ee0e7a003a145bb9e478560682b1158795cd78d7e30b094b5745eaa6e0a78fa9

Analysis

max time kernel
165s
max time network
175s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 10:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

437a3bed162e2122f2e5f42c665d91e9.html
Size

125KB
MD5

437a3bed162e2122f2e5f42c665d91e9
SHA1

7c7264c18d4c1cf6266cb732c98cd9fd32b8a00a
SHA256

ee0e7a003a145bb9e478560682b1158795cd78d7e30b094b5745eaa6e0a78fa9
SHA512

2f3f6004d75ed3a323a922bd2c2705610274ad10c5fb070d127014e90a68b603cfdf519c1f1153769349cb3861db4d2fc3c129d1cb6aa54c6cf5b73ab87c839c
SSDEEP

3072:4BmIg5VyG4RFvYQowvpBtDilCrNUEpKmW7Np:QmXj47owvpBt3U

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410613267"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{38BCE361-ABB7-11EE-B930-EAAD54D9E991} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1448	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1448	iexplore.exe
1448	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2680	1448	iexplore.exe	28
PID 1448 wrote to memory of 2680	1448	iexplore.exe	28
PID 1448 wrote to memory of 2680	1448	iexplore.exe	28
PID 1448 wrote to memory of 2680	1448	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\437a3bed162e2122f2e5f42c665d91e9.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1448 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
17b540f513c83e8ca61b59235875f974

SHA1
7256d0340667bf647de8f91646ad32dfe188ab32

SHA256
7040b15512de550910eb66238ea7b1e6ffe00473a9f596d03cc692aadf3e174f

SHA512
334c675f46c36bf1b6751b6946a6e6253b67fd2f6e077f6297b490e869e948982eeca65316636e614092c515e0243bc022d704d43a31796599e5cab8d53eaab2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
6e821e96f1bcf421bb807d0b0e4b875b

SHA1
16c5ac67faa9b11c687a345eb4c0a2292383cf25

SHA256
d59c2d3e0bd63002275a40d58a3a755b626cf917368d3b12113866cbec245144

SHA512
2b5aaba9ba0e3fc6c4d72f5a431c1b377c02dbc9b15e1ed17a7ef26a36a6a2a6cb354452595c9aece465919a2b0d3c4b038763c485e9b47ae40030c1c724ae65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2be70abe69b9b81df2e851d6de3dd0ae

SHA1
ce60c6621e6c3a40b2148d91dba2b28893faf6c2

SHA256
8e5a2ca907594cdbf3ebb480a39ec24c63b729d323f9c2ed8b0fe58667671766

SHA512
9c98fae4ac8749c7b0a151f1a6ff3ae0ddd6b1c4fa6f3d95be29dae2e22a2eb9d2c31c84553bf76c630c10979afe7f18027ffc5c102615ba10e05d1321848cd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81842a4196c9b4b0661ec8d4cd5411c2

SHA1
e06a476ca97e6c8d68e59de9c9af03978dfe7384

SHA256
68be0b8d2619ea7f4943bea7da3708767b5059dfdce68edb5fe8390be8adb21e

SHA512
0dd2a72fda4f0aba57db37c1ab710660df9b7ff3fdb0a5b58dafb076f5ef1e6c25ab935ac3987153263d207259ef75ebf88a58622b867b40972ae3391fb448e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf70a813b3e16b17c20538edd8a260d3

SHA1
4a08fa8c573d24c2204066f47cd40121de114897

SHA256
82e75c354fc92a06ad883df47445e70a6ae45163f160b3220d483cc56ee4e0da

SHA512
b583e7ad0c4f75b453c86f7c7b086164a54ce0678304a54d0c66d98aed42546e42adcf26651627fbb85ccae49357f00d87736aaf37aa676537f234220ecbf434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b600026d64ce487c72aa4fd0865d232f

SHA1
07c4b2b42c19f884ca54dbf53d2e610ac63c6cc4

SHA256
144e6171b0630d273b27ce68c2b2e3973dc15c8b61b0ec17ffe01e8dc3b20b11

SHA512
3dbde32f73127b3ee6e6f356f4c3fc2a073c2ebd18ecf10f4cfa53583d2dbf66760aae9a0ae163b8c612f4bef0f2ab688d059bf5067f70492d92c84a4ef6ba1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
274a78f107d0f6c3cc9613d3e68f9d31

