883d1573efb22b14eb53f7d8b1bb0ff6ead64695ea2e650b88440d47ee79f5c3

Analysis

max time kernel
0s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f49120bca454c75f702e17aaa6475b5.html
Size

12KB
MD5

4f49120bca454c75f702e17aaa6475b5
SHA1

48e05710a15fb45c66e4dc558966d857129b57ad
SHA256

883d1573efb22b14eb53f7d8b1bb0ff6ead64695ea2e650b88440d47ee79f5c3
SHA512

9c9188a879035322cff568f3ea0ed6aedc5be5bab2aed827088fabb853957f26e2add368b1ceee990bcad672d5877f5e4144ebcd770b7ffd7e78cf53d2fa9e36
SSDEEP

384:ln8uqnGDnW0qQT3KB3zixBvZJqIjq/4VMqXKM4qaVAaNRzTeUcayBFJzgC0QxC2q:ln8vGDn7i27jFs

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{35699521-AF5C-11EE-B645-EE9A2FAC8CC3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3040	iexplore.exe
3040	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2116	3040	iexplore.exe	15
PID 3040 wrote to memory of 2116	3040	iexplore.exe	15
PID 3040 wrote to memory of 2116	3040	iexplore.exe	15
PID 3040 wrote to memory of 2116	3040	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4f49120bca454c75f702e17aaa6475b5.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
  2⤵
  PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d848a91241adda92857f661278eabb8

SHA1
bd1b57b79da85348599b99f9e407957de3cf8157

SHA256
b4101f1d33b192a8651a47f8e1c64de94bf126ec62613d4a66388fc63fdfe6db

SHA512
23fc43e433c0bf7eb0d3ed99c8142906ddf5e67add6f5ccc2399aef5e9b70ce465522a9c54c26a26e94b7b3858c63206c318727c2266ada757691d16b755a093

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ec9422ef4c1bad63864c62a1e3aba5b

SHA1
15c5a3c24f9832061ba68f5efd8dc661a292268b

SHA256
beb0e580f07ed7ed3cb2a645f7a9dc90c02cf89613f2307260b46a7f2e0286b4

SHA512
45134cd6fd26cf05d273fe6a19053f494256888ee3d561b81997640c9f9b5e1594327e43f0ec69be6d051dd1fd0b57dff667cb587cfc9eeee8b564762a126418

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a12df974b4d033159ea27e454772a04b

SHA1
d38c39158333745572f333ab1da2086243168cff

SHA256
0750f495665fe254182367c773fdd360b7157223a82b5da4ff47d7a0ca16c71e

SHA512
30c9a2f560bbb9be1cb30c1571d60556a97aa63eceb9e4d26f635285f9ad0dca7e291077c9e4e553288e4e2f6795f4c9d3353692bf504d6c4c1d01779bca72c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d6407255d66f49388395d792b213a91

SHA1
c0ce9a47a6d4150b5e888f7ac053d158989586e7

SHA256
f11209924c44ce6fd0988875b969c416120da0860124ee858ac12be978fe39c6

SHA512
889856fa4bd0bf7320fc8810608bc24f6df99ef943ec62b4a3118ea6ee3b53a64df35ac938e156cbcff862b751db032c8a9abe738e820e9a27692730b57fe326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
715d4fdb64129865e64e7f41a7259830

SHA1
4b44d9bf9224fbf5e06c5d0944bb6520879cd5e2

SHA256
14cf4c748732fed9255bc84863a593d0c2e5c982f46c5870bdea1ae7ac0c4584

SHA512
0b9a7ca39566e7043932684756613398c50a433dcd1f06b3eb22f5deab811054a71de7af58abeca4b4a2fef20ee38857a21ee8725b2b26488d44159861c6ceb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
597bd445131d12abce41415fe2acd16d

SHA1
581c6b142a11a2f2c260a7c6a1be51e4cb03e39c

SHA256
5d530db18a2d69635c262e4d97c47f9af822672559bd75f6a140e1721f9d1e4b

SHA512
394bd769a740d1a7e7a582b67d013d7f4ec4d58f767696ac5dbe25ae30d6fcdb5284e57a9fee036372229b995df17742b51add3855a9cc3e494d8de936a00cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f79fff2df8dd02399b51be9ba3624dfd

SHA1
499dcab88411591fe3e4f6abe8560751eea69df8

SHA256
22293f304cd0fe479906d283371f7bac2e5e3976b9720ceef174c4bcf10fe06a

SHA512
f7899e1844f2d6cf848873de1574d8632730b3cf142a4e93ef4221bacba7b9b48a17cf0b7369f335564d18925e2a5b0915b9b5cdb38bc9c8cb87dc32a0f5f408

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1ef0059abf9eb4ffc667f589801bcad

SHA1
1109cf0495c68ae06ad31fa8ce094c0493bd566b

SHA256
367c83b38ebc162ac175e95ad8260228a5430a639047bf7ec391daac3ce87e13

SHA512
30acb2ff442a83a7ac39303c59ceb0076e349ea4b8656690a4f478e6df6e1a61e2fcf6013e6f741d92fe6ce04477e6e81d7c7180253fb1fb67356267c086cf1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f393469aef6e9204840075dad814227

SHA1
465c908ecd8f7be0702592f9b52718d0d5309f8f

SHA256
b6fa12250d5c100d0dbcb1e9fc69cf8acacd2ab0e616710e7ce66b092a53362e

SHA512
31601c3361ff767da15e01d85f22a46fc6c7b9b6cad4da011e019afe391802536e056324d68b09fd5d9761a08680749ab0655e32fb9d0be038cfa978fb7a3699

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1d577be15c79a731cb66a868f52bf94

SHA1
2c81b2408c51f185233f104b3e61b23d8c011b0b

SHA256
9f92f8b9c397555d09e3465b7c089c6130c93cb70d572dc1bae3f75af5c12b7e

SHA512
d7abd106a702bda5ae378e50e274466f756816f07badd7b0d9dd4f800669607b0afb8b94b1d6f32f43329b1c86c2b6ab679ae33f65bcc190eac89ec7b3027a0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76bd25c6dc7479c18f58b3bdad49b295

SHA1
b94267457e1121d821b4407c59c6b6bd77c92d19

SHA256
8bde137a721f11946518ecb4c2150ea1cafc45ca95f0ee2547b68163e839b210

SHA512
e1c755fa46acd5f5a4f4a229260420ea666508502e0de623f3099004c75e0ea2c886f48c6f7c8426325d114d3a0a3149db1602a2066f49b19b2ebbead7190544

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
287319d0a80a442f9b430a84cfbf83b4

SHA1
017f0754a0de663a86b8fa8938d9de6248b41a86

SHA256
36b74c46ebcc187dd2c00ca9167737307132d0dfc13977ec7d597d704a3421af

SHA512
c45591a9a568add9ba30b1f403566b10c5be7466ec39922ea1c94514142c1ffbc39afd53710726f5dfee8c66f42005fb01e6359c137a70c0a546b0d51a3ca72a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da87c178cb30aa0929bd9cb7a7e9ba5b

SHA1
b2f3bd705c6c2d7be02ce29ef8a13b7d1c428eae

SHA256
3603e9b9f426626c39291d2ed85434ba8e0c8197f4bbaa94558b05ec1bd082ac

SHA512
c1cc86a930742f2d5b7fca704f99195101c7a164dfe9adf03cb0cc9b52498f54e0736a194e6fe7f99f49873f24219e81f6b61905a85af6e0c4f7535222b9d437

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3FB1.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3FC3.tmp

Filesize
42KB

MD5
4472963e051e27cfe57dc9e6cc4ea31e

SHA1
ea1c0c52c7f9fda58d2e1311e984bd7c00ca3fa1

SHA256
7a930053ee42e80b45d860587954817a27bf6dc47ac6ea0196e2d8a9e59c3c4b

SHA512
30c3d301507eb96ca754d0dd3f6c4d2e08228e96e12ee1de94b1285f5fdfe1f1e0530e9e11533e5d2e25674b4dabc519497340f1caff4fcb4b48574144795a62

Download Submit