db8d6e4cdb63c15d4443c0565d2dbd07abd624aca0112596bfef4b56d436bedb

Analysis

max time kernel
119s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5899a06dfd169dfba77322e0abc84edb.html
Size

432B
MD5

5899a06dfd169dfba77322e0abc84edb
SHA1

471247bd4a18c95f4f4d9190eb6e25a722bb9f03
SHA256

db8d6e4cdb63c15d4443c0565d2dbd07abd624aca0112596bfef4b56d436bedb
SHA512

d351d7ec4aed24ae89c4d624ff29949328f029223f134a29a5c97f03b4b79346dab11486a9ff75f7b9d45c8f92e9f1281cf8866e9e64ce4fb45cc462b07c0e4b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000007307ea55285300449b38d9ecf9db528105993ae539b588a7693db924455194d2000000000e800000000200002000000096cf0bf77376f3e482da1f8df253250e9585fcb80786149fa39b39ed09fbfc13200000009504f43b1f7220a1dc71f17e2855c950007895889d4b02fd139cb641410cf6f540000000fbf7f2c8d1abd0bd0de86b44bb20d90f2216ced8a3de43a1f30846a29b5c3f32d2def7165a09945d99d6cb1d7e4d7898e68dea987f7104ccd801eb7acf704d73	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000f16f8d9cd6367f893273ecbb14f2d1ac836dde7708d430a25438c7a30c199e33000000000e8000000002000020000000c34e68752216ae641bc61144926039727c14f2cde260fcbaef6b671893e095149000000012f7ade7de2325744964bfb1698437260afd8a3f511f692e78672e13692d799379e8d1418d44fe2e575d1efcb5645650e2346d5a763398a2df76027bac69848f32430af3f8c4cc815dce181b4c59b27988624265440192bd8ba358638d5ef42cd2e5e7ac06ef6b191e8c4681f26391fa3703cbf0c664f46b51670edd89a17541b4b95fd3830485048ce8ae3b43e69ff740000000ee050186541bfe81e78402dcd65cf9dd1a4b19bdbe9632f9ce338e5556e45ed6ea11ef7eace98c36c9e21daa17d18ab6c483c427f1c6c67f59e151a1a85112b7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3078781-B1F7-11EE-AC0C-EAAD54D9E991} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411300771"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f42ca90446da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2404	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2404	iexplore.exe
2404	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2700	2404	iexplore.exe	28
PID 2404 wrote to memory of 2700	2404	iexplore.exe	28
PID 2404 wrote to memory of 2700	2404	iexplore.exe	28
PID 2404 wrote to memory of 2700	2404	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5899a06dfd169dfba77322e0abc84edb.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d3cabed3e3f289fbcd13f32027a0ccb5

SHA1
e7703cb87af7ff177011723fd9a2ab604bd951ee

SHA256
5fa87fce7c79a457779738a8b0b8c743095a62caa20c7d3171b0c1309db68a9c

SHA512
92ef99c5aef9881f30d72eba3a08b533da9c10aea27d5806418a927411d06b72121b0900462c134bc44aca15190160a97546f17be4cc7e91b173b14b44b5c2cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22d66399acdd1083ffce8dafb637c854

SHA1
c1862522ef371b614043b36f8eec3155159d2c76

SHA256
c29c413129065d91b52c9ecdf9bce6f1f2d458e4f34bc2575495845515e8758f

SHA512
f699785cd12668f4ba3641dab4bb1c04dedf6c4341e72fc5bc833ae1630b45eaa80fff6d3b14c8820fa2481f3c24f94ed186f2577b23edcd925693c8aa2afb26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79a3dcab3f7189f7ca9490a2ffe15636

SHA1
05a653e188c461fce4395dcdd7631fc4b598f39b

SHA256
f04bcc772058b413abd79695d3d5690a3b3570d4101481abe5ac5072890957ad

SHA512
cf800f3e03cf5541dd8ab07683387abb0ca8c3b9fab0c8156dbc41957cccf025ef1df94c5c63a863f08d7100f2b60d90fdfa36a0c63302e9c8a53f19588f4aa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a005f771b8b8617c3b8ccc228e0fb49d

SHA1
3c78f359595b1dc9360b0a8988015091e24ba37f

SHA256
6342b2f57aebbf3ca94bc6ab6b7e29886bdf599c3fc900147e3f3738d82d89c6

SHA512
bef4dba23505a3b28c03a84ed06e73f73a877418bc20791d21a6fbef4dd46417e795db58df08ad530e5ba5278da07c56a6b2e0613652663e059971aaa35bfc18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
434d8c0a15be34b22fd1e88687d5eff4

SHA1
0cb15a5bed7c34bc58a313cd5d978c49d77c1965

SHA256
8bd3a53dc351323e201e1b0c28c75e29eee9698cd72e79a27750fabc5f4c30ce

SHA512
c22d370106efdc88afdd5a2961a4d81b26439f2ccf23b6f6aa9390b56e69c4e6750290a282317ebcbe11d89b0991c0bc9fa815dc31efbca364e801cd4c2f5add

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09d9256ddc292b483de5ebb82e805fe7

SHA1
8416114f7db48f395fb03917bd429f1ce0ef09d3

SHA256
a78fa5530166de58a782a26387b400445bbcda39c6e504a1ece9964e63eecb84

SHA512
b2413900a715f7bfb0fff2151d2c9f744d0e082c753d79cb7d3fc75d1b64dc9fb099d98617d0b7fb0ea93857bfd6f4bac4034773083786e6d040a3808fb8467f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
394dbf272135b37992f3c0a78bf6dbb9

SHA1
c42de3d5177a9760129082d5199cc90e57cc695b

SHA256
f668179375c13d9f44efed4e1c294fe7ecc9c5df497b045d47fad10726a6fcf0

SHA512
cb956464eb90c219fa11cc17270f9b57819e0986674697e27da9d7d43e3c93be7dcc84779293ea3380314220efe28c8d3fa86deb0df35ee76c42a3a766f1ef96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
714d7120d248843a3c9c50062bca56eb

SHA1
d54110ef7700707083a7e45010cbe51456336b18

SHA256
b1f22d541c2b861a67302d495b2e6dca0c8ed009006bc9a8855803bf80e6be43

SHA512
aac57cec029cd3a143831605b8924e11bac211d8367e7b85a0c77179f8c6275f40103bbc9cede341eefab712c9b587e19f0b5b80cba671199ad32ed64365ccef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5f30c20fe5a9fda2f0984b98e9e9e80

SHA1
3adae0ac01cd54690d0edcf0af09f89713877d9b

SHA256
5ea1146f31ff8d8417a282f1f0a2fc343428c5d104604a1cc92ca6d8b53e58ab

SHA512
390dfed42e68aed31d48c70a002c0f937ee0cc4f1aaed892193ef7919d489b99e66bf4c80778e9b058c61dc6172e092126c022e4076768a420f8592738809ca2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70afa46c74047d092df16ebae2ecc636

SHA1
9fd93e938b416349e4f60e6122bd339e6ac2e9e4

SHA256
3a712afb0daacdfad2ae1652729af5701394437ee809af4a1d86ff61edb8cee6

SHA512
4591a8fe21e6e222bb5737c7ead6ee8b61a7dc06e722480fdc173712188b68fcacecb0ae8ad761be17d2afd77d98e304a473538c1f796d2610273ec17b5ac541

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0db33332d7a0ce9ff150a84d65983ac1

SHA1
4a7e277b9dbc1130c7b44b53ab51df2571931bc5

SHA256
3113122491a83f878d107f826a919a4f444c7ae77a33b1c725b78b7ddce37128

SHA512
7735baaaa3cbe452daf0f0fe35ae9c6b031050c85c0bc0583a9b009900fb861a8a2c10c8c4e6bc69c759196b5001a406a9a54eea3475dde38218597a859821ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d7e0d210c988e8470d5522c1e05f52d6

SHA1
01749515cea617f8191004b6f1d6f65ef053ed3b

SHA256
e3130c2dc7dc97cf4ce2b06eca15c6cc6e4e05f4f8c6e9ff980260b5f719e4e1

SHA512
89a010e466922d9b9fd6d5dcb66fbcc65c811b197f541230a82944dfdf7c11c7483a1c9f43653f5f50b07458dff6d909cfcf87999fb3173e63af0992cfa56e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

Filesize
1KB

MD5
808478855614e3aeb65fbff37a4b674e

SHA1
c2e90fe903a36729dc2fbf005ace6d3aa19d2a02

SHA256
560e346de623be2f5d1b7d0148414a627ac82a26147866393d2cbf0a00568616

SHA512
b09140ea71b7c5730810c621d24181ec9964dfbdcdd42aeae837bef0371cbebf32882ac6644c146e6a943460b16e4ce499e593f2962e6da3e1b0a57c75239877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5F22.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5F93.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit