a95b82eb274b590f0009f328b9558838421938b50850eebbd80921c2bb69289b

Analysis

max time kernel
0s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e99a70776802caacfab2cc7d3a3a5ad.html
Size

18KB
MD5

4e99a70776802caacfab2cc7d3a3a5ad
SHA1

3a77e49e75b5425adc00c0fa7977e15595197b68
SHA256

a95b82eb274b590f0009f328b9558838421938b50850eebbd80921c2bb69289b
SHA512

aa8b2e7aa177b4daeff9f16d0dac758c2115095426b33a624ab9730818884eb7fadd61a753502f43570833e8c8dc2b68588b58342f69d26da7d455a57c8ab617
SSDEEP

384:g0h9Eq5NgXahr1AgdGgs8jMaztTLPAuz68MMv07e:LI7K1AgdGgs8jJO8ts7e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{505C0F01-AEFF-11EE-A586-F2B23B8A8DD7} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2264	iexplore.exe
2264	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2080	2264	iexplore.exe	17
PID 2264 wrote to memory of 2080	2264	iexplore.exe	17
PID 2264 wrote to memory of 2080	2264	iexplore.exe	17
PID 2264 wrote to memory of 2080	2264	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4e99a70776802caacfab2cc7d3a3a5ad.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2
  2⤵
  PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed31fe165632894bffa6cde33d79b698

SHA1
17daef000e6f86c6c1edecb69b40b87755aef354

SHA256
5f41143f77261de746bf7813cadca7322ae03c47995fb3a084d81489307b78ec

SHA512
585ea033a7303c63b7775252a449c6e8085be0ee4e9cb1186f179c26fe49ac069d17206c847939f32e18d6093ccc986d1ec404f6b50f80fa5ed39e6dee5a880c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49925fc41e037f370167fc6c9fb82872

SHA1
c4746a0486fccf22d18ae6c8ea683807e1a03c45

SHA256
2e0633a4bb349ea8feb9d9f88ca1fb028c97130f045874c8f75246a1ada52c11

SHA512
6b324d71705c544b12b6e2812e279ad71b84a6b3e10459e9a69f55977f883764b278c95537bb20a63153990703be242e05a42d386a8ffadd662171dd0c79dc8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8638fec40b5d000633d689f322bbcde

SHA1
eba8dfdba258df6c49b802c9b9d50468143ea509

SHA256
8713d9cd9a5883eccba68deb9598eaccd4e57759cfc4e18a35f84b9b93af2571

SHA512
b3bebdd068be4cdd2f00229407b931af9a1208eac9286bc476bd1fdb22a9cd04538bae39324f5d7a3f3b53917e0b280a2f0827b15ae68931c4b56f88b96b027b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2badcd0490b36bbbf6043228f45fd632

SHA1
ad9e205e5ee5e762608125d5df2e0c4571e50e77

SHA256
c64d7e9fb3f9e1f5cb864a71bc2415ecde9753fe2313d54ebd30bd80bd850724

SHA512
95c4f934d2a5d569d4c7953678ed10bd03cb0c325a47cf7eb3c78ae5951097837370b37f66751b62e228b4b2169b0cdf3d687babb29b4c1b3ddb581117e67991

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0029ff74fbf9fa16b6be164e1727a91b

SHA1
c688df44e4330d7a8743017d1dead832eb470be5

SHA256
5b57b8e20011710b339423624f91c25f195e15a6b6b9a2244c6491a476e3b920

SHA512
3fe79eec1df83c3834d90a0e3c64e5df6a6cb5815210f47f302270c668c5da7cd136baa220c798a3c441d254b8365ef52747ceaf4b6ba3b078f48292ed006389

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fa221080bce821adc2cc9823ac71d07

SHA1
393bbb3d005f35e0b1c6b819aa1366d03ca136f7

SHA256
7a0f4e88752b63545d81a55c1feb90255b7538f3ad355b325a73699b285251f7

SHA512
733fbc83428a86824c8222a78a05f8c780937155d476d135c049b3ba01a572029e84c991a280a64eaba3cd14e6bdf3797c5e1ea9e0ff54852611ed2101089cbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e473af7eb273ed6d90d3140c90aa226

SHA1
fa027788d13cc85a7c241214f5edcad72786ba9f

SHA256
752d83c1d46df7f635a017b4daaca2de93d65ed05734120f382bbef0661b3752

SHA512
e49ed94fa40dec2d46eac7885fd790fd516efe7cea06afebf507c76eba8d8f50d4c3723645a3918b326587080dfee1cd741e9c80f2795eea153364d3a7f7cfb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef8afd52df22e1f0ea3e6697f718362b

SHA1
505286a6994f7d13048ff8ebefd07ee6a65b9459

SHA256
4549fe1937ad4451cec4067a41e74f2ba03deebaac406a541a3c2e250ce1693d

SHA512
db664cb2c42bdf302fa9a86c45574d1910f654f05632578767660f4cc30e6ae42868e9204a3f7fa73c247099c93752897c6172778d0a8bd616da0c371612e2ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3341f2dfa24ed8387d47f2665d62222

SHA1
2a8f5ab7136cfed09e8d67037f62dba229f1a82f

SHA256
501a0b7408d094adc2a9011e70e4e24faf0f730afe383097971c97d3f7a9ca06

SHA512
43a0592de55194726f65314aace30189b225de2fa560fb2ab06d41f3c034599cc9614231edc2173d8a3f04975b13bb3366ff6ec3698588649b66737e2d751883

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
834c181150e66b4ecdd5d1bd8b0d560c

SHA1
4ae7f7cbe2a38a3174386638712fc1f83a48f4ab

SHA256
c6dece0e46b25d43d5a26c350612738ac601c972f8d337760be5f20a55395769

SHA512
d3fee0075504a156a8ac0cc6b608f7a9c79bb68259b9f99c3ca834de34811eda5aea7ee8a7c2487a0b1f05aa02f2fa16816d3864ec2f2a28d311a5604b237fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ad2e04f0f87c3867027fe8dfbfec7e4

SHA1
03367f6f86f5727631d20f07e736da54e6126e79

SHA256
1fcd0da63bb89ce0ae83e689e9bcb2a9e69350fd5b373ced5f24f67b43c05620

SHA512
b46b2089428d68d635c7a4f13a2794192588c15a8b78ef947f354eea2fb16b1a3bdffd08936bcc2dc4b82678ec12abe8c4ec768aaac34e0d0b5c6e9d5d1e30f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bc8a65b2a27ccb71479b7834bd92910

SHA1
72d5a0efc6986e46455af27bd9e4c02a1530be58

SHA256
ad853a42316c4733484943be64861409bebac6db9d3e4043be98d9968d071066

SHA512
0c156b8ae4832111d3cd2cf62cd49a34d84c177b3b0f7b404f75c0a66f6d587d459951686629196f9a482df6c2c271b3ff211ec2eb96a04c545ac129429f0361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61c661b11917c39992d786e69609d989

SHA1
d9bd546088c49da57bc5896d3a0389c105e5a171

SHA256
5393778eee5e2e8407bc9ee9a8217bf35aa718bf2b935c03c3fc791a0d9cc121

SHA512
fdfc62541303797ac1975995009ba972d92342e4c4cf07450449aab94a8aa55cf743c4d5639238e242252949e53d6d3ae48e66a5b8e4db49ae0d28b0bdac6391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c3d52004d490f3e5ae26454809b48d2

SHA1
a04810fe527e372b71d11e88e30ba8f1ea2a1315

SHA256
c57e6b10052586e3c2ece3ca9fd07d01a1bd1480a8f1ff2b3611fed509596c38

SHA512
f282c01e3045bf5f96f75736d30fd5c5cbeba94e09155799a1c4d14e5bedf23cb0f90488669e25f3287af536d9a3285b0203fab96acb689620ae54d97ffb9ae4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2676.tmp

Filesize
9KB

MD5
40337746918faadfd129974a4b7ab81d

SHA1
7a1dd27f29b5db669760b2a702ab9885c03e3eb6

SHA256
647dfa457f288726a75480248c25cbe064e78eb9525d312fc7662ee01dc3fb47

SHA512
dce2116b87af375dd8c939d354daa16e8715df1f9b611f546959b1d2e2d89558c33adc9ba0d5b928fb7f4efa1b53e1d0cb6544eb13fb255c2ad15c98b49b0655

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2689.tmp

Filesize
30KB

MD5
9a8676a6cf2555bb8b87fe3b4a0cacd1

SHA1
0c42946d2a517ca0459e9f6d5df131058636b34b

SHA256
3e70876fe6f1f68a05bdf21edc7ede3789c62f3c7e1fe7dd86c66a3769dea59f

SHA512
a8d025508cd7e691bdb65712be24e746799eab65ccd504fdfc720edf59c413d302612cd9ce063c97f044d95b7a1d84d3c8030a3af954d0779dc47f0f66ee7e7f

Download Submit