2ffb25be0aaae33c68689fa65ff4161454ab4699828034365888d92031e08f02

Analysis

max time kernel
0s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 04:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d4dc293cead57fa905c4c554f39249c.html
Size

66KB
MD5

4d4dc293cead57fa905c4c554f39249c
SHA1

26b0965d49bfb547ce34c41d085b9ba8b1509d49
SHA256

2ffb25be0aaae33c68689fa65ff4161454ab4699828034365888d92031e08f02
SHA512

0ebdfe86a4e2e6af20bc9cbf5605097a4faa5d4094b7364c9159ff29c0c831cdd54972fd38d78584ccc389751253d5cd3a6e0d0dd2084e3ba636048be9be29fd
SSDEEP

1536:zmYwGw4Q1mhiCOZ8P47jFi4o/LzcuRev0+gRIJEJNezcekezKeevNezKee9NezSd:6Yw0Q1cfsv0+0jlL2EA5ie3Tw64h

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{338C84E1-AEA5-11EE-9FFF-CEEF1DCBEAFA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2928	iexplore.exe
2928	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1812	2928	iexplore.exe	17
PID 2928 wrote to memory of 1812	2928	iexplore.exe	17
PID 2928 wrote to memory of 1812	2928	iexplore.exe	17
PID 2928 wrote to memory of 1812	2928	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4d4dc293cead57fa905c4c554f39249c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
  2⤵
  PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
258bd377cf6725345b4135c56fb83fc9

SHA1
de3c695b3ce1fbf5fa5cb76c19a60598c18aa207

SHA256
0c0e90ba4ac3933d522581644b028b2c7a7954cc814adcbf89d745dbedb88aa6

SHA512
48ea8f2f29f396f21e2d66fbcdd07b7a0a7b426e61135a127e56eafcbe4b5dffc7c1747e0859a1c1a6abd4686f4f68d0ac8860ac2eb0f13ea6676f1da384e552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
8b2a8e9a1ab4f3acd1d1bbec6806fee9

SHA1
8419b391aaa3a1e1a8b656e1e99edb39510c2cc0

SHA256
35bae26b801cf4b31d699aa8b7209b51418012ce18b85a75a5030ba73436761f

SHA512
fe5f9d7f1f7568337ae48f51849c726d3b77cd4b84641921ee8cc424803665bfdf7aed368952874dca88295e3a2798ffbeee28da14558d66bbb35c245b8ebdc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
851f90b3354ed8ad10e79f6c1027cb79

SHA1
b1334883a45840f2ed96dcc62863f1c6972d0ced

SHA256
d3f1aa620e511291983cc558065d4d547437c0c3d6997ee726be62ae1064e2e5

SHA512
743489f38e4644519dec7d8e3ca3e3f6ea20fe3be821ce5ba5e7eb5b7fc26a5585672610c42a29bb2bb5e6afce6091b64a4e7ff9ad762afbff0f8bc55b0a9095

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a63410fff53a7c4d515857d89a2d2a93

SHA1
0147435b64d954af8030902cb674998f913b82f7

SHA256
3be80613aa74279e45208732cf75d08c7f32579b9d6b3619d1da2d830e1dc504

SHA512
c98a7e9ad6050c364b5c499022ddcaa57de77325dd8f6ebec26aff3bdc34295702a67d55f0bad3777449a68b8547c976f12587a8d200c815a927f1fd1e1f61d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c317f487a7a91fcce552b52da7340d2f

SHA1
b095fe6c3fbd2d262b69e2652678398388b85970

SHA256
924686921a9724b0743894a4bfb6a88fa450a004c384e1b1bac592b195e07523

SHA512
c247226520aaf7bcd93283d14fc8bbb02becd0f94a3511f9c512a472f85f3041d0b83134b1c4f1790b821a4a1566bc2b3d79a202bf81e321f4de78065d972c5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f14283e3c3a4328263769900e0b331f2

SHA1
9f247c40bbd73efbaacfb635ae6f240eb34ed128

SHA256
91f73e80b0c405f7469e0209e81343c8e1e276273020d2d7827c0d11c4b4077d

SHA512
23ed09a770a54117091499a9886dc9e6ad09cad4716ebac890f401728b1b6c8e21474ed615ddb3f03c44f3074ca69af449027fc4b79413ed005b07d7ae4816cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
111f3704681d88fc44be34ee02825631

SHA1
9e11e46ead7e4b2e549b7561114f524d75212fc1

SHA256
c8a6a6d8b33050f2729838f5bdc2682ea215df744c23fd1c94c64fa459fe1579

SHA512
2290f948fe2dfd5a4f3b2955641ccd66a886d977607b0f2bc1c9eea058ea42c6c337c17c9fa1b8fc4050dc48299113dd770684169a59fc063454006d29a53099

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c1f4e54737a9cbb50abaac9890d92bb

SHA1
fccad14b0855ee1c7bcebf6c574da23cf48d0da4

SHA256
8d76a28f097081a462b29495a3f21d78a50fe5897366d87f8a2c1b0bd15d31f6

SHA512
bc66b604840cf1cabc815cb3fe98e25469aad62b8d4d0a860a72783e27aa65a29ff5ca69a1eaedb24b8fcc9a6e26fc94f37d827127d04eab9efac1a951672fde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22a61df610691c29640590bee9aba6e1

SHA1
16abdda3d7b6a2deaafe24927f3bdc35ffe06c83

SHA256
24266c931a93ec63b57e2680d1e1c912dabb7cc42e9a308a7a6179e35910463b

SHA512
7a509ba0dd5cea2f3cba3371246e5235e905dde7ad48c9e4c9f22b2daf9f3b8bd4adc978afbe74373006956256871da202c84d961caab3735e7228b7c0ff31b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\cb=gapi[1].js

Filesize
84KB

MD5
98985409812b58a6fe372e31b6a6a38d

SHA1
1ef49ecf5a4c428751a6c6edef0d9fb93108a663

SHA256
852425404e42238dd5f5effb1982ce876addb659f27016f550ef625316d9a703

SHA512
9c0cdbee49f925fa0486a818f53de3ec70e08ca0a221fae29a9d43f8417691413cf233b9f2f61f2ccebc278b4272d6fc0dc5dfcb363f2563c93b70b7027fd6b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2ECF.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F4E.tmp

Filesize
37KB

MD5
0fd6a12398947234c58c13d809de8fef

SHA1
49b9812e50647cf4f67c408653829fc1a021e68b

SHA256
fe5cb1eaeacd7fc9288f9bea632c2307010336c48a2307bf6d3c74997cc2f7ea

SHA512
6d128390dcdb029a63d84b24d908398f09e05539eb63cecedb5b2575d5c68bcac289a139af31c7c4eb998cc0a3a0dd91cd1655b7d53220d80a190a7c9eabb19a

Download Submit