2c635d60b5d3e3d57e9741d48223469aae3a96c0db30f16967aac2741d2fe781

Analysis

max time kernel
0s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f8963d88a91ac96442ef4af0ff320a4.html
Size

3.5MB
MD5

4f8963d88a91ac96442ef4af0ff320a4
SHA1

a530bffcb6e489d5a916fc73d3aaf2784286640c
SHA256

2c635d60b5d3e3d57e9741d48223469aae3a96c0db30f16967aac2741d2fe781
SHA512

dbfc3b40a7f09dcfafab0f917cea55261cdd922ba34e462d21abbc3ca318b01cb29966da2532d01a5d428758b15dd93d83b2904af9d34acc3c2042b6dc7693a5
SSDEEP

12288:oLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nfw:ovpjte4tT6Nw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB5D4701-AF6D-11EE-87B1-5E688C03EF37} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2300	iexplore.exe
2300	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 1920	2300	iexplore.exe	15
PID 2300 wrote to memory of 1920	2300	iexplore.exe	15
PID 2300 wrote to memory of 1920	2300	iexplore.exe	15
PID 2300 wrote to memory of 1920	2300	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4f8963d88a91ac96442ef4af0ff320a4.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
  2⤵
  PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acc9a2492e958499456a92269b952abc

SHA1
24b15c46fecec5a28f849fd7b053dd3da4e1ae9a

SHA256
5fcad381c20bbed9bcd900a991d63a6215ddda629161926eb0a40cdede594e49

SHA512
a1e0a641137e954cd6aa1d2ba12e5b1721f4feea38e74697bf3953697c76560c0b336fc1911db482e4d8965c39e7211a0e5c1d49ef7eeb9419c9f0ad21858fc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f26286c48bb1e7727b59282c135a033

SHA1
7a80ecdd03b479715dd024c1b463f742b02aa335

SHA256
7a39ae185bdaf87063eab1af12a1973ecadcea7227e952c62efcb6b8c3b684ca

SHA512
9c41caebf162a95de9358a89315a735333d32e7817c8160b46a18f044c712b4de60cbd5b89bfb15ae6f570b6f6254b41d4881a38509355dc85d9a7ac95e51272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
384848d539d353a79175e73b9a414a4c

SHA1
f3628552a0aad4e43b406da2b8d0055132247503

SHA256
9beac2effb5974205bedbb626c941c1d8e02a66ea0a07197a705f452a5864d3c

SHA512
aefd4df0f1e98ca38b46cf3534bd50a1be525ff4e976f3a0f9365e39f8a50207f5a59441a245ee50633a90369b5f9a4ee7998f5c6b77358469141feec86bfe9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11f70743f5b0799f49a7831d5473726d

SHA1
dae3b0da6b780f39991513a5eb7d8b8c7cba747e

SHA256
2b292a2b8c4f4d36c20ade10bed7cf93d362a9f680db266c0a255bad235c2fb8

SHA512
7255da36dccf0210ee201a93fe9ecac78fb248a99bedf16c47bb68300860d4634012e90b0327d18dfe604b8ea4d26df701624527c2634505d3c36d76f9d406bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3451e412d4c24afb842adf5236821b0e

SHA1
8732c3a6f658e08d8f99c61896b692a2ead3a67a

SHA256
7f9982a5d1ef5ed490995cd03dfd8de04a41cbb87bb04bcaded08e6e99c26899

SHA512
5db5103bc4eef1243dc6fbcb5114fb6f550869953a4ae0e3ab3a2be6f024e45e4f1d55d3d944a59684734f68968ce3de10b45d03b5aaef61a9d05efcb4dd1129

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16440d3b8ba0d4af59743f1d9305053a

SHA1
551e22fcdabbd9ac50ef65fdc6192002b362c2fc

SHA256
3ce08c61d08eb865d39700ba09bebf15f4acfffb2f877c737b7f5ce1ce116ee4

SHA512
eb81819efdb8e3317ebef92006f15e4970b94c31f2726f50fa38ea455338e9aea02b1988eb197d895d46c701be9e741265671c2dce544df2eab60ac6bd6ddcd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9850373720b3bb22259c0c9e551587d5

SHA1
5d65f19165b90918864093068abc6df512621c39

SHA256
9c9b9877d2f69d3e090da4ce7335c21f63152c589cc21c76c3d9fe36e2337fdc

SHA512
7ab7cd4628ab622b039739c633d1b58bdcb465d7868054b2d90a22601e5848b68b5f9a3982a5821ed7cd11ef062a3b4ffa8c77d33b25c51b2e59c4d926193896

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0088a6aa92c650ef97ead46b6a94396f

SHA1
5e5d40c0d1381153a26e40ac0a839419f85b49ed

SHA256
ab30fb17bee22f3d00ce105024698aaa183b677675dc96103ba6ebdb0451db5b

SHA512
5f4da81b82b8d963cfc34317814e47373483f22b851b5c643735ac59bc4790fb0578e068cc7b594c2dac282dab5b9449cadd1fe761e0cab1ad25e3cffd2e57cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e959295086723bff5173c9af5aef5015

SHA1
918f1131b9a5e76be81fbfe9228e141c7d8b203c

SHA256
2d778748b51a14088d020ff19c9edb6ca96fe1fed3ca1fc0562c548e43ac11e6

SHA512
0b24941ee265cf3927de0a09328025523a9afb17a0a5a63843b2494099c5424ad70d50c06c0301bd51f0f2972907ad0b88610e86002007850c8280f397b5e3c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
459433a998ccac784e39891a03e41576

