01258e14ee65a1155d08ad807e75c6e21b7790c0f5a0e4ab3954f91b92e4f5c7

Analysis

max time kernel
0s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ff6881c353c465997f1e7ac5f4973c9.html
Size

3.5MB
MD5

4ff6881c353c465997f1e7ac5f4973c9
SHA1

7d23de2efb24cdf2d7072996cdd6b3e22e6cae55
SHA256

01258e14ee65a1155d08ad807e75c6e21b7790c0f5a0e4ab3954f91b92e4f5c7
SHA512

db559983af1c550d59fa54f95430b8929467a5d73d31988d40469c1f95cc28f5b53ab9fb311c0834837fca01d6c89358609a6c5b0234a968b38795006a0569de
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NNS:jvpjte4tT6DS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FDC6FC01-AF8A-11EE-86E5-EED0D7A1BF98} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2912	iexplore.exe
2912	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2708	2912	iexplore.exe	16
PID 2912 wrote to memory of 2708	2912	iexplore.exe	16
PID 2912 wrote to memory of 2708	2912	iexplore.exe	16
PID 2912 wrote to memory of 2708	2912	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4ff6881c353c465997f1e7ac5f4973c9.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
  2⤵
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fb6a03e23e804e1c05ae5f8e4533957

SHA1
88ced885b7feb7341263b6a43696f33d79f890ce

SHA256
16c9953da7d851ddc4c4b27507de468b9545eb4c2753b7b0c6189a16f0d45249

SHA512
02298881dfb8a75449e897a7ca625c45e6bbcdb3498c20248ffd36aace728731d71d92781474bb4388486dd81da173a1a08b44d4425e28a9a0430f920cabfc4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6314b7b504464cbb4357cc4b6a0d57fd

SHA1
1def38b54efffa644cc017df73a21aa9fe89ed45

SHA256
c7ced5dd7c9f0c4ca676079497b40776235a4f80a8ee744eb4ef46b59371411c

SHA512
778f75dbfcca04eece94b84813dcd06705d22e011cc49064a6ee88b3207ff1bf495ad4266cc549258f1be8f8221c988852c8ed6a9210bea0e603783e18812210

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1586233fb98a823e15365f8136865b24

SHA1
dab4bf8b36ba61d896dfeb2c2297a51862556596

SHA256
c53fd55f177867e0979d91c4d7a69201eeafdb8e3fdd0388a1dabfddbc7c0174

SHA512
3d71e9f0be36385ab2500910b50b4d08db4763e79d561bb58d81976fbcad78c946bd56fdedf96881079457f54cc85bc8edc60872ad6ded19fe59085d81ec565c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
307dcf0e176a5a1fa06bd372cb4a57d2

SHA1
cc55bbbd15b1b1d6fd0d03913d3b5666c13e06a8

SHA256
97e8f7ed63142c6ad6aa8ee50bc1eee698cb00562cc27361d5ed2716cd86ee44

SHA512
e6c6dfd55d3fade9e8aa427097a8f539fd9fc5f704d6fff83c6d36ef0f6ade7d9711faec214ca51420f25dd959431edc97f3df3f7d3f4febf05e05974eab3cd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3eb3d0c3cd2e4bd6bf7979c96735e078

SHA1
7c4f8112918cfc32eb5691c0be09e0a7a7840c4d

SHA256
ef1b4470ecac768fd21479dc866e537c9d8fbdd017ed8c1584e251bb4b80c634

SHA512
fbd4554de69e8e9fbec669e36dae5f02485ce61d2fdeb9c36a0ef7484ca783f617cd71f8ed3cc0f1ea4fa86b4e4fcba4dcb29b46e3a855d8c9d83956628362e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3caf243c73fed72487b2d140f51ecc77

SHA1
02e2ea92987af8e6c760ed253008d1e66d591ec5

SHA256
c70d1102a6ef6f518c2a45482514a27f8be44b9356f3fc420cdd3710e00d7728

SHA512
fb8a8ad56680a964cc5802982a17795d1ce4a802b8d97d4f063170b1313390406dd0ae2e610558a0e1b32047915d084f251cc901bc9bf60b66a346d96a0b004b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9faf761b7d4e5bbd958b49b0a7de0678

SHA1
6dab08016a0b1494f68b12b5485cbb5313627110

SHA256
42f604682e3574b23242f3e8878ff246ea7f5a5ad291385ca9798e6713d79e68

SHA512
8132be9fb4b6f265dcb8398c9d8eb2e1120a67ce87370857beb06e164e79ff4bec7bd4ade401c8810dcef04b536bf5378fb50269224962f712663c37c3d6a41b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00d0e45fbb58a0927587ccc1106a8195

SHA1
9ec3cd0d75bbf95b56224c0232ddbda1ecdd6ae4

SHA256
126d57f115ede7e4c7b4b7be74ecc7bed337e501753d2b8938b5da8727d22480

SHA512
a52766a28631d7148004b094ab73a3775123a1a8e9e267aeee9ad5f570ee80964ce97f90e9124c99e9314cd136b4432bff8ced64a293d9ced0c54f978899e052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1553468240b899b535e6bba8d0104dd8

SHA1
4cc35a32fc5e9be44f9e34f056d84205342d0b85

SHA256
d5b977d6489bc7287b6b41d826da8d2f4597e32cc4a124609396cf14d04f34a7

SHA512
352e0aa7f863f292b7c6733e1fd814c585fcd3e64b6804f13dcda968dce68f1e44d8fc21882c3c6efcc28b255637f5e03685dd28d7ed8cf60c7ede1753d3f051

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5d833d2ed30b1be635c99e33ddbbd56

SHA1
6d9477f56e4b8c790207c9cc897c8f55e740eeb9

SHA256
e1136b985594a096508115e9e01e545c3bebb9947a7dc94e77c1c8d43587d21d

SHA512
51b076d177b8e8ce09bf8335c8edc44e16df2c3d12666c8b83c79810a62a082f48b7e9530f0f7980f6e937e19b6279b5168b85db256e1cec0a3748902f14398a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bce4b7218c229409bc2866dd82defa77

SHA1
30be187643460a9273976c6d717b0c6b56f0321b

SHA256
f9b2de07e663c3d94c611ca36e7bbc6f018b96307908995b6f6ea539bfaf9863

SHA512
21c8339e4953256a82e6578cd6d0c2252c61e5e00de5116ccb61a6172910f51bda042d497a7536f33bb3b89be246b5be66b769b9460a4783362237e4d4c41ea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef4ab14947e93fbd8b8ffd4261e56596

SHA1
046229d834141783d8a1d4cc82d6dd2724f9d4d4

SHA256
1f6616934fce83bb5576036716569810bd1adf9a36a9e7aae372726744f6aea9

SHA512
498e96686ee87e111b0061cacb94bb1cbcbfe8fd833386d77b7ca13afda796e4fabff78156fa97bc972583cf78c0b98f4719fdd053f0bc46ec7a412a1ab09ffe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
548a3e875dc16d5e2696af988298a3bd

SHA1
75e4266a1d58af5ecd8beebe915f0586d07ec73c

SHA256
f44e6da1c1a0534ca19d718603d0c42a3872dd0e0060e6ba98c50f859664d7c2

SHA512
83f668b785f17f87c6219ad3f7faf75fe7517da0266d3e2238a03aa5e3de1dc2f26952bc6f11b33e4f43f4a2d18bd8585984a1f065d20bcca9c06c9a2c0922ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f642620b9607322371ed966ececb503f

SHA1
ec393124689c02b0e40789f677be89084b617c95

SHA256
23eb97bb52f98ffb9dc36287cf054a27e99254d6b422f9e415e647e4ec3e1bdf

SHA512
f58ab40f0ff48cd4a85d7eb540488b5e56c37adb2a12f3c0b8301ae53a4e67d8b10b3312c8d7bb04274f64771d79af7be04ed7077e6e3dc2a33c714ee73fd4ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6bff14e510ae96f46a7f3e28ef00f24

SHA1
d8965160bf9f582f1a90c2e26a6f2c18043655f6

SHA256
390259c206bf29ce46f5fe260faf67e0f19a3f62e4f2b07d17a7e061f0652998

SHA512
53925662fc42cf76082df6f23e5b04b62fda0bee3caed74922a682b688a8e21fb227393cf836b895d944050031a2bf164b8f093cfc4ff990c494d59c1286ca18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e4efff93d16ce358703cc036849d4cf

SHA1
3b8efa8b2e13a2a53617cb5456c1afb2bf38e9cb

SHA256
267c3fb5ff0e0600ddc23bd1bddee0698fdf69980bc56edc54cf2ff76bcb0847

SHA512
c866dcdfb8d386ac0d338c0dd5f0574557ec1aba1347df051268e2d592dd0b5927b7eec1460c18078358b27cc4b40a253c62c1c58b7df1bbf9e768fac792491b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ea714ea0385ae760058854a28fd2463

SHA1
5bc45ab7395f7b9a3a70d34512393f1b12cc0930

SHA256
ce478f5a7226d18fd5289d9041ddad98024fad5c26dbb96c571a8dc42cdbea6c

SHA512
3362c6cb86ba3c98eb6f197af02b296f4e66fe03c5259b7790b62f3d5a0c92061cf169de4c3751dd8d97e41d91f784bb2da97bf9cad853a841caeaf7ac0c81c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
629a74277c1cf6d14d8c314b36a1e78c

SHA1
a2fb4a87c5f3f1fe9d5a912b3a69d22fa8e9811e

SHA256
11075abfa8384c93355e56b2bc457ef805ecd4fac60eeed2540fe821824e3411

SHA512
83b950c8ecaa5b9272b7483ab21b73243599dffa59474b78f1156cc7afa647970b3c79eff75fe663a789663caa80ea2d540c590147877c0c4c0497d05079b052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b1fa5623565ec22966fa469396f57a2

SHA1
bc2e400a0a2dd4af7963960a0761fa3e8aa58ef5

SHA256
012e5f956f5d5d41176a5033f34ed00454cc95b863055eb739d5fe6c3951640d

SHA512
1433d7e7c9a5599c790c781ad5abab4e5659628c2cc7b81cbc6ee1467d6ddd3d9ad656ee02ef558f50f387c54274af8358ab2ee97a02bdcbe6577f4b54368ba8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31b2606e3be5eb68efe1ed1cea513dde

SHA1
e02794aa6a3274ad0cb384758e0f13da24b63dd4

SHA256
7b031b3318ec4f08eb94109b25d7581350978c1c1428a29697770f7b1b4d6f68

SHA512
8ee9e0f9d2840c77695a40d1e402a69dd0aef9a0281636624f69c9ea584e53b89a8dd2c40faf68b6a11494e1225c58804a2db351d28ed36b49dbab2d0210287c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adeda22235bab26aed40c7e05fac7c5c

SHA1
a71edc7fa609d5fb9fbd20bea6b46a672c97cbe8

SHA256
715d187d36a9ffeec3e52f80dc811cbdfdb9273d87810bdbfa2177144275b5bb

SHA512
eb09385b4f9bbe0daef876d62059b59badef95a3368e5a5a44c9c2a366d8b3ef0124bc0d917cc170145bc228465218c2f4a8733b573812488985620520982567

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05f48726071142ac73326c99b045c727

SHA1
fa82c2f31cf8bcf07a0ed28e21b09a1833d9578f

SHA256
d9472f17e63ee8d66d0fa769959061c617fcea84875ff32e42b79627df1917cf

SHA512
eb0e5d57aabd188888d3594e83bab91d50278e8c3c40a179965d65e8c7658c0a8a7398bea2b3c6257b30814f5340f864c13457c5d5971b279d0535a4833f02e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb48f3c64872fd9e329335099a4f099e

SHA1
3532720b2836a2489c77423ad951cb36d30bb801

SHA256
5129cba89015c87830b9e87ffe2e13b65d7fbabf9a6f345b9b6a8915a5f6f0ac

SHA512
bf576589c63ff0d8cdddeeb2d0275127a8b5868c6cd476546f2714dd58f82b689b2b9ed306103cb57cedb41d53d2dec7aff5d0c5dc5a58b7f01d1ee15a6bc4e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\jquery-3.1.1.min[1].js

Filesize
17KB

MD5
e524d169de36b9811d2e6b0e0f8608cd

SHA1
c8685056c7f7ced0fc67c8ba13f5981f6e0f30fe

SHA256
74f85204d41ab0c0a3d7beb5313e021d90c4bde85138ce7d1cdcabf1836a2b8c

SHA512
07f94c41d7cc9e09f74183a823b9c6b76dfd4f099bc22fa41008f75b2ccb5bdd35d01a09714ef09a352ebd7563c15f2c0b2ae0c2a29e002839f15f3fe72890ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\jquery.min[1].js

Filesize
33KB

MD5
0e88161bd9ef4f33069fe9e3f26dab64

SHA1
40f0c27e272832f7efe30625004462359cfaa805

SHA256
9dea4c6bf778e3f5120670e1ddec211326c03675f969359c1f2442ae48f8e8c1

SHA512
bea21b4ed7b4bafe414ffa27d8bb3f060cb102ff3f827665598e7dd68fdcc52153176c5c1f24371981e632502e87c84da113b5deba5dfc28b7b87bdaac437688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\beacon.min[1].js

Filesize
5KB

MD5
d05073d141d50f3d43aad8c5c1211559

SHA1
68bae8b063ca964ae2d5b29a528d220f1445ea3f

SHA256
b14566073c64e90b620e0271a6b8c5aec291be24f523002b3308de2002484a92

SHA512
0053214a329e93eb5294bfc50956be832e9f8a9ebf5b1620780375e77e8a33351e86dfe8e91a60bd41135401d4d5b47a47dee417ce3f566c46c1757b2d0d90db

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF2F.tmp

Filesize
56KB

MD5
bf300eba9e3ea2628c197e774ce45d18

SHA1
a37e7cd61008acee24b6f486f099ee2dacb99b66

SHA256
79e84262ac933f7ce12a1d355e11379f869abb1cbc5f2b12ca6e4534854aca75

SHA512
cca09dbbcb5b272f06a478352a732d90e130e1a9f9b09663bfba639d5852894867ec67161074c071543bf06e65d3c25bdaa98a5a46c83f37281e156e3f312286

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar13D4.tmp

Filesize
17KB

MD5
922693c87345d40616daf4efdaf69813

SHA1
32a5db2472df019e55279042b57cb899a8d00fdd

SHA256
a04df447eeefaa4383b29d4510e773b6352688ade641e6f0d41340a826713385

SHA512
0b005e463fcfc7c242e943afc726011d53e2db8f191af3dcc401ba1a8f00bc427ba3b7021f969b35c057455af6dccbe96da4fca5f946fff2e34b9be84a87a67c

Download Submit