931f5de97cb5f2d57d0158c65a3ce50b51e7f1cabbfb4b1d004b88be1c6de2f1

Resubmissions

12-01-2024 13:14

240112-qg1c2shdb4 5

12-01-2024 13:02

240112-qaa5ksgdfl 5

12-01-2024 08:15

240112-j5sjsadbf3 5

Analysis

max time kernel
3s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

1KB
MD5

fd63e8e2138fb09ce6a09482e40e0279
SHA1

10d121a4531b4136e12acac7266ba745448e9b40
SHA256

f869bba0d869e25cb892024c4591ee3802130ed4f6136a9d8457cc9dd7c06be8
SHA512

838262525c9eaa7b7986fb0b80ebf48a0a013fa02bcf42e6b101c6c0f1cf579ea02587f6e4e034c016a30966db0c6f4e2efda7d4f589144cef36aec971d33e30

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D00912A1-B122-11EE-8097-6E3D54FB2439} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2248	iexplore.exe
2248	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2344	2248	iexplore.exe	18
PID 2248 wrote to memory of 2344	2248	iexplore.exe	18
PID 2248 wrote to memory of 2344	2248	iexplore.exe	18
PID 2248 wrote to memory of 2344	2248	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
  2⤵
  PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
293b2a10c6b66ccb847e5e900c2c6e13

SHA1
91e39ae6dadc996ea869baf7bd7da970cb4f26e2

SHA256
ef6e122efb7c9c44fe3c9a456c21fd865d811f1f1a57ccd9196c9fb26c9c9553

SHA512
43db89ff88b4c93e25154611e7d4f3c3205c1e04777584dcd66602b7388bcf4f70488575baec3fed22e9d8ce06d87d734a50776546b40848ac1b187b5ca0ac5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f74f85323d2b99cff5eedda182b7256e

SHA1
a0923e74e256ed36e5ccfae6e1e3376ff2f925b1

SHA256
d8efe2d8313c82fbf7078051ddd6deddada7c52dbbd4a252b28da3505b3dc07f

SHA512
656871c79da652b07fb1dd1c656e159afc862bf763115740c604e337189b376e89f77fbae6505410d8550787a4ff0c74b5c44f77adf263734c4edf3569cf9214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe3b426215fcf731b2a6b4b94c7c5818

SHA1
6dcbe582cb52e41593d43116e532e455bcb98fa6

SHA256
6b1e7f3cec7a929d80ff51c31ea0343bcb924992cfaa8825dc8c09cadd6328ec

SHA512
089c9bb8d90da719027ad03489d523da350de6426519e70d19317adf306b1ca33a4b4c3d860472ff2496b2b53d18576608742339318d48c4071486209eb2af85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3301c066c22d7872bd3951a296d2641f

SHA1
977b39b4c2869cac9f3a0cfe64d5a4a6f3581cba

SHA256
286916b24ab10e7680437c88daae01f26a8d58d020397e28459ee9197cb6def4

SHA512
1e75b922f116911c1ac754c8f4c2b3982620f366d1575f7232bf0b4e344a84ffb86cf473b22fd2705d10efe4ab64f87dc4b064147353dc8ce4fb737c9bd2a48c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b0e80f3e11671144cbe1d753b3439dc

SHA1
84564783094c5adfede16b118fddca38e44da7bd

SHA256
abc676424cebd62b56cb7fdee971838e69ae9480414ac0517e13102a3971026d

SHA512
a0198d550ea9d3e014e3efba76b16caead0f4847cd35a2b02c2990f2be4d0d9a128d83cb958d359d1e2f056127299482ec0e7182ddcac76611b17737685febf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3651e7f3d4992929d9e11694d477cffb

SHA1
e8b4a4e82470dd39c6a13b77c7de163f9aa780b3

SHA256
20e27f816e8b40f59c4ed08218be0e2e38955d02cd1c3c5c6a36618ceca8bb83

SHA512
9558cf0aa1378289b73013b15afde6630ff68b02a64d3e72565ed0ec83f8b134ef6bd9d8512e94b2bfac8a5ddee689e72d67e9c5b2ebd4e9b2df7c18e4ff543a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cdc246756741f48e7521255ec49e313

SHA1
130eaee5d8202a31646874648d839b8d2cc835d4

SHA256
84ee2fc1d339ea347605c97f19aa52df9b0f4db8948a6698383f61c1e1c5e53c

SHA512
cd020572c4650ecd4d4c8d7849a5877ae24a9bf3ad6e8fb4b3819fb5799313521bbd1bb92618d7573b7adec7138b2bba4bd83f3fbf34e8545056af285175bd0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7042.tmp

Filesize
9KB

MD5
40337746918faadfd129974a4b7ab81d

SHA1
7a1dd27f29b5db669760b2a702ab9885c03e3eb6

SHA256
647dfa457f288726a75480248c25cbe064e78eb9525d312fc7662ee01dc3fb47

SHA512
dce2116b87af375dd8c939d354daa16e8715df1f9b611f546959b1d2e2d89558c33adc9ba0d5b928fb7f4efa1b53e1d0cb6544eb13fb255c2ad15c98b49b0655

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar70C3.tmp

Filesize
20KB

MD5
275603769f39b91ad6656304912c7cef

SHA1
c657789295b53ae56165037e7c75af1a38b982bf

SHA256
5acf47d2273e4d21e08bfadde67fec267f2920d4b5835cdaeff8f04bf5664d8a

SHA512
f73278ec208ab63ca7928e7c1dfc3aa0e0c324947c6bc1860b7ddf9f5b61e57822216a513c9ebaa63e0bfa19def8d3c44844b6a17b9bff638d5e58874687d445

Download Submit