SHA1
b0db9f9783d904a6f6bd8eea65cc63d61e217485

SHA256
303b4f427b5cd66054d32f41fa2587bd387bb7bcb895ab6a54ef59f747cf0e80

SHA512
6c77bfa09dd4974c43f9c4fbe47c505f84f6e82fa0984714119d25820a147b5263612787dd1d33a540d3c07252a4ec8ef2c0213bef5429081310dc18fae3fab9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
077f2fc11792db18fb4d20ef07176cf9

SHA1
01cfcbebae90345ba01af9f0705e843519d5eaa9

SHA256
9fbaaf5ecb04fef8272432b787995a6510f15c66212dfa9f9c098fdc6b034a35

SHA512
39d116a6c6488d7101c4b220799f12340fe88f128b63483e729f073991716fa4385db81566ab4b062ffaaa56db989d9b82e93f74d12b47f798cc07c8baff4f7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f2060df4d29f6b76590e970cfeec545

SHA1
72ac31b5ce2ab057eba730ef5c59ca55d9c27323

SHA256
11cab1aef5c755165331cfdf5aa6c5d68812b34872d984256bb9b7e5cb285e4f

SHA512
0f70c9f492b90791a13b3051207a0a9cbb4a4e35bd36d3a073a55329c90ec0d5c71e034a7c249924293f322338323e17a93e6915fa39ebd9ef4c8c872ce79746

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab05dab7f96d895ab67a80a6b769c3bd

SHA1
07930eab1570f3cfa2d30d2da5f75a5c117a4095

SHA256
3b37a7d6b6da62ab5c7a7e768544ca9c7f9196fa02df32afcf52260230b29bad

SHA512
43019377db8da2e0eb38b534f61ecc065c94d3aaf5a39d3f1fb5d2e5a601ba03bfd002d9d25b809add4d40fbd0f1ea51cfb250cfa55be58f4422f9852306c730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4502c7ad2f7f75519e5208c7e5f713cd

SHA1
b30578c1d2b345c70bcb10cfcf75775ae523c098

SHA256
267e9ef124c6e62ae77d50275328d29e55891df7593590533398292236006733

SHA512
c3eb11f675923a8659df9c80d3c72829feaf2082aff0044441f2c6a07abd05604fb93e06e29e88793490cb11fd250a7628092e74ca82b038e9570bbad9b641f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d397f97d85f8051ca21f2a33a5cc050b

SHA1
23ccbcb19bfd52df87cabbd62eace6ee0008974c

SHA256
590ec3be501a7c084d5eb0dbac9c4b370aa2a1bcf1989b66901afca893990abe

SHA512
d8780374d8a8faa1a60d12252ee3f55350a86b4a0383c9be305d9710cbfd54b4fec8ded34c844249b424d6123d6a67df88ffd9c24b609d5417c3968b7490fa2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d8f4ba895709a8b5a449b9d4ed1ff2f

SHA1
1d95413afa701f2042eff9bafee33939166a0dd2

SHA256
30bafb9a19f6612dae3376998cdd08e5bbdbd40ff1a2e8a46419785322b8fb1b

SHA512
48965b88a8697f7309b690944f8b7448d1054559c9e4ba9a37fab7fb1596e7525c80ef7dda925203df08ef3cf9388732180d8e3c7259508cbd2a4e7d2841e52c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08483c17a4c805ab04220c9f75801797

SHA1
329dd97dfe0b4666c8cd263de0ae8e603fb2aa84

SHA256
cf31b3974cf0a905eb6165d90892b3f1ec2eca13e67a4459ba0745e052a7b358

SHA512
83165ce5fcaf5e03607a3600d4534f8b74c2bf425365311230e6607da9a312715eb318d875367eb2dadd5a8ee0d5450f77a40075984deccf85c66bd7d55e0a7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a63834311dffb722b0c49567e2188fe

SHA1
8db8f3759f77d855791f4c53063880dd5a08d4b9

SHA256
b9f4b6aab7f19feae09fcb33882db8d17a26a3c13975e96cafdd4ff93c6aff0f

SHA512
ecf7899d5b78ee719bf57ae8a275e316599205299a852c6ad6f7a7e144bd91d8b1a6a9f3132b2d0735f632f897478e90b559ab9b971bb84291109330cc7c1492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\jquery-3.1.1.min[1].js

Filesize
47KB

MD5
4f44ba0cee07d7599af68b0024846070

SHA1
ac8089217efe36226ceb1f2ec7e2d96c46a7ae71

SHA256
a06823c7d21ea34adf171fc6a5161a22e80e26d3df0d62f1450d6bb4f7cd1d35

SHA512
3293f4e1e9014359013c6ac923ca9ffdd5453282f85573409dc4b9ab155b70ff4f38e040f92f342515ce80bb7e3a62cfa4b64edf21ec03fd488c5ca427a7b039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\jquery.min[1].js

Filesize
50KB

MD5
f65a9cd7cb12a978efa2ce0fadb84f39

SHA1
34c871117331632b81f24cf8944049ba8df3048b

SHA256
3dfd87b017d0c59ee6c86920c2c41223143c4f17ae7e652b49d1e2f2a1f25fa4

SHA512
2e278c0cc2a73f3f879d7798db8c3abae9eefda3f52896a848a31a0e29c77203e534dd185d58998f895fb0e1a66b7817aac9c12beecd4b9dad357d43858e0d8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E2C.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit