0951ffe24c400149b7d277bf2018ae9b07ff7ac8618d2a139360174032951451

Analysis

max time kernel
0s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d248ffabf71fe3ebfc13a8cd24f1cde.html
Size

3.5MB
MD5

4d248ffabf71fe3ebfc13a8cd24f1cde
SHA1

c20287264df9a493ee4995fabe2de3981610ed23
SHA256

0951ffe24c400149b7d277bf2018ae9b07ff7ac8618d2a139360174032951451
SHA512

03f061ec8e287041e582da0407ac1ea4210eb38456ba40abef15c8a54274c297080ea452e77f29eea1766d6c5754214681213c0320cb87a6ac4930c13cdb7dcf
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nyc:jvpjte4tT6sc

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFA4D4C1-AE99-11EE-8FC2-4A7F2EE8F0A9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2224	iexplore.exe
2224	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2056	2224	iexplore.exe	15
PID 2224 wrote to memory of 2056	2224	iexplore.exe	15
PID 2224 wrote to memory of 2056	2224	iexplore.exe	15
PID 2224 wrote to memory of 2056	2224	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4d248ffabf71fe3ebfc13a8cd24f1cde.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
  2⤵
  PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
142c2be46a86fd326ce236ef1604b7e8

SHA1
7700ae1ee4865271e98fa19d70d529481b066353

SHA256
6fa481eade8309888c7028850cb6bc7a12bcb1210c95f62df7931d05c56adcbc

SHA512
4811bccac8b9d775d7b5407570ab8cee41193e815e13c2999f4591f6c174142db4458d7115cd993448fcccc5abd245ee8366ddca1f26a55d2a92f673f0e84ac6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78c0551556a1a0fdac80cad8396eb39c

SHA1
8665c7837b4f3e408b8300662a7d71ec65ce3236

SHA256
5e0767c4e76087ab3188936df0ee95ba8b780915735a1b66156328b0d02db8cc

SHA512
325f41d92cccd9b5859e9d8cd63c92c0ac0469d10fca99f81090850b4b43035a55613c9ab525a3d6dd86d8687a2c135d8292a64c92ae7c4adc0c553dff9340ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7a2169cbd9345c2f5672b583f9873ba

SHA1
b08d3100de38932ce5cba5059e2b91da9d0deaf3

SHA256
2954e8b27cf3945239415ad065500c4da7efb40600a06dafbe67a679fb02e81e

SHA512
8eb59612ebf3ff5c1d477275fc2bcd1dce9384cfc5a35ae457f80f079e364b75971359b51e2e6247fd2c49e1534da9ff5e1c3e23835d04013b4b1360b7b2ef18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3b7bdb2f9d49018b17059ce5c6a0da1

SHA1
bbb2f1eff555e26b20614c17b1d5c94922fa05d2

SHA256
7ee3431179b256d095f2b21936080667756b42ece00a0a88180e6019c5e9a5a0

SHA512
ecec7dc213253c47dd54ecea4995ed8d60bebe56373ab0e82b4f5e937249f80b2c81368508a58caecd933827ed7afc17a01f0f597be4fd11af06164f7972fda5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60e80dbbcc6d0d47d8ea75d0cad44030

SHA1
c09972bb4e5644effde0f00284e8679ea1718635

SHA256
e79fab1d775eba2715bfeba744c844d4c61555ad3a798ae5e161e593f8460342

SHA512
1a1a9da47336be36b05000446f7425871add8d6b5f971131924a7791598993c35e194fd1a4d6bf2f07988b5577c9026788668ac7141fda12dc79f46e495b04fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1257f4568e31c8e16fbdd4972a53d61a

SHA1
c4b487fb4b06257e63d4f4f11b618e6bf10dbd4e

SHA256
de82f59a0c1762ae22b40a8438fcfb2fe76b70cc949b7058389aee909455d9c0

SHA512
f91280be348e6acd4e53da10af3a36737609c08244f4a96231c701c30189c4ac98ae0d78d437ec59bb8463e330a2366fbdaa12aca776bbd8e6276f2bf7f5db2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65afc9dcbdec37f244358a09922a4a50

SHA1
ce6710d111206c3b6707810b94ec2189f220320e

SHA256
0f838a97e7d957a51830f5d108b58425d3c553aeb5540c372fe485b66c2d2c89

SHA512
b0706e6188af2a8c0630adf58d524746623c91f1bfde561c5221760a675bb4157b9d0c9df5d07432b6ad686185eb21ab7fcf645fb36e33da5e88a040c6c46060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41df44612cb039364d1c8dc8e1b7833a

SHA1
88ca825700dbf194b92612df103d1f5e761007ad

SHA256
b90183f8f0c4e1c3c828e2e4cb8f5a83490ded1b6864836a5b2a4e6e47c0ee77

SHA512
0b5de89d56b3d52f18f79b906248bec678d61efafcc778a5bc8d5cb410aedb6950a0e871496b02e3354a520ac66f4cf2a30a4e51055655dbc0dcb93f631d1bb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8eb5a0d569dd0d4d2b8f1ad4fb6993c8

SHA1
5def5b5129457f1f76b9caf91e37eb1efbf52bed

SHA256
35315b9e0097f325aa00145e3cbbb925b28d5cc53c418d9b543f134ddada7c78

SHA512
3efbc3f8ad641c86d1540da2bd5f9e63140fd131ece28678e303ba2b30b973221e76fe3fb450b8759d9278f3b044adcf0fd5c8b722550bef0b6b2cc7e6fec98f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8df522780ec30b7c1e2317bc5d72cbe

SHA1
7657f53e154f9a0547fcc274dba6508f2030cf2f

SHA256
4100047ac76ca40e7e7109eff6d431cbd6cc986aaa4412a6bf6d7add24243bf5

SHA512
006c38031769900840efa99aae949ae12f47a8c31ae0bbb03e3ad99ff0d47ec1ef8cfc98c98971d4e51f89af76cff8f5f22564a80092220a2575b10990c504b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
416eadf8769acc610ebf4e4d4707ea62

SHA1
31e0ed4eabbeca9a49b53d1e08d206f8ee5f36f2

SHA256
2a487de62118d4f5dfc23a07e97faab0ce11b2b97e56a249ac914bf64f2b6523

SHA512
d155c0d0653cc27e93bc9fe76612b6d73b33ba139ed3653b6239aef323624ece84d52752598501fa90a7b39793d896c22d7e4bdc338e4c3482f99bd761dafe3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c08f362c777098c16ce21764257fcc1

SHA1
b43a3a6324fd3bc3e0e5d93e41b7d4f6efcc1b8d

SHA256
ccff9272ed76287c9bf60287c7fc3feb27deb3c6b23d17fc5f0b714441c1f80e

SHA512
4814dbd967b5dc16c89339aa4475df94deee275330113b1f7c07a11b1a89ca337e4a533e0e890829ba9ab44af12738a5ad6c50eedd855c4e4fc2c7fb36d3e734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18c2eafd5c498ee0353a2c3ed133c9a7

SHA1
5f654cc9cdaad59b08821cd4e39f3817dde0b368

SHA256
f35d0c32e6e1a97fd90c166818063c4166658dd6f808226b9e752be72fb14fd9

SHA512
7f0dff32bd34642cbe107fba700f60ca460400dc5962d06ded83d3f842080b0aa0343aa6d0843182394dab4b0330c764e54937d0757aa3dbf4e74385368ca64c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
790ac723cc6fd5d516a8eb706dc9e968

SHA1
5eb98fc3e89f3cab0526ec1cc358023ee7973d95

SHA256
c2e616d8c4098cde83de38b83187d6598254508d2c25cec664b30d23865ee6c6

SHA512
68cf11af919518a0db744d17092111b1d21f97f0fb0a2f41f291dca6c01d5f12b63a2c5d37970e2b51bb1f55a39f39aa9d0284f0dc1a873b8b43e5350460f78c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7b345a12d8647078b0e7b95f657b804

SHA1
e6a08e9d258630842afaef7005074754dd6121be

SHA256
87c028cd9c65805756244692bbe13c18b3917484a856fbfb3c368517c3fd772a

SHA512
f3e9c45d9b4f69d0c97a938f9fb70d2e1c2805aeee409975a79e9cd05f7c700885c96f21649b19d75e97306e8a8698d6327fb625369a13d0d6e794d4b21380ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
badb04661fbfea0d5b8b32c775ce37bb

SHA1
b0ed21950b2f1b49c0188a6e5cbd401a364fd53a

SHA256
f396c43c6dd7db84744dfb1b97f472cc71ca09857ff82dd828e226915e3c6fb7

SHA512
e9640aedeca0592ee108a8298486f4088370d27a54f866705624ae30d66e8377c8d70dab5d23490ddc3ed9aae815207fa24180e4aa668c40e055b7d92c4917b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c02ad16ca227b65bc4aad7c9096bb1a

SHA1
10581b639d854c2f2a12118ee946cadcefa42c55

SHA256
9fe295f64c61f5a1a69a6922d13b770704dba251131632b783c569ef9dc9d896

SHA512
be653b455219ee51bc1493d9efeab496489cdf04bdd1fd93736ce22a71637531386f52a7b19ac8c754d1e506f69397ebbfe0da1a6247edda23c3ac119a487e69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
569787bd71aa082c26fc237ef7f91034

SHA1
adad761c27a1541b67178d33c7252f21681525ba

SHA256
e25703f7a5345aa52a04080fb3318dd07fee2edd1834b4b90edda2574974c52d

SHA512
a0be2c7fd49bbed23227a004e0e3ae71262dc63e9d40170f923e4eed7a009e35e46a9b595dbdf54e54d8800e58750143a1cbd3ae5422ad4c89eab14899a611cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bcbb6880d1bba910c2567d88fcaddb5

SHA1
30819055ff57598943eaa399637d6fa2045cbede

SHA256
5a463f22409782bdc8385d92e074b3431a2a5219cb5ad6ceb5cf9fbb4a895f6a

SHA512
699dfe98ce5963de7fb79945782a4540d2e079d02b6dc4d1fc2dedc28f4a28f7a70930bbdb9cd6e21b777778ca5a8cd829dfbe6d8d176b27993bb70675f7f7e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e971af2efef7c5a73e20692958fc15a1

SHA1
d39620be260c1d621efb5c08a3947480982fab21

SHA256
148b4b4344f84ca0d9c07af194a1901eec38b4929135c38a77c2ae77edd684c4

SHA512
35d45e93f5daaad0e8aed448dcd07f9a6464e377615da103342a961f6d659fb86ccc32d166150fbfe191b9e7a952bdfc8842a28fdefd89493e0f0b6d3fa4c190

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a4bfd3bccd63034f0b24597608f5b70

SHA1
0c17edc562c95825d315b551f84b5c317db5444a

SHA256
b93528c6e8f36451d092ceccbad516829262cc0383e1843d12c8957bea7fc910

SHA512
26ee4a19cf9ac777187f4d90b6ca02a899bfe5422d9888077de0f0172c3babfd0101fd18c25ec6cff6508c7217922e7a3bbbccc5e651ccb21ca5eb2b8968998b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d91c2e58b919ca0f9c22e085bfd55da8

SHA1
b398b7fe3eaeab9b54d4f87ed92405128dac9fca

SHA256
a2e7f473258fa71ab8826e5f6af88a22071870a5d36043a231f91ce37c02b489

SHA512
ec09e9eccf29dc80722933c256779aa0b7db209e78e3d5c16385c173d1b96a3fea523492239ae39990b11bd60cbb48a064b6a98eb0fb68bd579229a51de883a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2eb128dc51ab0fab22f4c8eb052fac8

SHA1
536a0b4d8ee27fce0fa518513e193ff5e0d5582e

SHA256
50d28376a2a4c334cccbcded52022de3a3f5c0e398aebad44d3abb9a295bf68e

SHA512
4c438c97cb808d1d4c6bd88bbb0d76147a041fb55e908eb367728bd28e56516626b8966515b0fe7555ae26b2f3e9374772df2ea9934700d7990353dfbff25783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\jquery-3.1.1.min[1].js

Filesize
33KB

MD5
025f30faa51f086cd660f9b813686aa3

SHA1
326b7faa9a77485ac91d8d0378f71dd93e47bfaa

SHA256
4dfcc6ea16f458a36acbb00e99d3c824cf349bb2c4d692889b50a8a5a7f2c6e2

SHA512
a1d9beafed298b5e32d3b681123b4657da580ed89d09fe06094e6b2e99e58a0891d1ce8614406eb01c038596ce4fc59d7aff9a8c34242fac38aabd7c23c45722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\jquery.min[1].js

Filesize
24KB

MD5
4608101f5f4ec6914c5cde826f0d1dad

SHA1
00750b044cb2957d7c4eee0976f164de196a6856

SHA256
3329c2c912cefc9f96390ba1590f286ffdfade5b255a18ffc4585ff8dc036b0b

SHA512
1aac41926ae51de81d6044ea5413d5c8c1b5f255eece3c9f78f0d76203558200610c505798bd5237210527ca9034017b0319c35d197497eb9f5d49f21ef38a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\beacon.min[1].js

Filesize
19KB

MD5
dd1d068fdb5fe90b6c05a5b3940e088c

SHA1
0d96f9df8772633a9df4c81cf323a4ef8998ba59

SHA256
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

SHA512
7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEE0.tmp

Filesize
41KB

MD5
8abaa74d67fd65f8c70816e30e44d2ce

SHA1
a1b6df1cda4ea7e3acb782d3250a69a41976ad98

SHA256
f50e96d9e57cfff470bc230fae2840134ed6e8153c8edb366c5ca97aa41be2ff

SHA512
8f624fe5a2abcc6a082dd7b0f0b33bc536a417d50e8d14c7f5afa337dab8402b92904fe6c5e4cd4ce0b3c121577b05236487c3b12d77b5176be1f4f02865eec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEF4.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit