f80f3b7fee7d2f671b81217840eda5e9cf97aa5cae079af327bbbe6c959e6b8d

Analysis

max time kernel
1s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4612e1b47737b7c9dc59124fe78a59a0.html
Size

555KB
MD5

4612e1b47737b7c9dc59124fe78a59a0
SHA1

fc654b2d734b5d164c0c6b7cb90d4645a1e0c15d
SHA256

f80f3b7fee7d2f671b81217840eda5e9cf97aa5cae079af327bbbe6c959e6b8d
SHA512

2b2aea5a814d252d276e20829af3d91c8476c5d35bb844ef196a08f485976dbc7c8b9f6911f6e10dceede135d3a06e1a4d978fd2bdc543582c7c081e59f8794d
SSDEEP

1536:dLnQmUjfvQ3hNNBO7WLY5zKIUdCgsowNOEv5bUnM4RYhlCyXI9RnAWOWKbwGNRo6:drzUTvuH8ophMbyRZp2vERI1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D3E017A1-AC83-11EE-966D-76D8C56D161B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1984	iexplore.exe
1984	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1724	1984	iexplore.exe	16
PID 1984 wrote to memory of 1724	1984	iexplore.exe	16
PID 1984 wrote to memory of 1724	1984	iexplore.exe	16
PID 1984 wrote to memory of 1724	1984	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4612e1b47737b7c9dc59124fe78a59a0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
  2⤵
  PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ef5722b1e6802b7ebdeea9b3046f970

SHA1
a195f972b643dc1e274be34e34353401fb672490

SHA256
56c9db7e3b1b9eb690c988d7a685962173f24be8359ec36b3e4951e19fc71c8c

SHA512
92c06e915c7a8eef576d2ed1ce7153653505386e955b14fdbacfa1f2fe1a5a97b28aabf164b02b2dea8ee2a418bf1e9b57971f556039533bb117e6582087151f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9dd974b722bf2eee77dfeb388b7ec8a9

SHA1
604bbb6c0079b73cec6cf426fa587ef0005b9c48

SHA256
fa5ad9caa6757ae6da44d109aa81cf81868fcf22901a4dfea1a55ca9b8a0dc21

SHA512
679f2d5e3c596cc5cb2b66fd28d52ba18086c4b4d3113df18a64be47141838cea78858118eb47f1586986187194479d10dc98ec378d0060af3129bb612f0e1b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83638d516122b4d84a4c761d5cb1463b

SHA1
53708fd2ec9d9c63f0fdd233e462d2193cea30c1

SHA256
62baed895188b30cd5d3b937a70ffa61dc4918df8ec32d94c3290aa7222dc37f

SHA512
83da5760f09f95de0dad28a44b9da859eed77ed81c0d1b3ee75336a0742197622f23c4fba614a87592733d0e3d156c97e6ac0310b8919ae1079db41449d697bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94f940210ce1824dd7cc7c3bfca9f7ea

SHA1
f259cac51ce3e7c4fa779927a95bac8978da83e4

SHA256
2817d704bc3dd5bdfdc48bec9545a2cb91a47637091e6adcb1cb02a66e091ebc

SHA512
abaf2498d9df2ef648ea5395c64b42e8dbf098c2526a875fc97c5be2ff1f94b06febc354ca40a612d1b7cedb4378532db5a61321c75abd1beff652a43caa48bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08fc18ee06bcd0bea9edfa7f0946f831

SHA1
41a0a180e50fbcb36ff4a83595412253cf71cb79

SHA256
9d2b6cb405767687806e86a2b86187407721f4915e72e377f87bebb22f49c2df

SHA512
c5763129d448c85c46d8fa63dc95c6773914dbf2c8272b1907feedbb7b907b45f0829962d2e7d9e674e15cb23801c18232324f43c7b3f0ed70655fe26e90d89a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5beae96a00c5be5ea23df9e19e7fb89a

SHA1
4577f0f6df60717ea9ac74df4bec4a1b125def20

SHA256
8dbf32b4e5a34fed63b05060c9bdc5e875853339e9b1c4db61dd502b34ac2658

SHA512
ad0f24ee30471da3e0c56c3353614acbfce6744e11a51558e13a5daf948331ad75df625d8287d1be32be04b04d6365ff699114e905f608159d0c087334303aae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e8fcb6c2ae6e50103fac6f349fbd3f9

SHA1
7ef94dd3dd5a4ed3298effb44ed0675522f4e2bd

SHA256
ae66a2ddf737bfab8ef562fb5ac09a30f6efde6b6e1b23b9e9c95a7ab0b1bf53

SHA512
ffb2728937c0ea593e101aec19737ab790452612e8a0cc5646bf2988043e7366f150838dfd1a3427befcff73c56d9f2a890c25fc234d8cc03e9ad5fbd539950a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bd3ab8514fa0543581c153b22ebd437

SHA1
694b4617ea42f2281098f32afb2826716725d12d

SHA256
d7708cbb1ab3ef03b239f096807d1c4e2764bff7978433511cda9469f31ab59f

SHA512
20affaa7ffebdb5956196f529c2244b5f49d1f944b2be18eedf1e7c878fcc10bbc50d3ba906a1cf53cd5be46439b895a5fa7f26659fb91fa6e3f71df8dbf5f00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09ba439288d6a808721843adc87a6116

SHA1
8c1fa40f4dc0b14af05f608517a413155353e188

SHA256
44431d62cc42af3b3e2ecb3297c4209b102e5927fab68bd3827567fd5ddd060d

SHA512
7d03a5b26c68d1266f502e92e4fe383b37f0d4bf77806e1c33ca459695e1d2f89034aa1fd0753171cf04e8a85152a059551f688d1a09dfad45e5bd37b1bb4166

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
129222682f08c5fe8f2cad64cceadc9c

SHA1
f83dbe761d2246265306b17760e5288e5c9f7a8f

SHA256
7788be0e89551a8a1c5c71bd6b23ebf788ef6c39d93b1e7509e10a7aced5eb77

SHA512
b96bac3dfb887bab337c82812cc6fd70a0889a4685eaa12b16a9544a852b619fe1f87e7afeb84ececbff27e75787923e0a0898bbc2b5cd11ad123b2946b9011d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f7582a2168741e0ede74d9b669fca97

SHA1
44be2e4cb2652f8e719f8c60a84c556582ddca8f

SHA256
edcfbb9b7155dae3eb1e01cf09e7aca5f75f0757b0c778fba8d052ee6b3b8ff2

SHA512
303cde4a0c448196c1a2859f0f119e738bd9680803bb84a14d82a5ea4e7182b4aefce934495dddf2f759a4f641a11d7343faa865bf0734a38260083a1621344e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab59A6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6D8A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit