ddad977659f9759833e249fc4b5678b2cf84cec18bfeabc07f538a74869c104f

Analysis

max time kernel
0s
max time network
129s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5383138ff1d5c6009449b060f717e173.html
Size

893B
MD5

5383138ff1d5c6009449b060f717e173
SHA1

6cc71432993bcfb8a0f381b03f20e89e159ef82d
SHA256

ddad977659f9759833e249fc4b5678b2cf84cec18bfeabc07f538a74869c104f
SHA512

ff9b9582d5159eedce07b699a58769f7e3fd56d6fcb94826ab2b5bc31e10a4b79f0eeaf933430e637101db35848687ccafe42589a8d4e9fc407e5fd9702d43db

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68A05F71-B07C-11EE-888E-CA4C2FB69A12} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2004	iexplore.exe
2004	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1968	2004	iexplore.exe	16
PID 2004 wrote to memory of 1968	2004	iexplore.exe	16
PID 2004 wrote to memory of 1968	2004	iexplore.exe	16
PID 2004 wrote to memory of 1968	2004	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5383138ff1d5c6009449b060f717e173.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
  2⤵
  PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5dce9ae3d3678f3fdee9aab93c1ebfcd

SHA1
c66927a6877713df7b7054bc1606a9243a0c1f67

SHA256
c87d6d8086602eef53b4ab6eec377e44a0e3a7e97c06e7d5d59ce1f28451bf4e

SHA512
4baaca785d11216bf3bd803fe07b691488d4044e1f8869075e1bc30fdc99bc8e89467ecde06bf5b88c71050e12c27685d5e4f57658abaf03938702d6644778a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
168b32f6409c69bd31d1d9bc5df5f002

SHA1
4edb34b942e323515bcc3d2f9973f1e327f7bb66

SHA256
a4f586fb25e5960b2f1a68fc76d37863fc3be05f983966281a04a9367036893a

SHA512
f5e3399f3766c0d5706a96879c63fec25ace80d610eb1f5a2a52fef2d5c265da650b46d774b332c31217f57e3a9721afce5e50e1b13db1d7962486cd4e302c61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4af7cda6fd55ff783265fa3582c6043

SHA1
a7762271d606dc7f77552fc369c8acf2af40971a

SHA256
26a5a9ae67279071d111810cd7bdec2bd056788d2a894788c1e2459514ea6a64

SHA512
7c5141061b02903ba278f4a30b05f4f46c655c5cd8146b13b5edadd409a6369895443c4531203aeaa61f193ac1d0da942bdc2429e0da955ec282742f7f8e7630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fafb2c35f891d6c0d5bd89ad03fc3de9

SHA1
f16f5c102eb1b3eb168379c7f65c7042b19530bb

SHA256
eee5bd5c5d85574488f0a2409ba2fcfcd7132d5ee0de2e293c6f35fa9cdd6501

SHA512
fe8138d7363949c132907ad158eac1abe26fba2a1e74b80a3c1afff4d59d6d5a96b3182de3ab8fe58c860a3a5e0b408bd2a72b259f8f4eeb9b662587b3485e4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffc0e834b6bd86662944f8b05c49b48d

SHA1
80cab250a2b11fceba2139b6e9d5c666299c62f4

SHA256
28059b6c8a302bd6cfc8abd7bbe11063fa7f3fb546a7cb9f65b5d38b04737947

SHA512
83778513294dbb951b769378acd51a80a1bef8463497e82803723167a09ca006e9afae1a8511cd8508d24d807e01f4575c45597440500a590ee9dc8553b6c6af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac91a824cfc8c8071404f016a8ef5697

SHA1
717234b7075252f0316e95f12801b96b1abf4c1a

SHA256
8ab36018a218b6fa81031faf3803eac7eddb20da2a2c54f6e9f902e5e8405f88

SHA512
dd38699f5fc0097bed4a2f0df7f0b70caecf5b005ea4587e36d96a9ad3b4d4c1619096a53994c88a25a2caf606eea9c356e62e5365d25dccc1acf840714e5473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64e411a1921f78aaebf2e2daa1565285

SHA1
906f114b8d5ddce0327014133b978ec50953a1e8

SHA256
c58bc7dd71a1d1428538c7087010fe28c17b446ef7cb1e171a6a8219115a9328

SHA512
f776eda28cafcb7ca824f6e2b3d689324ded2acc33e0a6c97b6a318ffac1e58a9abdcf3fad5c88f544b246d1241e32f55f39bf2ba7f4e63444cbb69cd5077ade

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2c6b76d9abf96a8331023133da336d3

SHA1
6d59a2a83a60b56b08de15fce4e3532d28ca3905

SHA256
74ab0f73396b4e75f4daa0692f06ee4ca302c3062f11580c2f209e0115a3ecfc

SHA512
cd29e33d9a502ab70a11b05e3c5b304535a1d236c18a7d2c486eb9c65d336d8e263f29f3bfbd247608e162bbae9c6992ee9d84ae5edbc1604cd8ed484fcfbf9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e524bb3fa55066075fa21a96c2219f4b

SHA1
f59cbe8f3632e3310f446d9d9213c8b3a192590b

SHA256
a0b5b7954d20ae91ad10eb868f6518da606c06452cda7d91e4ba256751b75d66

SHA512
e814605a70e0e81bead0020a0bc02e0d850e7169bd2c88cddb2432a8a05ce66196a81add8244f29ba2ed9978941688bb5f8c8843ce7f7ccc571936bb6a92df70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d50b8eef6e65f4a846e70b66fe06745

SHA1
2a5b4ea3945d4402181201dee9d4834602f96e95

SHA256
d6a078fd3f17575764d480a2858d6a2fecf443a2da5e5b496c31daea222d9fd7

SHA512
a72482422dca0fd5536ff01e9275948a2b665a974988ec9147a9bc1fa35d9610bb56e28c5caa9998fa941c5b390807deb3870b56ca8f916f42428f9b2f8602cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88ad56cc088b902f8539f1bef85dcc5f

SHA1
d64182761bd1687988b4c425952109b6736ac723

SHA256
31cf46780fb8f64e3c0cf8f6af130886d8133ba4943f46087f1dbae1442cf7d0

SHA512
d014b90818753e02ae37406d71cb3605284c411beabc91a8f350b05fb06d48c7cf83b712ba8d014dd3b92b6b2aa5e2709376c6759a8d3693b09a5200dad8e362

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53e109abf40f759fe11e77fe4e1fe94a

SHA1
e13d116fb55a5fe0d91b9726b6e47728dec906c8

SHA256
5d0ba51c02455d9fbf7d06e1607860bf8832a84e047aa9640fb9fc23596fa841

SHA512
cb7f7ba8ee9dd965e6dae533baa7387040306ce5aa4ae57fb902d367ae68b9e2c634e6f1206c458ef51c62de8d588db13adf45abe065c2d70bf8c77c7a0a096f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff4894878c35b47a977abe23a5f478b1

SHA1
76246a53de2a16e7e3a34ee8b867e647e7f4de88

SHA256
83c08734f69085f9d901cf8aefebd966399cb7e19128c6a2bc2e73fdd00f5fcf

SHA512
16eb7b0740576d8a8e3ccbd234417647d9ee937bca510e2ea4f0c2462cad8dc45fea1e419f84ea7e18dd158c03809c4eecbb9b66b3a38a7299c7183b909d4fee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56f551233a112c00a7082ae273429e6f

SHA1
360d620b9d2a0a47c3a7a377cf48088549095fc9

SHA256
28b7afeb6e3e5a0a420e598664c7309c98e945e47199130f592fa829d22eca33

SHA512
fba2d8917b3344542d2a681af099464f7bcefdb068b66aceaa4195b50b68cba8666f573a03fb1cc0bcb38bf13e3407241a3918a3cbc17bedff0b0641bdd09d24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
51013e986668a51178577ccc3864a06a

SHA1
aee2993e62e37563419abc81b21df15572f1959a

SHA256
20e15e33e2f3749e9144548dd96451c291de89c7e2425bc67fea8b7088d24b14

SHA512
e6d1b7ec84162faae2accfa8ecd502d0a6172ea9c988b03669b56d6a4410ed58135787f9224f36e9584c74b8ca49fb023d8ec349c4104dcb4f20af28c23e21b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

Filesize
1KB

MD5
2b3501e782d0bd6e78f2339da3c3490a

SHA1
ca7093e8466031b6514cc0b92847bc14670f7b27

SHA256
2ea8137fa32fba947db78539d0837b28400fb5e371f15b97a0d762a54542c219

SHA512
cc21032748780e4c38c1d40cfbc0f9e643cfac1856a25213d90217e4123932bb6e297a4aeec6d2b10032c05e11aa4e5ec52fca197cf6522bb4402d0214a14c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LYKWHBZX\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar199E.tmp

Filesize
49KB

MD5
3dd1a952bcf3730911d3088c96554db5

SHA1
86dabb39600264a6a443ae83ceabe5eb1ccdffd4

SHA256
03593868c00760a1dc6aab238968b2f186b352fd9274f5ac8414d48497a98b6c

SHA512
727da54b96d51349474b68dfe6b01b23ec4203fb123886d1b4d1cc8bb9e5144a9d12f28da08295342dad3cec9f7b9d9cf21f61fcd880e64ee7d01f8866c0a8b1

Download Submit