c4a9730a4e6e0c7b8b0ab2619bb7497c98b8cc6325cfaefdb26e7176c5801316

Analysis

max time kernel
0s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 15:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

53dfb4ca2c74a7a73f649e409c43c61d.html
Size

15KB
MD5

53dfb4ca2c74a7a73f649e409c43c61d
SHA1

de3d9e32616c16b1a54e5770694af1e9d8012c2c
SHA256

c4a9730a4e6e0c7b8b0ab2619bb7497c98b8cc6325cfaefdb26e7176c5801316
SHA512

4824b98f097335f3d144c1c04dd4debd645bef5370ef42f916ae4f8c9a448603a9031af485902d27a854b3608807fbfa493a494a7c461ebd8f79607f99b198f0
SSDEEP

384:SV5oBlqDgfBhYIR8oacU8WgmhjrI9JKGVVuvNeiv:SV5rIYSpVU5BjrIz+v

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0702F4D1-B095-11EE-AEE3-EED0D7A1BF98} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2124	iexplore.exe
2124	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2848	2124	iexplore.exe	17
PID 2124 wrote to memory of 2848	2124	iexplore.exe	17
PID 2124 wrote to memory of 2848	2124	iexplore.exe	17
PID 2124 wrote to memory of 2848	2124	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\53dfb4ca2c74a7a73f649e409c43c61d.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
  2⤵
  PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7be195c910be50521c99e4b0559585b

SHA1
009c799e24cefde4403e3f82f0a7c20942807721

SHA256
5e63e71fd881f76c0acfb94136122bf3f6c9e9ac4d0adae4be3e462e8f8a4607

SHA512
6e28a079ab4a887a0e79266775937a03787aa36d47cc403fd0e71b431bfe5aea5beb3012381cd401e8b5702242b342c60d3ae887bbc84df7a83873fff0874256

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e86f0df38bf58316dca7980b2d5c89d

SHA1
5d6b61ab9073f6f0d706f6f0a97a71f6416714a4

SHA256
5f9ccaed6f1323275934938544aee4c7944c86fbd059fc1a7a1bfe480c590988

SHA512
d2b5d8cb5d3b4bc01d929faa7bffce133c8be26b6dd64ddc65c8de59a8fcea65894d50a3315c1f4d4b8d44d014dd45f8bc0605d3ebc0b83c8a90d8fb80682980

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df9fb0c6c1664a8c12ac717bb70ae848

SHA1
6ec52d084ee4ef2b8d676e377b281593b5960f34

SHA256
47cc52016bd2836b6ed7c0b91b4596ff03b9e6cf8105a91ccbe0e32b3e2c624c

SHA512
40dc14fddb59ef05bb71f5f9943cdf1312cf06c7165eeecf15dbd5ff412671f5f32152b76fe211fdd3fda3e3a0cf4bf3698d77c743fca86344d71ce629e655e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84faaecbb247267eca1103392a1fee02

SHA1
f361252726b27ed55e2fae40c151e9927fd1ecc4

SHA256
0670496e665be1215b72ad428c6f71cd95544a48e61cf8c93eab630279aa54a0

SHA512
027866a79596cf9ac1cb01139e3dbc22c01bc3393f7b8c6d86e5a076bcdb35b8ffa9a4eee5f6fd73e1d10ae63bc572b4e16cc20fcaf2a1e22bc26b18fd9276e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e7948904e6dd9b04a669913606f9078

SHA1
136476ecf318fd276b7ebad6de02e58ba8ae4a3f

SHA256
cdeedde0b2f72d938a5a49844d692f0c77ccbf3e1ee0dfceecbc8836a536f2f1

SHA512
d1b9ec5c0b64a1844b183ad1f572ecab9bc2b5374dbe5ff176e111b9ff4cf2574f5d46f032f0f9dda68f91e180ecd45ea569a46ebfdd4659cc0d9d934e62bae9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bed804fea0d0dea8996d103ae2a5fab7

SHA1
a38956c3a1c7f9b441fe26e5228a518c58bf4116

SHA256
93326ee44516ec81665382fed8fc7dcc41e341e405f05716aff74eaf8fdc87e9

SHA512
75e9df41a418125c1965af0a91d959100f8f1af92f552dc82895ad90a151ad604e5c258a48ba568cf90f22260ee40866e35f6245027322065d9720247629b98c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b68e4f1a7e1fa31c697d24b4aa9ca685

SHA1
fe0a062d2cf772be1f6488856de38b472abf0040

SHA256
cdb37c31b04105fe73618ace48dc1190e1902abfc38ddf1e3c274235af96c5a0

SHA512
ecf8623fe1042118a66933413872aa9c8dc1340507a47dc4cee8f8df990631a9138513935bd7ec054cbf267a4b977aeb3c47acf68a8802fe5df35aac6eadb0f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ace882a5862f54bdcfafe2138f4a156

SHA1
56a5efc084e57be7924d73069697919401c767df

SHA256
26554006854d7112b8d0fa615894cc6794de78c1bac526f9955bebfb0e8a682c

SHA512
317b6432aa99779f77859b69cea9e1d69c50cd519f1f540f4f94ed10241c4de145ae108d8db2883cfd9777b94cc28d7dfdf44b8a7965d6e65e582eacb03632d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a08d11b3105dcc03cf3b42319f5047a

SHA1
8b3ae6a763685eac9d628e949c0802ee1253647b

SHA256
a5e5a8da76d33c98a783e65c7027b96bc0d3cea2e48d530726c37873a9cc1bf0

SHA512
67dadba6cd743b179c34efe05761dc3c04fe358e4229d489f305e33ab99ac8f973bb7560e795290a79d068cecde101bdb26622fa383214d624d7c1f04daa81d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2242969406d9d6467db260d4abf3ebc2

SHA1
692d2f98317724b301643c9523540041b17eedb7

SHA256
34f965f40f8416f2c668cf49bf88cb9630d4c9b922c1d690814d484d3f4834e1

SHA512
5f4417ceba2002c383f08abc72aaa710c899d5786fcc9314140cea26a5d2c971ceee833c07e5355b1c67aca0a962952f4ddb308e3c68e0d3de5820678b83e9d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03f6e054655810d9c6641db57fc843be

SHA1
e89f9277c8473554d8ce46d0c33f6af80442bf7d

SHA256
ec68694a470210e40fb0a3956bbda16eaa697628e408cafcb2c9031285148410

SHA512
124f344b77b4e324dc98351287cae79b36a6665c8208c96669b5056222f26ebb7d3ae94ff8c11d6d004cd1ae779e1819213960a1cf8a67bedae6ab044c03263a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30f8e1a9ce4b0dd0e6107addb65950b4

SHA1
a28fc63742ffeba0b2a5e861b97ed5b1d190e7a3

SHA256
5beeded29993ae8aafeae0c135b392dda2397860d84904f083ecf2ab3fee19ed

SHA512
12f4379c5e6da33dd6de31b06e7f89572374451eb96a56dfe9a06cef2a5ee0140f8b2852930d11d71cae16c10debddfc45a8b777747ad7611a543017ea1f4f28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffb442a54aa60917a54a1d033d7a7cdb

SHA1
5a9a8dfa0d0a1a028ceba52beee498fd79be5ab1

SHA256
b4c3e3f145e3ab6f34bde704228cb26db43ba65f17a7eb5dc0f50eeb6206f2e4

SHA512
1d7e6fafcfe8911b8feeeb05a4f462a7d85ac804c21f719bb517e9a02fbe6876e26ffd96ab150d09c84609889db401efe51d71fe68ed8ecbddfe4b8c3065fc30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac2e32c4a322f4843a9286c3352cf4ea

SHA1
056f654cf2fd360d778b6c3277c1ec7e0932d3b0

SHA256
69a5d29089e72e1b2402251584bfec0af55e054e5c440ecab2368f64942e973b

SHA512
3f8f5b7d18a4ec4c7e70c31542b2a5068c517c22913b7ca270c09f0d4ee52df02c2f2d3b5863f77dcf6a40efddc5d2cc76774cb3169eba1d72dcdb1fe6586564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbcd8b999b1d62a6087ad042f253dc5e

SHA1
5bc5132d4f6f5514ae00760516c32b5b4bd4a654

SHA256
a0a273df31a6af4138c49b89141b9c8114886438efaf27cbc6e9b98af29f99a9

SHA512
5fa423d65f64ab9bfcb44559ded1e7b9b7ef68c6291c423f08101325ca1b87f7f2c8f6e165fc2c0ef05b44e6ed6f7ecdf8865f828ab91e8de8e9bc1395664075

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9def9f4ecf2d5492ccc1f86d40dc3af3

SHA1
a21703c6f29f1017030f41900babc10ea07e5f30

SHA256
41dc530140e116adc6f2e6495801115999dd9c8082fdf487e13f3b2dd5de7afc

SHA512
4f73a624e2c15c5d3f273a75147ba702bc78c517776c678bae8bdb49332c3e95fa95b1325093da4fd479cfa6e66a867a35d2db3bf5de5aababb93016854ce174

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba9bace19c878f4366e66120bb89dcf6

SHA1
db8fbc570aaeb6195b60dabcd230f433a80aef84

SHA256
fb2636017d1ec35bd3ae2d7cf59507e600a7dfa7d1b7cc7cf1e14f825d33d144

SHA512
f771e337f6f7dc7bd15d2847696259e8ab53d4a8acb2d09cafa766c5981ef8f9d46fd9dfd85f6a864f380d75fd642697c98f04023610f9a6fe8e10a9dc6a94de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99398277893dfc09078eaaab8c732d60

SHA1
421a75a4c54b66fb6ad662b2f3462a6fa9dbff5c

SHA256
4d030de693b3d63a06493f368329658c2a31660d9ae82c9219c60da996c3813c

SHA512
018251859fa9393a9f06bcef3d4f6afdddb25e0c27c370520d699e437e770999abac39cd7a225a37d469bbbe90614c01f83093a94fe215f480b2e3e312e38623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b954a7400eaa4f0e4a241e1bf317c3c

SHA1
d4ac18257176e777ac78c86dca1c8e61772bfe2c

SHA256
94adacfd94465468d8149f657547f54ebc0d3dfaa4c3ea6d14dacaab08b13773

SHA512
c2a7097192aaef1e392570f057102ed710d151a6adaf4e3272b3d2e691cb4cb31eb9d5ad929c8804ccb69b3d381f55752a4e608136e16871eafb87c9daf89fff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d8368482a12f4e8d7f33c1d30d334d5

SHA1
3c42c3052d4a3c79b7bdd36379a6aa3f8631b5b4

SHA256
5776c86982934e2f5fc75b6ff5a0ac1565325bda688c8fdd6123706cbc78b95d

SHA512
6573917487d07a29b3139a4eeeae42d88b33cc35267342b9e11de92404ff5eec2ed24e2e1a0c3b7f49f7e0ef4acdd945fe30cb60d4d2cab35bf6726c7bae13c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef0642136a7977412b477af5a7ab50d7

SHA1
04f45d71b56544ebe28616df9decd6da7f75c1eb

SHA256
ba115daab9692d3962b8be64938bfecb9d1813271d4d887379f59cc853cb2b75

SHA512
0187ef95684524e8dddcca946fca52050f6e938c04bf487d01089ec19dd5ea09793ab3baf9019418de2e2b0c262772eb5efee326fc014cfb45d8642fbc83d9fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab909E.tmp

Filesize
27KB

MD5
e06b56b3f9b3e1c955e569edbc52920e

SHA1
2b774a492b653a3ba6bfbca40db57f910b2bfe55

SHA256
03c08e50ffd9e927737113092f49e7c9d1cf0589c2d3b78d4170fcc5c7b8e90e

SHA512
8be2cb06f3609530e2a8aa44da574d60521ec72827e57eaf2a41ce9fd3d4bed80b2e7f44be450125cd74fc309911f9cd68e216e47cc619dabda20034ce1c1bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar917B.tmp

Filesize
41KB

MD5
f9b77da26c047a600fc1a5326e74f5c3

SHA1
f79ed3e1bbb9f74148040dec0d13d6f8beb56e27

SHA256
06b6f10fa5a04e0c40047ec09aa2ecf22a85bea9ec6690510b096424c2fe0c1c

SHA512
870986ab91c3b1583d81a2c5053d4c4ff829e693b15c7543804c3f33a3b64060c8b382c0b8664a84fe94117b21549448174951a61aa356d131d0aca93012b3fa

Download Submit