eafb2ed697542c22dae2d9d97a926ff654c1a55e91494a1a1ca1cd565e120797

Analysis

max time kernel
2s
max time network
173s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4487615248182e05c40a04eb4de2d562.html
Size

1KB
MD5

4487615248182e05c40a04eb4de2d562
SHA1

728c53b3aef44a8088910d67822906d6a8e39610
SHA256

eafb2ed697542c22dae2d9d97a926ff654c1a55e91494a1a1ca1cd565e120797
SHA512

e76c9fd17d1f00645cfd4b3fdc56853b1e35fd68014694659d2aa294788a496e50c0958131d0e5aabe8dc53fe9dfc590d86bf1ed3e7c26e0dd459a70caa12479

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2D033E31-AC15-11EE-A892-DECE4B73D784} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2128	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2128	iexplore.exe
2128	iexplore.exe
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2360	2128	iexplore.exe	27
PID 2128 wrote to memory of 2360	2128	iexplore.exe	27
PID 2128 wrote to memory of 2360	2128	iexplore.exe	27
PID 2128 wrote to memory of 2360	2128	iexplore.exe	27

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4487615248182e05c40a04eb4de2d562.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c7b7f7c64f31af431824d9d03150b2f

SHA1
dd03d54b3a34fe8c5f7adc535927f1ff452c1794

SHA256
e4b93ae494caa9c35abe6b5d26b68e4a45231c07884a1088fb106cb501f16d0d

SHA512
a78e542b99e6305d0c2be31f711699bc95f97aa906f1b88d40329d5b4dde69c7ce7c3cbd53e09805cc5d928b5d4a26bef142e0c9e3dc9d51eca70652f9528923

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1b7467195ac949d8022a0908b99e0d6

SHA1
1dd28d9aff9e89949f64f5c8bfb342bb632c00c9

SHA256
cbae10ec36477bbe0abe9d1b0349566d09eec30a99544430192e010e5b49375b

SHA512
c13e2e7c59a196f585d5695d5e239538cf0cf1a86bdb7fe80e31af5d9930e27adbbfc149f315997a3da64e1b53e4abb10552095e5ba2506065a5a58f228383ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
954c31482aaa923f8f1ca7a000036703

SHA1
88854b9357e5d6fbee753a0080df4c8fd90a1913

SHA256
fbf2c279b1e1df689f0a3771dea404d4d626ca6172e977188d8fb43fd46699ba

SHA512
8b8fd9e763577678817944c09db240a265278f370f4f34edc31acdb5f7b6a1968019a122a50dd50b2258697b60318bb0ecd7063b6345c433085ff20735714674

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d079acb359413347f8e346d11171b26

SHA1
af31da19c59bdef40fa99c7f3a02f2a6421e33b2

SHA256
a2816645404e2d3722c63172c5648144c64e2238ed19fe1a08badef4834edbf2

SHA512
886525873da14223ffcd21fa5bac486fa8ae266919013e1e8088a7e87e95c80092da72149ab15ae0318ade60701c14a790f344cc929f3e61fb361016708b99ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c4c0563e4280dab7fe98e77f3c1bab9

SHA1
01657ac7781439660ec14d4195c4bb922ac09ed2

SHA256
321370d3b91cf1c43d1eee1958f80accf9af5af1bd4e806d81661a409a4d7820

SHA512
c1f4c201922e2abb22ec675f4a305020a0f692244f8308b6febd292cff2fa4b17d771652b41006a0fbbade9a2af06399e9778dbe2fcbd000fc66f8250b34b555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13c87dcf089c47ad637736a88022486d

SHA1
f04c5d0dcd4e8994fab0344723569cc139e8aa3a

SHA256
e44dbc6c7f9b9b29be0335d1eed309ae080a5d191fe33cf92d77c32d6db7d54e

SHA512
cd56f76fea8d03026e78bfc2e39b7dff90edc19ca4982c4012a7d9ea8e1fab0993fdfbf063313ffd35271d038e96e74437086aed0ae3efc8839efe747d523f37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ca91a30d72201049ba5df367732e059

SHA1
280a350718d67031988aeb7063f580ae46f86a98

SHA256
57143e2eeb4ff5565df6ebd821c33f3b3f90b1459a7ffe85f3cbe4e260109207

SHA512
67f966fbd7e03536271e909a35ef29990b50721b046811326b7cfb6ac21c768dfc06e115c22e68bb9577eaf6f257747b4e5711ce9a7bb6f1e6d46beaf33a5c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d91e01ce7dcf5567fe6b109cc51a44bf

SHA1
07d4eaa3d986f3875cff183e26a173e8cc039f29

SHA256
df88ee7690d4dd3a6ddf4fc45955ad391f5a43de160569a31c6e64a3f5ab4eda

SHA512
e074a2ed017aa3b9dabce4fd84965a60d798ca00b0e63d69a65a38f8345257c029ac18e1ce97e1b870ec9ac8472b126612765f0983f3c1e6bee60c91b145b0d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
431d8ee8915e9655ec2f26ff6dcfc613

SHA1
523e6847af5a33a631da1caca72d8848f9d6b99a

SHA256
d3ae7c7603539a0f8de72d329a1024b8eb7da3dfec96ba89f112a68d01493ed6

SHA512
b89b375c412746b2167682ddf9e6d75f1efd63cf65a774847b74c06bdfad0a18f0391389449aa62e4eb08ee26851a5163de830bc3577b9874ee61b3000a8c345

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30d9664323922df982b862eba8a4decd

SHA1
784f8d4205007f4342ac0206712eb68eaf088c89

SHA256
893ddaeb67db8cbb4ae026b3e587fd1d97470212e26e93c640c3d93106a12b13

SHA512
e78d7b91bdd89def277c623170cac7333d48cb8808fc9e0faae69888a24e72130cf9cec8737ba4ebc2f784e3534d4360aabd7dbdf9ee4395ccc650a35af096cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eeed90808a1104199bc7c64c3da284c

SHA1
05580168fa17ca1478157fa4535caa7717a017ef

SHA256
c4762dcce0f500a47b22b7d67cdf273ef12f68a068a9b29ad5992bea3473e532

SHA512
946d31f21fc4b2bf2dab39d95e82216eb99ee5e352397fbe9b8c3eca2e7f5826a4635b8c0f6d82b0ec6ab8f2ff027de559d22747fd293f1d5f314cb16945770b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab60B8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar656D.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit