5649808e7a05d347661205915c3c48f54d7c8220750c20b6e42ec337e890bc66

Analysis

max time kernel
140s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

423493e4d68219cb654b87e1454b460a.html
Size

91KB
MD5

423493e4d68219cb654b87e1454b460a
SHA1

83a83fa868cc09c6f0c918eded60d70e7f0972bf
SHA256

5649808e7a05d347661205915c3c48f54d7c8220750c20b6e42ec337e890bc66
SHA512

f06b6393facedd023c51133a44d3ce2fe3d381ad32a517bed6f7778db6e7e852c2ddbb0199d5f2b70177daed28f5fd3d7207968262d82428c91240db92422d65
SSDEEP

1536:SUtxeJRPPvELL55YSRh/HNR+EbFUBix0GOPVSfnjIW:5k1Uh/HNlpRlrIW

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6CD4F71-AB59-11EE-971F-6E556AB52A45} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410573183"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2000	iexplore.exe
2000	iexplore.exe
2436	IEXPLORE.EXE
2436	IEXPLORE.EXE
2436	IEXPLORE.EXE
2436	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2436	2000	iexplore.exe	28
PID 2000 wrote to memory of 2436	2000	iexplore.exe	28
PID 2000 wrote to memory of 2436	2000	iexplore.exe	28
PID 2000 wrote to memory of 2436	2000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\423493e4d68219cb654b87e1454b460a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e153d061351a57eb5b1b14e8445d6c2

SHA1
36539d2b51a41781f54ad6c2137c8c21def7b49b

SHA256
d7f471938129b9daaf3f59ec1d971a9f1d5bdf7648b536d3de0079c3012e2cbc

SHA512
e391409663f326d2c0af1c86bb73c3233035fd18c29758f19958571df3f786854bd1e078c48011a0fe36697b73ee72a414611d70f7ef0f2b95966a9ae9f9b416

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1402c3495609b6b2ccd923eaf5c2b320

SHA1
5e365a39b87ea24581132ebdd17930566f6f0a7e

SHA256
cb570348cab48215de7dff6c15375c743c267f1f83126d55db1300c59f5b17af

SHA512
9feb7e97079e79549a9212880b0c40d3363769f0382ff7787386639f916ff8923814de729b1ffe39a36e9faa5d3e3e5fc952d909857d2b0d683776a0656bea73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cca81d96df1a651a1f50c5c3286d1944

SHA1
fc093922f0c6abf7225c086023e4e1cc6beb2cf4

SHA256
abf16e147b64f87f7579dd074a4c6e37855aef2d2fa5db0250db709f1977c24e

SHA512
8cd21c57c72093a871183552775e0d065a2ffbcfbac58451adf088baad98655052575d9ba8dc018810ea4bb2ec98e51e1189399a001f6cdf26daba77452e194a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a45d8b333c771ab9df4206ffafcc8db

SHA1
05575cf3c7195983b434c434beb938f201b9d650

SHA256
0d7bffba026ce18e55dd9c50374ee1038af9bc7c9a647af3bc66bbfa84d96498

SHA512
08bd15bb341e52687cd60b92eae3085728694f899906c049fa357f6aba3cf6e360894d1bdc5b9c7b13e95e47ca9b2dab6d1fceecb1331a456565962786a6b827

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5af137a8060cfec07b5942496def87ed

SHA1
3c8265b06a28f5e1c464e0b140d7ac9569331bc2

SHA256
f3cb48110facdfbb0a7c4697ba133257736d161375444713161bf316597d5c1f

SHA512
72e9eeaa260c40ad0a3eb93ae5a7cbcad4be4d4e2f89b7d3177cdeda9dc3312ab6188d25938946b6bb608ab3e053343e0feafa06fe2fe472cad1c29f9614113c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d53d35b1f925522ae6767bd2e10bd307

SHA1
65c7a11cadf63fcdacd39c4d9f10affdb16b601b

SHA256
ba57d9d70ad1848ef8ee6dec604873d60c0d3aadc3667980514bd08f72d3d3cd

SHA512
3ef0d27c2c568b30e6d67f14c0ee55a0195d4257bd5efef2b4f7d4c67f6ee35698e403cb622c2a5fb16656be8ec09a5a3d3896c12c69f94594b723960d95f643

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39dc582acd5f0d9e70bb9098c75e0941

SHA1
ef2ad281f8bc4e279aba3f8bda612e62db529251

SHA256
181e57907947675656dd6582843872822f149f6188007808925d87efb83df744

SHA512
e060b3ca03b8f84ad60de35ee0e7997526128a0cb3a4df5f12db8d1850918a09fc8590dad28fb6907d1230bc633ae5e6b80a78a02ed275d18ebc5a8d6d1eb39b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
798cfd19da43ff815fcef4f74721cd4c

SHA1
8840db79bf09bd02b49933635b012c6ba4abbafb

SHA256
9bbc9910ae85e7ebd1bcaec11248da283fbfe33182fb2c5526334359b3760d3b

SHA512
0089cfc555b30144910e70d6af4776d671323d8f4b6596b2a1b4e0fcc20abdc90a7b9470db84fc4c56e2c6e951897e6f89218be93731550778c0430c7da798b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99cbcd5ad13c47bd0aa89aab6a081baa

SHA1
7a43e366474c4338a583391de9e7e3a7734b5505

SHA256
41e0fdf99ac335e33982d45eddc739d95718c3c1db84a08c1c53c955ce460331

SHA512
fc10a40bef24d5e55006378cf38989386648e3f760b1d0d07cc481c85c9851bd81fcc1d5a784af590aae387560f32f445d0510e15ec7b523567c8e75811d007c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a5da6e30527c843afcd7402b56b694e

SHA1
ca95de565204ee9d4d615409886514cfaabd8acf

SHA256
0d218a14e867a5d9d2939816114242fbd6db6c308fced7d32b5bba4e6533d7cb

SHA512
885eb5ad4b638666786c648b9aec03b9c5cf131810e751ba78c05e8d6a396e859e038b700f0173ac895e851da5b61d820da0a9951bfad7c4ad41796668fcef1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
490979660d8f7b5a66f3266ccf13c6f0

SHA1
a852acb068434c0a51f57f80a94bcf4b31359a3d

SHA256
0849bb2715e2f504d205507c775f434b69629f6445310d6464eab726fa35012c

SHA512
b37dd8fcf153b462c1b8aed4ac7fa00d216db6f296b43b6e70826035cfc2b38303f57b628e33b1132e724c22bc4a1caea376713258857cd4e299236900ae407e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d28e4bb769c5b02de11d6dc91f88c418

SHA1
c4c32f26e5fa0429c276728e8a6d14a6949a6a22

SHA256
8b07a5c0de94085bfaed2a4f3582d15f3a541787f62c58c45baeb745ede81162

SHA512
900472ca37e592f4b79bf10097892b695d8bf89ae40e6d9cd51810277b72c8e88ba096f1bfdd06448abef2d9ae71816b095d2b38b39baad97fdbfee47edd4eb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ead6d82be48f781d064cfae05766cfea

SHA1
51162ce24890d353a3af5a6b7ee28247d5ecc405

SHA256
c3ef28b156bc816e2299d7586cbe40e11417cb5b33274cad67c95e7b0c838335

SHA512
24ac2e4501be3ca10d94671f42e391993673c0baeddaf4a721bf52197284dded79e11f37675126a36a0bdf28ce302c8833362eea23d0f93162b484e10d4ec091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
088a34dc2a5f0186b6c0a231bb55adac

SHA1
f044e848e405fb375ab37a06cc37bae7b0df1aff

SHA256
40800be5cf512585518940080cb3b0b8d71aab9a5aa133316a6b28c04baa588d

SHA512
2f8b63f967d03479961db17d09ecf1b54d5d0decdebd1bbcbabd64e8122833fb3614a35e1b3550f255f90859b690ca5a6fecfa6cfad208d57a16d9f7d5fa57a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c779b2e03c3b1e8c15239ced6cd98fd

SHA1
ee2162318de3adc59ac7a9e78b105249c75a26df

SHA256
31eac11f61273d7f60b06475cdc7f85a7b3faebce047a468392d75a295bfe40f

SHA512
789bfa8e70f4e825b2ce562ed6e13c99cc59147192aedc57d16d2ed2bc0b949ba1967aa835e95fb6425234adda6ecbee9aa48015ce454e368bfb9d8dcae6f725

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5c7d7b874e4a7994b903977ae60f1e4

SHA1
727452e8ef03300e4f4edbf648b4712e73fd429f

SHA256
1c83701ab05dc05142062d2c3145b43d197ce1d7013cd0a2bf49efcd1b6c9201

SHA512
559bbb56b7b02a994edf3884e618ade3f5b6dd9a9ba7a04999634d919b8cee84262c83cbd73d14076e67ca7804a3aeffb4464fa9a5c0943a66d1fd654d8e6a59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a3c2db5f8490d1e7f9045e7b55fc6f9

SHA1
cbe15352a3548aa117147f811ce3e00a3c31d7d6

SHA256
b8dec921cbe404692c4a4e1c5190cca8950a6ef73c25c0f0411b3e7281e50dbf

SHA512
77fd906c1d77ee6361b6f4626aeb8c7c26b06925c4774714c44a9851193aeb727f6675d87c3b197b4dc6ba9d66edf53c17b722d0054abf28bd982d0f2fa2ca84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6847.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar68D6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit