88a1a0fb9a1988809ac08bf3183898c2e9890aacafab6f792777b07399e2faee

Analysis

max time kernel
0s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 10:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4b2b4a79b56c75d38efc7e15f7cde052.html
Size

3.5MB
MD5

4b2b4a79b56c75d38efc7e15f7cde052
SHA1

3aaa42bcac38fb14cae415e54ff4654be55cb038
SHA256

88a1a0fb9a1988809ac08bf3183898c2e9890aacafab6f792777b07399e2faee
SHA512

8e92166e877b3257ebc877855514aafd2dc07134f709641c2822f53c867b4dff4592613bef42347743eb7eed2b3683b8a817ffae5b50227d1a464da3ea8e2af7
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NSv:jvpjte4tT64v

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2A49FB11-AE0F-11EE-9075-EED0D7A1BF98} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2756	iexplore.exe
2756	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2664	2756	iexplore.exe	17
PID 2756 wrote to memory of 2664	2756	iexplore.exe	17
PID 2756 wrote to memory of 2664	2756	iexplore.exe	17
PID 2756 wrote to memory of 2664	2756	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4b2b4a79b56c75d38efc7e15f7cde052.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
  2⤵
  PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
000af9c59190ff85e7bc360c9dc84f5c

SHA1
fac57682eb85fd83003b5a95dde1e71a5e5026ae

SHA256
9d640993a7068cb8f3c570b6f4c43f0ebce10820f3d60544276c7ac48ce649e8

SHA512
0cb48b886293072e4f1689223d122330b754ddccc3340f3c285e64e1146a5fa4e55c9d4cdaad9007e285a697e5dac466ac778284e82165211ca462d1e295f478

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a93ded3c5138543306909fa578efdc86

SHA1
bd4336e287446f83c71bb11fbb9531af82c8a86f

SHA256
80e656f8c17d1f0466b0649d401e9867f460c5db06e9d57e2466da924d070e2c

SHA512
be6da97ee6a5d6b9107e5fad7b0ac6eacbf61ec46e7d6e1e3984f0a7025e547bdd28d11ad59fc0f44ded9986bde4fe24f6ee506f39d82bbfe50a6983313b1d26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8b4322e9e4a501a04e79fda632b9cd9

SHA1
1758e4785ac38aee149408ef5a9408470ad6410c

SHA256
090e8c8d8ac1a816e512fea8e9b61573be87e1b69fc5dc9c4565c0d725568e80

SHA512
418866618d23f7547953c07d0b95ddc9fcb2b067628f6554bd6d953c5b4d0ec330c37e009eedc9142621e060cb883d190aa2a9e5b1f44b6a81a4af277aec16ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8122b9bbb58941d656cd0b29bcb3ca91

SHA1
ffb7336ac686eb21b17ab8d832d068829ffe2360

SHA256
78537762a03d4325bf3d5b36b5d75e0716d182e3cf2f4612fdc0234219f85f5e

SHA512
329a351a2ae37496f6f5ea81f3691bec50c1e591f697354e159bbfe8d72be697c2f46bc1dcb0894503ab9cff107d316dca0eedcbb68a105c1aef84b496466b27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d02e5400986f0505286ce730f6cda0d9

SHA1
b13c652bdbd42fb7b49786ff20117ffd6973c0d6

SHA256
d0debd9961a47f159c0bd8a26521ff5289a96d97c2b95bb399c4e0b72fb3f4ff

SHA512
1dfb3671af3e683661a5e033229caf12161a985895bf828afb6627b0436746692427713542714d76fd74d6c90545f21c2b9f58bf44a80f48437a867189b80b1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4df0dcec382de6466754c56ce632097

SHA1
4de821af41d2f8140abfbb99509f50e5bdbc97d6

SHA256
2f3e38a99ab39bd4c140c7b3d62460202fff96298929869a030f4241f543cae2

SHA512
42977413b6422c27c898da8b3678df3c9d6abfddb52c286648c86da1a9b16e59015829eeac52150220f597e17f14a500681e17cbf8123a74090e82ee9a4e587f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f58c37e1020e68c1a79bba911194f6a

SHA1
ce1d54c352ab043e049d1cb7e478fcfb527bd5b4

SHA256
32deb3e0f73545b4f43ddac1d70117ad348945c32462769bf38f40034b4b484b

SHA512
668b1c6167cee95d816c8be90eb13abdee55068ef17f06f484049bb6530dcd2e919bbf5cff2ad0ac2d67d70e1c17f4b96320f23a194be46e025ce639389bfbdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
078a1ea73e82652c3b3362b3b2d0256b

SHA1
bbf589934fc1aa6f1701191285a2dd311e1d75bf

SHA256
1a1f0f81f04a3579ffe7b2299f370a6cdac027435ceba8a0aaf99a693d258e21

SHA512
ce801c0161aeb0e91fa422757cbbae61d6e075d1d100def7de5bc9d6485fff559d1d766f2b9dfaa93182b93dbd0dbedbfab5ab9981576a7f33375270f2281dde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40336dfd2f4208fca42c4bc24ef807a7

SHA1
822c4442cc196db9596be7c2e7db46b0215e31a0

SHA256
53b783032e7a532cb909fd5cfbde728d542a959b1593ea167c561237082fd714

SHA512
97ea515ae609547502d59cb9892df5fa35e23fc35381926d46e3134b6bfa70cbc1638945ba65f2638c51d05007ff77c2987cef36b46f01613de3a369c008aad1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0340315bc5bda113247ef249d80f86f4

SHA1
23b14cd45f7352d1e61b66a13721e1b6ee47c206

SHA256
368cfeb50f3a1d6edde9a7dde3cf8ab24c3a85c106163e96eee4fc540e20f873

SHA512
33aa23e19b19f7d98f2c97b7413d5913a5cc59f405b74495dfc4d7e4af4f7d98fcc8717ad3c988f0ac9661298120ff3cbf34579560d462adda0a9704e30afbda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d597dd039e5d62538d07a2adca1911fe

SHA1
b52e25bb5f782b1487c35310ba6a893228ba9c2a

SHA256
d179a68095d9c1e40cdaaaea073afdf55f6fe5396838de7ced139dbd5259cc5f

SHA512
7533c35f2667006ca82f210fb1de7f494e741d1c5f36e86fbd52ab881c799cb4caeaef2d74e58fe64f63bdf65de0e38973d41cacd69132c86e43046bbfbcb72b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f082c79a08510599b4820ad9dae30a62

SHA1
458d321cd550326d47542d30393527acd1f4f733

SHA256
a76786958166befe6077bef58c78b64e61d98213d3bd318649a489b46d561c32

SHA512
bd17b0a222510419a37ae5f53a5498e0b832391483f3741702a0b35fe1020831873809663654899a90f0c7cc381f7327ad4f128e32f7cf92db763ed194b450d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a44abe67db93e4f6936c8e8937a75633

SHA1
b9c00cfbedfd61ab609d26c0aa2041b8e09fc534

SHA256
7de323018ee037938c199c6a9fcbd826bce43b6c230904ec780f568d81b64200

SHA512
7a31094b738848a6822cafa2a7ac1c1451c3b2e6b499b91db2a3d69c2539f778baa4645648d0c76e7e25df355a42c4918dc40156c99f331effaae438d630cf1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d376ba3eeb3cddb455079b334ba8a2d

SHA1
6fef39dcd51f503cdd5f0105f956509c2d36d688

SHA256
2540528729349b8ce7d6d85db5edef1afd9d182f7a70a0c14f41054366a4341b

SHA512
6598eec3cdc8d6bcf95fc600960ec0a8bcee330fb79ade6297760bee7e5b77d0b339111f2d638604443c31920b5a6262e34ff49f7ae76c434846a9b8008f78f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80b03d01a011e67f1fc506ae4f6a6233

SHA1
dace39f777b10b0896f8290c17a1a380ba09a0b6

SHA256
efa89840fd8b0b18e8c940929cfa24aa338a12c6da5ca4f33faea05aec11eb20

SHA512
c945df3bf406fe18b6fcc9c216ae84f0db2166be384aca02110a07b4784b42ecb04e461ff4bd6549c7a18fd4389be60ca2549e147ee1d0d1299a380bfab1c9f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b90ca6593151bff9173f96edc58ad165

SHA1
9b6ec6f2fe391b2dee17c4086286f92f50f7e99c

SHA256
8348b520cc5bf8a76532918d77e63b262625c76215845f905291fdbd57240807

SHA512
7941654d8d2ee6f3758bb3aaad50924bc44cda9ed3ff5335b35a2a33e103a3a0ec1d911228a90eb5615f9060e84d98deacd46ead1f6afc71cd693e2c23f7efe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75c68146b96f6a3f47fdb4fe76fd8634

SHA1
8c48391be84308fe1d767a4c3ade1bfa627a981c

SHA256
e7a7f1f911e91df781c283b2d31ad5c8ace32a3465532dd3f67a9977b7e41075

SHA512
16bfbcd854acea63cc276ce551fec0b89fc52ecbd0a77c4270b31f52c5514f5c34a7cabb893cfddf296785057739cf6954f800caaea0354523c36982a71f0322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e29955f85a8432ba57ef927dab201fc

SHA1
7bb92a71a5ef7c050981ff4299e6a297c3e502bb

SHA256
58fe952af0df59cec3bacf9ceb14a326d9865c32cdbbf72ba72ef8a6c482ead0

SHA512
96db5765ed3968ff1c98d9c5f98eb0ef20b6f6746459b0484213a10b199c490c9856a3419e26bf2d86d9220fd7efb1c822628fbd738c5f2ac829a4b04f541434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47a87e275107ea5e69db0f7b42054f17

SHA1
aba7f5f316e3ac9914f6de776d6b9530b3ef0ab2

SHA256
641194411acf8ce97ef07a1fa952174c4462842ed270e26f4a6b414c47eb3dba

SHA512
70f59e9c3687cf36b652a19cd57bc25f192636673fc4f9dc19ab68bb4b1755fbfea7e648c0bcb742c0b9532c9b1137edba2f86df45a9735e4dfef3e0736db05a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c596715790e07bf0f9577d9aac0cc38c

SHA1
d3ac21732ad5d32baf65ef637aebfe900498bd34

SHA256
1b3e2029ecbc269ba23c3bbed3642a161e34b9361079c8c8dba31ea7503b38d4

SHA512
6ba1092d3db0f6fbd1b1a9a711ec8874b0564c0b9969b782b271195ef32a18a95912151b712a0bc37174752124756f899d19d22d1610f9b62126a6dc6de9c872

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6e702ad47f8d4a61fc8d2261b5e4d4d

SHA1
9f3df3260a671ab3e21c07d0215d7855e7dfe84b

SHA256
bdbe388ed23450d2e20fb372c70a27350e3e58f65733c0124c39827506f54c39

SHA512
4270b9058556e0fbd85cd2e6f39d2adb2b06a961745ed98926f2684785f8c53c54f896e8e92b737d04744733f6c441f84c2f520cf6bca279fd81bacd954df907

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf0f433c0c6f4c54656a31b28e04cea0

SHA1
447d1043aca79a84f5cd8fe40108eef582c4ca0f

SHA256
3b52e7e7277f1ebcb42af6c515a5e61a8e6d539f0345e51a95c844e9678f5ecd

SHA512
a0fa57cd52237cc8a6eb8dead80046375f65fbd34b28337127308d365dde624b0a44491af879030db768cbf75edc35f2429c783c7bb9ce58176e606a7d72d3bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c245ba1abdff2044251c5b67f8703f7

SHA1
91db0e838176fc96c19c6b9b76eb8a36fcafce65

SHA256
bf74f6736530c4cffab92f925680e84139d648e16c2601a7f497ff3899818855

SHA512
6a46d048278898e87245acb23bdf428fa78bad01da5c4c0cb77480f0ef6a1dc7447a98beb8276b71c88cb86cb41449f0556319d10e847327103b7033aab76181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\jquery.min[1].js

Filesize
80KB

MD5
ea32fbec652e2928d8f5d8b07004c368

SHA1
2ef184aa009c0c9d756d43587c513ce5950d4dac

SHA256
a1c3dafc57a3cdb925fed239ec3dafdd1e24ad2df23f6674dbaa2155347f5927

SHA512
a4e4df9f21498a10d301f2863303946957adc261c25fc2eb21ea2efb6b947b85fc586dae0fc1da9626ae2a725de34441ca8b3cfb432c247aebb3c6836eb9c006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\beacon.min[1].js

Filesize
19KB

MD5
dd1d068fdb5fe90b6c05a5b3940e088c

SHA1
0d96f9df8772633a9df4c81cf323a4ef8998ba59

SHA256
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

SHA512
7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4DD2.tmp

Filesize
13KB

MD5
cdc6af67207b90f8feb9ee4c63d35f74

SHA1
bb700d879354f73fd97fc978c466f1d417a2a388

SHA256
19ef27286805daa79166fe54f96da2feaa6235a9cc5f26c864f6ea8a8f41f321

SHA512
681ae9ec17ad5efd562446f84c852b23a786764c64de245c695e1113972553bcb7911d71aa8fed28413089823f0a576277a104525ddf22bda7ba6e9ecb44e0d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4E92.tmp

Filesize
1KB

MD5
fa527dcd6b5eb05e72fc51570a2a6608

SHA1
3380c5ef74408265fba2f67e790636d0ad0a51cc

SHA256
4dc7a4a6cb3be2c334a27a49df89f18f8f91749fe6aa1cf28d548e0e0c75ce3d

SHA512
05c0e217c433949cab210102a26ca7f6a765515b228b217e25c7409408fc167b5a59a8494e1181284e9ec72849c90288f3a066faa284e29d871097ec76291a5a

Download Submit