4e8a542a5206d9389e409ddd45089313094b2e6522dd78e0246d2cba0a72cea6

Analysis

max time kernel
20s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43c6107b79e592808d4acbb8f7839c64.html
Size

23KB
MD5

43c6107b79e592808d4acbb8f7839c64
SHA1

536053a632ce8a52d8badc331598d05b2e3f4af4
SHA256

4e8a542a5206d9389e409ddd45089313094b2e6522dd78e0246d2cba0a72cea6
SHA512

dcaeb921c9783708d14f35a444fefec4bd537858f3b709eaba0ae0fcd23fb96feca517ece316506cc093804b53026861db6f01c73f8edafa31e8f6b7a000c914
SSDEEP

384:rnA4ywuSzHpmfyhztvukeKXXTufwIIyhCo+KL24UTpNyOcn8tvG5nTDuU5esT8a:L1gSzTtWkek43fz+Kc7wV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83AAE831-ABCC-11EE-91A2-464D43A133DD} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2524	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2524	iexplore.exe
2524	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2080	2524	iexplore.exe	17
PID 2524 wrote to memory of 2080	2524	iexplore.exe	17
PID 2524 wrote to memory of 2080	2524	iexplore.exe	17
PID 2524 wrote to memory of 2080	2524	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\43c6107b79e592808d4acbb8f7839c64.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ddcea15da3abd1ab6f76d9bfd7cb7d6

SHA1
38b4ae756dd93d71703e87e4b5b3bf528da427f2

SHA256
8e4ce35fa4d9d9c8c6bb7a3d2553045ac9f3dea9cfb3bd877a1f4cab5661c5c9

SHA512
70d30ecd7db758221993e7e685638370b7aadc1d68857a90334b5c21f4285e723e7b057552bd3fd0a73bc762fdfc72df903f4ff94c1fb754a5a748e58dcfd15a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
767dd7f8e9d425acdd5f6ab0ccaa63a8

SHA1
f3df9ec2dc807cf5ffa3737d3273aaca37836093

SHA256
9eae394e65a571cb4bbb7021456dc236b7dc89957ebfb4d866622cde2ec4ca87

SHA512
1799e4a69e6f7b2e28ca913d0aca350aeba8506696b178732c52d6923005f0fec7c2170cb718d86a41fbf8ff00be300ac631db266210f545d836a492574dde45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc696a75dd7024fdba9836049ca742cc

SHA1
43123e552783b5b59adc5297ca555c703cdf3e1b

SHA256
ce4a8377ca954a332b7553baa407290719d46496f31ca3dda45a1aa534f5f7d4

SHA512
635bb8be170745c0eab94d8763496e4aa452d2369141693350134f5ac9c0d9894ca86a4ca7bbff1513a718df6783a5253720cca9f95cd4f0671b0dd91eed31c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad4ef21f2634dd8f4cc7dfaf51296ba6

SHA1
152ca7bc15c07ce4b9218477c6753ea1f292070b

SHA256
2a2eb5ea6eee961efd9c0420999bcbd3ce4c48c4ab6d8c16de10da1bef495e85

SHA512
da0a6cb54ac56191ad02b4e7d910cad315e8910173cb48a19b1d4a36d2f080eeebbbd2cc432f5b92e7287322c4f8e5cea789aee181d1618314a78736948d5b09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4b1968c22faf64660b75c88ad8613e9

SHA1
7102878005dd665b52c949713411015b04b99b26

SHA256
479a7d5141d2d89279cd3c63899458af3058700e73c974768326009f08ffa2a8

SHA512
3e08482448f224a832a743370a1a45fddbad0355587e6aa336010b86efba821c527f8d1736ed8c5f38d03d323545964f66f3359590f5f74efcf36aeab512e053

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae2a2d46e5a7953761a44b774271b959

SHA1
0dca7718702ebf031f0218fe9821bb71283e7672

SHA256
0635472265806823ce2357e1c99e7c3203c5d517c229e4ec78819a6fad173dcd

SHA512
d8f2ff792660f5d6e237baad84f014e2a93d0dce024b0185bd84ae4e401bff42feede44c7ceb9463ef0cf7fd3ed7f379256297f3b04e97a6107cae427731ff61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34cfd3e08244657b60133e620970a138

SHA1
fd810c136e4a7ab9ee507b3776032a3681436417

SHA256
3bcecd734884845fa84d411e5a51631f592019737fbdf60fde00dac12c78892a

SHA512
033150e258ce2a4b39b89e0f935871d52d227d120804ff569e45a0b63d6e7aedf0f456b207e0fb06703201cf6c88953e48fd766b89892856d405f23127ff59b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3d5ebe3de0510b265726e831dcc8f92

SHA1
157a37b68e52fa23e4fe16c7ec590c01fc7f9f0e

SHA256
63ce5ce415e086338b77989dcbdb3ed910592684f18a66748c2ba4aeb92335ce

SHA512
63a040e6a4e9db3b1b21d22efb7c3a4913996335811db660a46ba831474bb086fa4e87399478f1013a1d4cb08a0b592ed2c5a5d7079d51e9ff49fd2ea292d1eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c9c566939313dd571a5294881e2e5af

SHA1
2aaefa6070f6c1e0631a20890317841115a4de40

SHA256
8b4a5b0a851c0152a5b7fec8677f8525c615f31c17e60c8044cafbc2886372cb

SHA512
06873fcf2a7a171bbc75cb2af06256a19453d7ebe88f9d9d9c0257d9218ddec3462cf1da1346a847e7b798ad9fba5b9fa87d64683d461f9c0fb9d633944e6119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4eaeec36d91c92696ff130bebcb7180c

SHA1
76b8bbafb82588e0399dc6ba1eecb26f18fdd245

SHA256
0033e092c19ff129ce6ec46ce605a61566e2a7bfef2ee324bb5e0ff141101a99

SHA512
cfcac87df5bf4d041ab4e958e0af64d8636a75ce6e27a1b4f164888e9cb54cfff954551fb78c477267f47aa8960e17f531d2fcf155c58a4bea6ec630f19baf84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eacfbc29377444de304b55d28b4d74bf

SHA1
66a7f4674beebc8c67e131b6f9d39485acb88b3b

SHA256
43d3aad3141e3e3fd36bfda4c62d7b26caadf942c16377bf0efc2bc96c6837f2

SHA512
8dde671cd84aa414e971ba7bd4b75269afede46df6f3bfbff3c3063211ecef2c368c733ca50b0d2e37eaaa67978491c9719adc7a999dfd613f03ccba1f01d37b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7777bd6511d52b3fd52f569063730b46

SHA1
41a2c1bc406ead04d5fa5b0bdcb316bd7af6847a

SHA256
243cf5aca77a602ef6a5af7f1ed83f9bd6614b33b29610cff16b441aea45cfbf

SHA512
71e03d417a17c42b3ee1ff9896bb3233fd7437915775c8575235548de5386c810f54d542a848c42a5d83f634003e03d690f85e5b6ef28fa198881479c16b0fcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98b006068ca0b3bf5cae62ae7b5be32b

SHA1
775a1cd3706386686f3a38fed5decad06ff4b47e

SHA256
4ab102c1ca1be20e653a18cfb232b0858ebab97f3a9a17ec67a3c3a04a066542

SHA512
62e93c12c0fd01451798ab4a62d0822c308cc3fbefc9b02ed9ee517ba65c246d2648d8e2c450c6cdb8530b408164681c2d5aa8254dbffd7ef8064fd3f257b42e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7280ad9c8352c849ea418ce06192ccd4

SHA1
4e11c953e5934e9297c01186b870d4f6c5ab6fd9

SHA256
af6820b933d90d14116cdc4fffcd1ee35c4695413047cb1459949cf89a0fbac0

SHA512
97126adf7ab22451677f89287c0b4101fc607cfaf1430f24cec75712286dce071aa742b75ab69505b6d9f40368bddd7b7841ef80d52735a9af6f1aa03328bd65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f562befc91bee60a63d9790ae6c11bfa

SHA1
e1ac33c5d1be48d8ffb4536ba64a60a89a0c1491

SHA256
7c7cf30aff6d100035d2db105fe67eb6785bd1cce0537c66ea8db38eb0fe869d

SHA512
9c3aff76631165753972a0917e077ac2ab0c60cb7246d48664d16a7997d2a2c1bac247f7e70acd851c208076327ca73638959c614ea91c8c1c1d71637fa5c63d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33df030d3e6bc07add26f977b46fdf69

SHA1
1ecaa77ed5bb1ffd54481b5aa95add5b9bff0896

SHA256
fabc6671855a7ca0ef1e40f81bb593299d2ff19a4065471c12bcf9d8b32aeb01

SHA512
f89af2d8c86044429df644f68caf396e59eada039d5114f7103748aa31235e057ad2753729b51ef0cdd7f1a6a02bc5c069210aa9c6fae9437d0d2eb8905f7c75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4491.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit