8c54561ecc5cc3ebeaeba900b5216369b4c01a23ffc1a40faed848de59cbb8db

Analysis

max time kernel
20s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4775c87649ac9d9cbd1e65e38e443c9f.html
Size

21KB
MD5

4775c87649ac9d9cbd1e65e38e443c9f
SHA1

1b08f5c3390993b396a982bde8cfda4186465bf1
SHA256

8c54561ecc5cc3ebeaeba900b5216369b4c01a23ffc1a40faed848de59cbb8db
SHA512

ded3bcacd83139c620146f701eab216603e419b5f1a50eb1c0bbed9bb91b55e3b835604cea03fc94823776cee4319175456a31fb13e56f453e997fee0751bcc6
SSDEEP

192:qieiGe9cJtO1lvsAGlLa9j/EmbittaUJTKo3LjOoW4BjFBMEb5JQSBqiPtR:qieiGeGJtyJ8Uitt/jxW4BjnJQmR

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{908EB921-ACEC-11EE-B5B4-DED0D00124D2} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2072	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2072	iexplore.exe
2072	iexplore.exe
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2864	2072	iexplore.exe	28
PID 2072 wrote to memory of 2864	2072	iexplore.exe	28
PID 2072 wrote to memory of 2864	2072	iexplore.exe	28
PID 2072 wrote to memory of 2864	2072	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4775c87649ac9d9cbd1e65e38e443c9f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea843c4537acf074928f99b553368531

SHA1
e5db93ceb34ef2e139bf2415e070eec3a16ab4fc

SHA256
1262046a6cb6437de009234a7b1347455c285c546e3c6e77ebc3c2ab3e5bc848

SHA512
806ab168d86e3cf3dfa901d1f99eef094814ea76a0997dc98408d06d5466835441c5de4e4d5cb21f3da8b8aa3219ac7e6259244899c611adb1d3080176de2907

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e0f0cbdb0ff628681e1dd5ee22e3288

SHA1
439bdb50d5ee223800bfe227026e50268394d5c6

SHA256
5e70322459e105fa22c961d31a710e6073610e8b18bb2defaf9083e8c1749660

SHA512
2acaba45151fa2b1ba6bd7bba0d0bde7c80bf28daac48b011fbbc80f47bd7f2bded5bdf98ed69687a2908c163ae095f98de9b79b3fb4edb8de7f976ba8750745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d94f1a5421172588eb898e7c22fdd0c

SHA1
a402547a072e48f17f32ca7bb79b08400b265aef

SHA256
d83024220da70cb286e8e70628e6fcafa338232269ca90583c48c8a7a4498a20

SHA512
c648ece267fc1d1dd0c6a853e24beba9ffdadf1cd154c9eaa65c61061e1c41f8ed49a9b86b094064ec80740b7bcf1d6158b81aaf0585231763745b955ca42795

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49e0500c8a08a8674207c2e826fb641b

SHA1
ce38f8d3f2ae336ce4ee57e9052fc242c674c7c2

SHA256
4f6c4775a36c034c06e191d96c2e4a24b8204aadb572ae521ca2a78e3a99860a

SHA512
f0ffbfbb7f0e47ff28459ed41158eb2a5607d5c0a53466fed2f0ce0537f248155628c26a1dfde33fca7f253766d6bf93a21d31f93b007960ebdb139b3903f3c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
608432cfda4ea4c0b15de373df11f3dc

SHA1
58e13bd4ccab55712fb732de2c6a96a1444a0d53

SHA256
765205c9c8cef97037c0f7c6d967eb1f5e8581c6871278cb8d4a493e9f7b1ef1

SHA512
5b95fb42ddd4a4f9b964fdf46f8f00ca5d8ee247a9b41c6cc3dccc06c019713957cba4baed078fb30dade476612d766d0a725dd2508da4f920973e60ee57923a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7c14efb8bada79dfd6739de0cc6e87a

SHA1
8d5885d3914d23ebc636660e791d0147d6c9496e

SHA256
cf30ac75dcbd219c9930c96f1b4eb8e0d88d6449c8414e543c66ad6615e17be4

SHA512
659af51772cea0d31e1e9ae15c826f925d7bfcf25a6c5c26a449978eae3a36cdf774a3666d8ad1ae240f2d92db0b068b36fbd09e5459e59326c8ba8816bb2cf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58e53ed227601040d179b3080e8c407f

SHA1
8a0e8b9db2cacda70cd466b409995cabe926d3e4

SHA256
9a394f79aa25ea04c91fa189006ac8c9cc972c9fb0a8cd1a58474a56b13d5c1e

SHA512
d658813040c6aaba4ef6d2321809f2cbca8edcc9d87d8720c94118420ab825c082589c6d8f2ce08d6262295e7e26132406c78603e7f34db5eb46aa80e0545728

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63e2355cdf483e32988af397aa2d5880

SHA1
d271a5f9eba97cac8dcf2113cd2243722ce08b84

SHA256
7276af33a90635596826215c7cf687e1ae81e84e65dd954b8495105453b9bcab

SHA512
a4bc7b20431ea36b705ab530f9a6b630d83092c07fa9c018212a099edf7885b5655129dca1f8b1389d4bdf809bd904de8ecf63e13f9a3191c6a3e030a279dcac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
789ca14a11af72923783b57256bd3bd3

SHA1
ec435e9089dbfe39e044e34c504ec569f7002b94

SHA256
14e89908ec58c029096efa90bf847402f7fbd784a4d3a220e829ba97a12bc602

SHA512
cf22026fb9c24573d652b957da463375f388045e780d72105d2301d70be0c2aac015adad9ebafe3eeaef2a8d6a4c8468ea92ef1cccd6d84cb60cd10d45ef7df9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35e8425f9225d9ff6c2464abca11610d

SHA1
be39743cef1d9d15e0f16b9c658166c332e3976e

SHA256
77f3d4ac15cf9be4b0988fd55cd59520d71ba024ce3026df2be56282d6258eab

SHA512
470ccb51e43f534d0ff30d657840ed7600c60e69214327c11a189af53d3be09df90818a1f5da90c73eeb8c8a6b3c6f05fa78449273d31e657e75b847bbab3e54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1aae81ded51cb0aeaa136e5313ab5405

SHA1
675e4958a839e574645224ecab4c907c746be730

SHA256
0ef85cf62df8e0d2c9aeecdf254934256c5389a14450bb1cb8c7de6524f2d327

SHA512
1325534cd82c668da5b24eaaf10be02ae31cdd4ba99f8fb6e9094aee5b6e8f977c19ea2ec6be7c00eae7d88a50645722ebdaeef950eb9758e7d19956b5dbf218

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f77d8e4176079ae084296b663d63bc5e

SHA1
f606642f8f7bffdc387746b4141e1f03c47662e4

SHA256
06fadac20235ebc670659c68cb7a5953f69c33b5a5bcc1114921adca28b14dc3

SHA512
255e4c0e8e131f294c3939237e7bb0cfc8265213e8e3875a95174bc9acff92a1d55e7d9a04e9da2a349da2468ff98ca7a275385139dfb9fb841ab064f3297a8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32fca02197c4fa949b5aa20536ae0f38

SHA1
0d411238c895014e28c0f97a5a1869a81e871bdd

SHA256
cdde994122117495a06e7e7902536f782badcd34098c70ebb759f8c7d0827266

SHA512
1fdb2c0083983281208bf63c54cd690c532fc104d1b3eeefde8b9112c00741d65cddeeb5a429ff3f5f57dde0e0ee51f9c525f0f7a6d3bdae74b7ff104df8cc0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f8d63f711f3cecae15bf951f3dd22ed

SHA1
2d872a225e0d6bd2fc0e53cfebdff10228f09c04

SHA256
c74bb634fa36c576bc624a947204246a95488ae84402a6eed8ca716e5c8cfc58

SHA512
665f24033e22ec98a34a138ce35c5b081d6cd0b176e726d20b5367b208ed94f9b9225e49869bac18dd3f65d7779a2f31f77f66187c5b6e6e5004cf9e0725aa8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\px[1].js

Filesize
346B

MD5
f84f931c0dd37448e03f0dabf4e4ca9f

SHA1
9c2c50edcf576453ccc07bf65668bd23c76e8663

SHA256
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

SHA512
afc3089d932fb030e932bf6414ac05681771051dd51d164f09635ca09cbd8525a52879524b6aa24e972e7766ddf529484cc1ec416de8b61255435a89ba781f8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab209D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2DE9.tmp

Filesize
92KB

MD5
71e4ce8b3a1b89f335a6936bbdafce4c

SHA1
6e0d450eb5f316a9924b3e58445b26bfb727001e

SHA256
a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

SHA512
b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

Download Submit