636be19b344ac78493dffcbc4aeb427c4913f7b1d51e753d315669148680ead6

Analysis

max time kernel
0s
max time network
144s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b0c6798c270008811b304a12cfa973b.html
Size

384KB
MD5

4b0c6798c270008811b304a12cfa973b
SHA1

a24ad68ed1024a127b451d526889780b21ce0c02
SHA256

636be19b344ac78493dffcbc4aeb427c4913f7b1d51e753d315669148680ead6
SHA512

23433e6368ebf7875b81a33421eecc36bbc4475c1f71d6a213b303793a02b2e9841ecc2e604900194d5f74f4d599a791b5835aa1fd1521ac0fca320f2409e388
SSDEEP

12288:OTmMWEcSdO62Wj1cWqI9b1bNt3lMx08p2mmuEwsW3tGVWym0Kca1XZ8XWlMZgCA4:i

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{186DEF31-AE07-11EE-8CEC-72515687562C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2364	iexplore.exe
2364	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2016	2364	iexplore.exe	16
PID 2364 wrote to memory of 2016	2364	iexplore.exe	16
PID 2364 wrote to memory of 2016	2364	iexplore.exe	16
PID 2364 wrote to memory of 2016	2364	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4b0c6798c270008811b304a12cfa973b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
  2⤵
  PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
41KB

MD5
872707a61b44cc4f99009e892a78fd72

SHA1
65a33f4e0d4e716ca53d7f298487bcba2d7b0cf6

SHA256
d981f5162e91c2cb020791d876c1bc0ebbdda826e2d3ee944bbcef6d115a8686

SHA512
3e3f7948a9e2a15ffa992a13b1d4b270dd03b54f8228a0246359a7143a4289b53ac1b7e92857ad5bd706d2e4ad00dfe515eec6dadc6e36f73a771c0f8ebaada6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
3d8827503726f5338dd588fa7aa503db

SHA1
f7a75e937458b58477c1c7dc67e846ab428d1d12

SHA256
7a5ba7cdf25ebed9d3edc95605fb1210404334ff8a341abea09e58b5b08f5055

SHA512
60ea79cd11ae74daef16a8ce7c7df4aee84f2f3b333af6f55cc597dc9c38082df29b52be0731fec5f6281f28eb2f80078654c73eca7276346d6bc3a7d890f822

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1f28cf1950b7ab829c4be26ac54c65ca

SHA1
7f49634af73e1f5c0d42773c214a44e6defc1fe9

SHA256
42be9cc6a2f0a3aaf1ab54d36e5f94ec1d5451b5f58d3003d8998d8d7585fccb

SHA512
e8da2ef6af9499db6b680333c19db390b30676e734114f80f4f24fd82b9225c4571db9cf2926d1485e40fcaec95e59089540ba822d3c1a89876a8ce2572f7238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77750ef6468cbf6b27b068d0fbed1e0d

SHA1
76656b12bf80fad2aacb4dd3d48d2fc845e446a5

SHA256
8d9fd7d205512f9dc844f998a730d37701900626c1c6c47514b0f553a3c93bd1

SHA512
42db910304542c987fbda96c8bd194b981694e057f4dc4583d1dd71c7274f1ac96e7b41215ba8848f0b6a02ab357b35ee79f5ace4345f732d92f011d6a197fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16958509518e1a6a4059934cf2b697a7

SHA1
e224dbc887b5f2b1435d2f5e4676e97801f35b27

SHA256
cbc53d2e8d711976b788785d7a1d8ccaa5cd583865a9fe3cd091ce2df3c00422

SHA512
d3775ddc74a4fe7efc1dfd2751a708dfdcf92a3bdfd9968ce34fbf1637ce8444eeb5b6b48b07cac226873d7987e6dad48d7422d8afbc6d481b7f52dfa3e722c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91e9197579b665f59e9465ba63aef291

SHA1
f354340237fecadc5702ef525ed7303d80a648ad

SHA256
3993192ec24a226388a60614516b312187fcefb521a6f3d799971de32267d21d

SHA512
2f9235f1b740be7c1a9513528ff32481776cb7c7163736d7eaddba5eff28399f7dc2e50c5dbc25b1f189f069ccaf64eef9e5cbb58493d73f2c2a37b9fd62a49e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96ac52fc64cb30069d8f2d3e0f59a7ca

SHA1
9f0bbe9cda8da20665376dc534383cd9a8b62f60

SHA256
dd56ea82c2332589f8240665305e944a5f7995ea9d31af7313a490685f8d29e1

SHA512
bc09629d33d5c3094d73ed17a5f889248e520e27b10d3cdebdca750186742e47e4dcc9e0d1c39cfcda8ac3fbe8b411c6383fb0edf2b6f15ea2bf18d2efb1937e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8395ff5c550d73a0faa829c27ef2fe5

SHA1
ce75bdae5c6874bed31a372db51a12e1b925d08a

SHA256
fc34c3dfb44e422f5206f0d7f4c3ad6127bd3f3daf89fe7698a67ebf8c41474a

SHA512
1bae9fa8004596ff94fa13f487382c2375e961c81e6f7b995d9755e83ce223a0e4c8c1aba096018d06112109908adadcfea2204da8740ebef1a13dcdb5e52176

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
108f2c902a53ee0f58642a86cc5f3fd4

SHA1
74de4ce8b01afbcd4e380464e81d07a6e8c310aa

SHA256
ae14a6fe64890a2ce8567ce22f52ce06418eb750100c4df4fc3a2a4896982017

SHA512
4dc3c4c87b689c59e2a0419202cc02031e073458112cb3661cce472d00acd0ee47da225c2c89f25c1fcab5475d515faa427a9567a61940906bc69c9ef4a193d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85e97b07f50a190279d024e50df19b3a

SHA1
02d92593620e75eb4c2161bd6361aeb294ba8df9

SHA256
df798d1cbbf42cdbd3c69cdc6b9ca79f19cf6153feb613ee61f72672f9fbd502

SHA512
af34ace4234829dea7d2c92e639a5ab578b3768a947677ea3c50150a78e512dda3b85e974961b165d6a35f95a63c05d7ed9360ae06b0d41457a1295eab272a28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f651aa48dd4cc29faa2b68e8c3f3aec

SHA1
200e47a96931d447f556d0ca5fdb27094c59c821

SHA256
7f4b5e89d207b06da1b7fe4cc7a9c173cc4b0ea1331fdfa421ab6124796f85d4

SHA512
51273d0d1b8183b78c59a7c0c73717615cd2f94bc301d1217b588c5ed6581d2bea696247f34e1f467df096895cfddf3ebd6211e2d9a4f0c9444ae407ff859316

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aaabfe6b3b867f88297736c8037c80c7

SHA1
9761425ab0ed343c7787fe422ac56798117a15ef

SHA256
a7518551524952d2825967d9c4cda1a19c0659e4197f3bccc98a66dce1938303

SHA512
e0b255818a796d71108ef508bf6269879860375b701c4d78264017d499c385323d83c9144514428636b9e9bd529a96d5246e430f24c4eb1536d0d2468db4ff72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f256194304bf08bbb09c8caa8565e246

SHA1
d089060b27b11675b0ca8205364a12c0b532c155

SHA256
d0b62f6761213e1e60a99d75a3f0db7ed46e931fc09043011eb93142a32bbd75

SHA512
bd40a2bda2a90da0e60ea7910103409e911b6497e75c280409c5922d0104000721b5ad37dcc8897387ee01e2a38d3a46b9f9b6d22a54b44163095f689d396681

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cdc94eb5c7677ac4456cab535ba0bf7

SHA1
3f468a431d263c983278cadc393f70509291509b

SHA256
7decdd8a47ef971ed71b3ddebc2221ad32a7069586b4309c7ecac063e4010f3f

SHA512
ab3abd26864441e0c5c47f80fda75b2121b3076e4099f278469074f868442d9b0a266e6a8bd8ceb998edb7e550994df7910f586a759e9d35947b68fe087c0715

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d159a26e0d58c3fd44d7404ee183566d

SHA1
d46bc30a3c3fa4a203a793c25cd01e4f5075a9e7

SHA256
7bb95100c523d40d8c6c3a5b1643402e5fcc6f3780159881db0e399020778787

SHA512
032830ce81e7ccc40fdf55691494ba908999374dbe694542934f6b593fcc2ad84d84c35f301bd49588a4f39a32e6dddbb0b36afe83d2a90715d45048b9f77345

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4019ccd8a5a277337c5ff589a44b651e

SHA1
8231c7dc2139de561f84bd7b507b180e413d1ee2

SHA256
6a8f237018db4f17090882907a3a941f5541e6f5b22e90ff35e7149d596cf710

SHA512
972134a5183942dab6a2dda487702feab85ca265361755c21cd622c77ca0d9830a4916b53271e6711b0968a29ef14b7a4940840d685f6bb69f5f865659e92f48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
be9ef21ccabcfad60f5390d4b3e6a52c

SHA1
b1d11d4adb1878bc77ce3b389bf409bc875c6e57

SHA256
caf7a516e9be287b8a8158174fd5f28f1d4079698b48d64cc24feb10fc9fec6e

SHA512
7c6c964eeb7b9f6bfb69b8a0b84ac60a3a8374745da70c3e335344443d7526ef0fa52f9a884e1a41b423f1305518d0c8c241e6950f32e138a4b495a967bcb707

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4e9792b2ff35af3463bed0d4bba64bce

SHA1
dfd8bcc92cf9d6d5552133ff362b86a383de1bee

SHA256
264b8c7e722525782ade39150f679d62ee2be873e13574f0af0c8f2434b543c6

SHA512
a570a2f14805f867f080a6b653fd92827970090a586278a7cef9b806c49599787efd26de2bf2ae0e5fb39b022d813fe353e0879004d6f9a27288e3407e66e8e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C662RX3S\cb=gapi[1].js

Filesize
93KB

MD5
07713596e528ba4d3e405b608e57c9cf

SHA1
941bba1d576d22611e11b6ce43fbe9d29f7fcf6d

SHA256
c9eba0986e78ab8c78438be95bf6f07f29861c60e2efb11501ac531e7d0fbc96

SHA512
8ea3eff2c32cd736b67c5a72748270804479bcc4274c8d0bcdf67744505bc71445a3100418ebbefc37329ab813916283ae9eee8344b2c07763a6d6bece0ca4f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIY87EXZ\10384057113_bfc5ece048_m[1].htm

Filesize
167B

MD5
f5d40b7259645010f9a248858ad14178

SHA1
b3051d17a6ec8c9e166bf09a62b48261ab86957b

SHA256
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

SHA512
1e82bc2d067f726670b3e6054d73e57868f6e7c50eb979696bf927daeef699f2d8f8de201e8252b86b0e9f86dc69e5037fc9fa08ef6c271b033f29d4f0f4c1aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIY87EXZ\platform_gapi.iframes.style.common[1].js

Filesize
21KB

MD5
dfb9b27574b25ced271fe2732a270890

SHA1
683d0c1d62f7c8e504b861d8706eae1a327a3e25

SHA256
9dffba865711d14ddc3996ba25e6169a25eee77f0405b8cbe2c997ffe618ada9

SHA512
71e06f010328ffdf5c929b4d262d77b5f207d80b2857a13999ecfc53c5fd26e6466d32a320a5e915658a5a36aaaa1ca2e2838bbf91f78f5ee018a1b9856b054a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar19FB.tmp

Filesize
95KB

MD5
298823b3047383157d74166248b43653

SHA1
36067d7bbb35194b628f0e477dd58a1361ea87ee

SHA256
0ea5841343c07f1f04a324d551b81a642cf8419f1a9432ff6340e3aea7f32130

SHA512
22cabf403a2039ee8944dc661ce72fe9c253499de3ad9eb63ddc7fb3741f893752d077fbd2de00c69b9b2a7c9cea4ce96b7b0b6ac6a854322642a6ec7070a280

Download Submit