db66a97fc33b52a163483493c359c0f31428ed866727cc7ffe11aab9a4c6647e

Analysis

max time kernel
0s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 04:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42c5dc4a9521064b0b50a17501df14a2.html
Size

3.5MB
MD5

42c5dc4a9521064b0b50a17501df14a2
SHA1

66f4d719f90b9e4dbdff37495645186ab67c785b
SHA256

db66a97fc33b52a163483493c359c0f31428ed866727cc7ffe11aab9a4c6647e
SHA512

f1ee753f0bd161d242d21c784afb5fcdee2bf056d69670ca904ab297ec180bc6da394fa99a3b40ce6d8780471c2b771372130d6332e41534b0ce45fcbddb0182
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NNO:jvpjte4tT6DO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B036261-AB84-11EE-A586-F2B23B8A8DD7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2264	iexplore.exe
2264	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 1952	2264	iexplore.exe	15
PID 2264 wrote to memory of 1952	2264	iexplore.exe	15
PID 2264 wrote to memory of 1952	2264	iexplore.exe	15
PID 2264 wrote to memory of 1952	2264	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\42c5dc4a9521064b0b50a17501df14a2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2
  2⤵
  PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ba4f1e41f2cc0c97b08d03b4bf5d796

SHA1
03bc2946a78ec816f9d5cbc09c7c3f682e287a36

SHA256
cb652a4d27aa2fa41ebfd19a495b06a0b4a12a17ed7202192136341c664b89c3

SHA512
f06de02701f46d8fa9857c1d113572badcd1f348d643834457b2f9490af1d1db96762345bcce3eec30cf57df0d1f09dc05aabb0cddadcddf8f87155378a02ba9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3584d00a3b36eb6223c8e562a058289c

SHA1
144f57dee07ab3dcbdcc2ddf5df93a202f18be24

SHA256
7369eaf62d249c18cb82764efed71bf922ddabb032f41c70f066671a4ad1df0a

SHA512
bf005e8085d297764fed2baccb9e0422d779708dc8e95f23a7ab7cc6e4916a328af97ab409827687020b5b9b15e77f268bc44848e0ff70ca6919a691919cbf8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db7cead86aa91076ff329355df9d2458

SHA1
dd217c2b8bc4df08871d5230a5b55cb8df767f85

SHA256
b2a8a30155e1a4501910c756204e745b314e588715cd8747400699fc9d760546

SHA512
fbde7dd041b22f5334aa64a69ffc1e8a882334585253777db33876c5c531d81c64f99aec3758abcd43330638564068374aa85aeaa80a9c53120386f20ff656df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
065a5fc87ebafe347a5d7e9ccb52cd9c

SHA1
fbc85afbeab16eb60d0f614de0143fac0a6a8e0a

SHA256
a6505cae8c585e8f7f413a0c4bf3fa2a7b3b5a6830c78ffa9cdb20dab9743bdd

SHA512
66bb9ec71ceb0cf5c220faa812a3d576694e5d512e8e84912420855e1e27400b96482a6cbd300dc4416f7d68d226e60d505cabd43268714bd4e9c7083c712de4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea9b161bf1d5045a0445e78587f0710b

SHA1
867bddda699b934dd4c7601f7a4b3c6c42943bb4

SHA256
c87684c9432dee40e90b2efd6b3dc7055703075fad9cfb37b7eb7509946de6cc

SHA512
577775a0c3ecf15649b2fa7ea050c9235356ffe105e424a881f449f562ff2137cf5aa62ca3a21a7da38c2166b69d8bb1d7c2efa700fc60d1a22eb943c5281067

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffdaeaa791351bd847d2ec7719c0d49f

SHA1
7449e3d2e7556f07cb5902ab85791ea5beecc0c4

SHA256
3e3f16c8668630821df1fc189593e5f67375cda11cda2ee8035f50aeac9b3b56

SHA512
d27ac637fe273dc86a33031ea390505116a1db579a09863330ff17a8d98a708b0b3d4c43c97fa8e800bf6fc070511356c8b61672b21b4f2fab7c7b1d2c27ce68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecbb7240b7cd9f904dc6124a786dfe97

SHA1
84decf9b74553139145d6931e9167c34ddd8a827

SHA256
bbf527b6fbcd6336aed749d923274a0c89fcee788bf1fc81c4b8f02aed29774b

SHA512
c1749002f80b4461a8825834dc2c715d14c10ce9968d849e95d64df931a54ec95277763500497009487e13a68234953842bd5c021d9c186c03c1f5f5078b5144

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99b21afda72f98c08b3772ba57ba3ecc

SHA1
cb3bef297e9faefadb5fc64614650f32aa1e97e9

SHA256
8079df844962ace187b8b82df2faf58b9ac84df310f031b5d14e2a313a583a7f

SHA512
7302c35b822369bd1456d361623c2ee3dbc6f84dd37286b54d5ccbab7de5325ebbbaad7cb9478a110286bcc18eb92fa8c523e83e3652e814cd0e60b97735c1de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a13a1b1e4563a512c3c89edc07e547a

SHA1
469abcfd86bce992263fe0e2e59e407f016f20d9

SHA256
a44049f6f56f7d2ade0b7a08b0272fa8198f5f78f423d2c2e03190e29b40d8cb

SHA512
50249ef0f54ba813f54f593c6ce2fd0264444d626522eea73d554232aa49d0a26f45bfb493a85d454dc5722e51e4e6ad41f6a5fccc7a71c5fd3083cafcedc28d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6453d79303e5d9bd63dee50acd9dd69

SHA1
2109ffeebe4655096ca4b18a3c3895296ebd277a

SHA256
0cb5a1b7a5a07578496d9d0360cbed64559fed542e1aa0ce700e39321f6db044

SHA512
bbb5d434f40dd21457da839a5d5071216b0b5dd9bc284fa3acfda0825796680587ca7fb13f87f671f70302191860d64f3ef7858f8ef2e792a7e7351abe6fad39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8ef5d9dd0d4fd314f25fab2db4cfbfa

SHA1
773274a8b6b81ec5bffd2b0caa9d866ad8d21006

SHA256
9c56b62b30508ecc3b65f6ffd2420f69ad6a1eebdbbbf182501838c26d9a159e

SHA512
a397c8faf7662650faa26d9301b4f9ecb863f1e025e64aa54198451767665401440d94f094f121055f9f7f5db2b37cea3ea9e273ab929989c0fa5e8a30e6afb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab9964471ed36fd451c38ed1ebd0f38f

SHA1
a2c72e2c862e08e5a74c5fe735f68ebe3ce22601

SHA256
469fcfeb0adb900f339787f78af3bfee11116902d927075755c3ed86d6556ca9

SHA512
5bb9946ba123bffba8b3e85bd367e00aa1f750f79932aca6ac361e02dbb6cc528f32ffcf49ebea3fca65d9f06a96d9fb3bc7bf44ace3559d626f716f41cfb47c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f09363852e6d3da7c15d0e5e646d6428

SHA1
097f6240e7a22e519ad31b5a3ff880e3f0d4a0cf

SHA256
c089ae6c5e75c8b9f241180fddf73c00be2c914818f30070aec69787f0a53172

SHA512
489af8c409068cddae813c95c0b37a6928874e60184558fded178a956dff11876a16208f55e116081756fadbbbfe703ac7c7c4b21a6af42f9049b2944785349e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56e0fe8f044127df16416b01303c7987

SHA1
612b9946d77ffe0f5e5397808c0cc1890fbddacc

SHA256
5886fe234efd8b7047eac51e0e7a09cf621fa4eeab747c998a1eb91b5fb6bc7b

SHA512
71200455102b64788e73a61c6b62e146d463c68576ab53a41a51152dcfcb32dabdf834e75c1a900343dc3284665b5af4146a59d3bc039d194a82099f54371701

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5daa8de922f6b0b60711ac80b11b81ef

SHA1
cbd24493bafe6941841541afb6a2d9778ece0c96

SHA256
189c47dc9addef34a5c176daaf4efaec46782e5d77f7fc2ca30a576bcc5fa9a3

SHA512
c956161e947643416fae1a89350f45282c83d7e8ebd807d2a94e93177c306cf46deb6a4ae6d09ed5e3f90edb2250b233464ebe26d1d74e6c3c8284a878239f28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bb782b7da09caa30d4d37b1e90ceb53

SHA1
7fa172d18a91df57af019269a566063de503a12a

SHA256
68b29391cb408cdb9127295115846b0fe9840cc5c1c61cae3c4a2679072f2ae4

SHA512
d6d93dd26fd9ecb6708dcf63a45970a60bce63c57cf745e9d8fc150f7ea251a80c65b6fbc15073fdead01280f02f73eef5bd37b23806114e41ad8c58e9456cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a44f36a32096f83d226fc8be6c4fa57

SHA1
8ad1734bd7f65665815d33916f55f94022212309

SHA256
17ee2af228ad2cb854f35e6181554d1ef7e9fc2d1d0c33524645e788c22cf4b3

SHA512
7595b737db86432cd1e79771cce1aaf0ecf132ab2ec9f67f12f4527bce03d69a7e47fbc74664054413dd8e3df3d6ea4cbe909e9c297f7cfd04717296ad3bde91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
322903b002de96c2869597ccf06b859e

SHA1
20cc78304edc98466c1f99c224645f954cad7af9

SHA256
5a94d0a8a996b35790cf37f66897f00d961fc976d6a24ae5d013248ba4c68d21

SHA512
ca3b6c073d34b35520d3efba44d41e6078c6d8f80798faf528021b0d3bb3e678692f678f020be3d19c56ad441a2892c2320033e89ba1ad999eef9995bf11bb64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c2e0b6c6e6febb94823aa8adbfa18c8

SHA1
51b877bfd01dba3d8de3683a7f91c3afd0114b85

SHA256
fa730f1eea43f52316bf9bd70305e1ecb5e7bde61873ffd1d60df311e4fb4dfa

SHA512
673967d77f63fd4a5764baae5b5fd1ac206334aeb63a1d32f39179af903a3f5621b0257bbe1c30a3aee6299e67b62786ef42b3359d69660cee789b7307d1ac55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8df2c34037a8b396ce4c97b4f86402e2

SHA1
a4ad0b1d86ea4fdc6b5353088eea38bf767dfc89

SHA256
946b83c77d77b4e0c2b71252d86e8813d67b3da81ad5207b00e149f050953d0e

SHA512
a6910d0cf88707074fcf49d4b1fe5173779c332260c446d421c65ae224f2c350b78bf08991e1e8309c1db735834e31804be538fe9a8b1d15f546e0edc6411f96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a9bcaab890e3c17953c58eaa4c4e7b3

SHA1
220363be9eba4334cb3f23c7d5abdebcebf1325a

SHA256
7520604fd207d1152c5c783f2e86490464bba03ec039e499e4ebaa164700edd1

SHA512
fac78a4116f6081c4aa3678576ac188d12134d2f777b1e1a57c98d3dd574fb07ba3cbe9753aca764cd6af4e25f4418eb727c9189953dbe06a0f022db1daac46e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af78408bfea3dd399caf584ca4eca7bc

SHA1
7bbad6a2c652d63813e7526325221ba6ba67b379

SHA256
428ed90ca91f9c411ec6ce7a38ac4e4676ca690a96353febcbd3b47a4edf3a76

SHA512
e19a0da33e8cc21bb78266e75bb6d3f214b6af8684e6c2261a4b822197a51f0c4827b6e5b255b3b72c0e100368153709beae0ad9d9afbf249e19fcfc09f23f28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1864de01c3f3092243717bbb9b2d9bb

SHA1
84fe28a31dc8a1db41c09d9acbfb09bf2d28887d

SHA256
3829a8424a6fd7fef787601e71de15717852bf67ebc7549dbbebf2723796777c

SHA512
d02ec2aad63445db530add7c3fd1edee150cabaab242501f8ebd06923ee37944d45cd2217b98e7b50f2903f46087c44ab92e254051311cb76354ea9fc9336ca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcbea7fdf1b5498ac97c2cc0b5cc78a9

SHA1
3cd8892d1c6da5f6ec14abd75d758eb4d7d1644d

SHA256
712d4e63e1c169cc87bf886b8f6a16fc26a6a667827a457084c2648143b0c1dc

SHA512
1b427d16b06a650aa051aecc9cec2daf46e5674ec5006fd1b8c165d136385c268498b0c0d5913a1e843e24cc0f11f5e866cc703f960cddcfeef32a6c46cbb07f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c189a5f964980205a9bbefc7fd569739

SHA1
de6c069f55d51c00ad01a9c434630973a8441b1a

SHA256
830b5d2992c93419285a27e22e480732ae171c72d180bfcf06f87dbd3ad31ec2

SHA512
04832ae7474be3c1d06e7b65d34a573220b5833c9c5bc59da1949a578ff6b21b8b94ebf1a7dff2c79af9be1b7cc5a523fdf6984c54f491c6112a1d19468f5509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\jquery.min[1].js

Filesize
1KB

MD5
edb1817a52ae1440612e77a918d5c69f

SHA1
e57767b570f4d80546a978b2340e48d05f242481

SHA256
b1a7624538f9aecafbb205e68de5fa36cddfb8c7421eb8f2bb603daebdfa7490

SHA512
86c9eb6e72b46f0de245612bfcf7c6c6d0b60cb53a50e8bc59c4393665a0f57f4e72f7fbcc66057d5a6ce24f9e0e804b56ab334a06d58f150e09d56ef6901f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\beacon.min[1].js

Filesize
19KB

MD5
dd1d068fdb5fe90b6c05a5b3940e088c

SHA1
0d96f9df8772633a9df4c81cf323a4ef8998ba59

SHA256
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

SHA512
7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2725.tmp

Filesize
1KB

MD5
fa527dcd6b5eb05e72fc51570a2a6608

SHA1
3380c5ef74408265fba2f67e790636d0ad0a51cc

SHA256
4dc7a4a6cb3be2c334a27a49df89f18f8f91749fe6aa1cf28d548e0e0c75ce3d

SHA512
05c0e217c433949cab210102a26ca7f6a765515b228b217e25c7409408fc167b5a59a8494e1181284e9ec72849c90288f3a066faa284e29d871097ec76291a5a

Download Submit