SHA1
22c126ba708962093af989bf1e8ae0cd3d734f22

SHA256
d26be69f96e536fa45b1ef855f0ef9389d2bbcc7cf36171034bf56868c5e3bf7

SHA512
767b6fb70fe8ed5a606b76aff0e88e3dcbd0ce64eb2525c67b790c06f30bd0a5b31e2906a5780dd0a2434cbe7ee0a7a3db8483a202b6ad1444bdc9fd8a93cc2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
152e1f4d03096dcdf8aece853694b5a3

SHA1
cb5db4d234aa9eb265763533fc7e194c4af49fe3

SHA256
069178f9cdc509815f1d2baca38feac47777e9c9807416657df275bb9efe3679

SHA512
18f88a3b1ec6ecf630f54612abb213c525de49e22c7a8a51b8faf00f5e73ad2d4537a7567b7bc3e632a8ca93c3e16e8139fe580000e7cd8e264a6c9172cb7d01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09bb53cef20af208a999d6fac68b9117

SHA1
30666826623e4c656f17d7dc54d3f01e4b197317

SHA256
17a68bc88c4a9719f295a4e29848460c1d3102fa3237ac53a7d0489ae1a3c318

SHA512
699fcf7a22f0a8e4de6142bacaa447488d69ea91fec58040068902f660ca30e116ef23a0488d24fca4f7106c38bf2b793e8f6e87301849dd31037bf184bb1801

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8903116d12557d80283da4bd83db895

SHA1
a698723b5bf1db02055eb0b9e316deec4db17e4f

SHA256
1b40732596ba49a6049ad7db5f2ba4f24c8b5d46d1fbef50414774b3475e1e2e

SHA512
7a64fb2bcea96c7a61344a1f7cb68a1583491412b97d220931720dd478c3ef004533212a80e26b554efe0497bd8d2a1f1974eecc2175847cc4a7e16f06ad7a24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
012733f7717aeb561cd698ab1af1a11b

SHA1
5d81e04d3b7dfd99bdb493e63386141bab3aa727

SHA256
6973b0bdfd0dc67373335b531c11591956ae833b179a19bbd54c82d467a84e23

SHA512
95dac6a35994d0fe9cfb796f05d4725b3610ac740e428971f4e21317a706c540eb0adc793d14adf7d7824d24808ae1ad62589325bdc98a9e0ed579b936510e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\cb=gapi[1].js

Filesize
133KB

MD5
288c5ba5b7001fe841c32f690f62cc93

SHA1
29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

SHA256
c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

SHA512
e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E25VF8N4\3155380561-comment_from_post_iframe[1].js

Filesize
17KB

MD5
7692e0cc3c0aa9909d88db8570f7305e

SHA1
cf280c27697cf00805720988b4a4b06e98eab1fb

SHA256
d9dbc32b89872422aeef9846189b8957544398415d241d9a9e1537328dc67439

SHA512
6faa8a7a8ac3a0632b9c5e7a8cf0e224b5603b59e473b571749f4c3b027f2cd4315711976c0047a12701bc94e79ded76ec11be3c4d15a0552cf7032938bff50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\1461610695-widgets[1].js

Filesize
146KB

MD5
11e3c001c399f4f1a9ccf5286d1aaf62

SHA1
f92ab420033dad6f0e36809c0d8c6dae1ff260d1

SHA256
62edc01eda96c28a282d23e7b925b7116df94be140f3f90e465e0a9eeb10e178

SHA512
8ef73d9fc2805fc1acd0396b496dcffbbf05cdcec59c969afda802662ce42735c65dfd9e14291f71acc3934341940d003249975442d60a967d455dde6ced2f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\204402360-widget_css_bundle[1].css

Filesize
30KB

MD5
123e73e213c43b44b9b248dbfe063dcd

SHA1
766a241b6502e19de002c08ca1fefb413d3fc28f

SHA256
eac64365f691073d4103638d8087cf35fd9e91fb0f5b2f7a219ea2bc39f782b5

SHA512
829a32e2312bcd9edd4d58720a12a9017b005e95ead1e0ba245ce92fc5f9619226dfd986e1aaa6f047b5c4e2cc2c639a02ee7bdde7a85062e02141d217e05dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab485.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4A7.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit