f74cc1a1bab84b7bd233e68eb

SHA256
2d62e03de03cd9cd8f4692fb1f3bd5e19501dee48cbc321997cc4fed94a8606d

SHA512
d94a72049c05b06cd89f9448bc4ba1e0ef292fa9c8cc4d0b2ad78ffec41a5ebeb3f55bf3128c58080f0822cf40e3f62803610e9b1c3516800f402911f97c5694

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
d4ec2c6f52f989485620ad8e7a085d6f

SHA1
9397d4476f468e99428e3683dc34e21380d6efa1

SHA256
ef82565d092150a23ef9d686579b7789f0af00e525f99e277c6d67ff3095fe97

SHA512
2fdedb3c6e6b8398e8b5f5e3cf13a3809e9969af71c0f7b32454e1b73ef932be42f40c5cf38231a3fa5d480690d7ca05cf013c985859a2f15d43bf9ceeb09d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9AAB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9AAE.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit