ff898420e750a91487ed48c9c1a1c58063ebf5baa724a0f5098b851c26cd2dac

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59e4f50cb132de4459bdd95fda6d74de.html
Size

33KB
MD5

59e4f50cb132de4459bdd95fda6d74de
SHA1

149b02d495876bee7a2ab98cdea89a3e380fb26e
SHA256

ff898420e750a91487ed48c9c1a1c58063ebf5baa724a0f5098b851c26cd2dac
SHA512

ea40fae9e08059e6cb4efdb246163e074b41841f95bfcc4eccf2799dd3a467e91768d656b2ef9c10cd5c756b632898887455038dbe7791ec279699a2e04fcca0
SSDEEP

384:+tplnfUYe2jWAXPJrOtree6KKooExPC3djZpOKfOYHg5e4tGicvwe9Sc+6rwYQxb:+tP12re+dosPCRZpI5He9Awf2a/NsHZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000e05a9312fbd9d8e983194a64f13ea87c394a8c46271459d3c49323d413a18316000000000e8000000002000020000000b32c5af69b216766658a2f8e1ac4c60305c4b4c1688a6d3a4552fae39bcaa22d20000000925581bcd4805e278dda2c551168ab14784e98658b52dabebfac6fb089ec77fd400000007236fb55ac3c03dab82e3b36a819bded05df323ae71738b5fb8ac65fa679c92a4fc1fd3fc2b080088fcad8386e8337604a58c2227ccefaf011ce880a498a0a5a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000007b93dd98a173aad6163cf611b0d7df4ac3748afad4e30166d90b95ae2058ba3e000000000e800000000200002000000077c617439fb63636be4561dd5845df08a3541c4245b8b394d27b21148000ac84900000005abfd25a9b56a87ad383e31b889bbb1a5ab87321ee60302cabeadfb65bacde665c70bb58e00b18469bb85e61d688d153bad2ddba66bef3e03e82ae43a2f139ba612c582f262e00eddee30d1cafb6705a7744ac4fd8593958c11be65f8a2ea10ffd1c18ffa531ccb9890ecb169854faf6b4578c3493856ba568e53c40c0214f0764576716e5f2e30244d30832d784057c400000005b8c7efe6b80c3fa34713d2e60f9f1a5f8a732b4b1349f1fec9d022cf857224d91aae4de795dd4a8c9ca13dba7634f7a0f7692cc31fa13f0c2c9995b78ab1d3c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411356896"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e5e5b68746da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9FE52971-B27A-11EE-A4F4-42DF7B237CB2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3016	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3016	iexplore.exe
3016	iexplore.exe
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2724	3016	iexplore.exe	28
PID 3016 wrote to memory of 2724	3016	iexplore.exe	28
PID 3016 wrote to memory of 2724	3016	iexplore.exe	28
PID 3016 wrote to memory of 2724	3016	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\59e4f50cb132de4459bdd95fda6d74de.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bde496a06bef1ea65deb9a0f8d1dcda

SHA1
5a94a7df77ff077bbd840c33b0aa5d7cbcac1d65

SHA256
d6db744465fd81fa67925868b4e1f525c0ba747a20d78a20531ee1b8c8a84179

SHA512
4a4d472d2b1068e99a8df5368ef4a42a4392b9e5ecbab9490964e68b08096fb901fa15e76b6bc6c3ddda6bb7f7038cd8986144143c4dd4786f56422c701e5526

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fab17109c2c60fc40eb273bc21c6125

SHA1
99f4834d82010257098d1b1cd0ad3acdcb334bcc

SHA256
f91bbeb2dff239de357f1ce99b051321f599892ddc200382d01325cacc053d49

SHA512
d2ac49e5d634d3528b2c1cc7d86f4d636c87275671dc36a3122bf693ddf950d9d7f15fcb8590515f6abceda6c7a3ed36c37f9186243ebfda7815a193665648e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd35c12329962cbe653a1398c305cb6d

SHA1
84e6a554f2f7d1adf85331ad533126143199c6f1

SHA256
eb84c8977db403870aa59ac1bf56f0ba5a0e274ecb24517c55b18fb86ef25900

SHA512
0de7520a5ce59b9ce2ae19e6bfb174dc89ce31448b3e11f1def82d012983d42f4375ef3a2c2561bc94d013f58815bc861d7c59a161a8df01a291f5b8a9fca36b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53afc0fd7a815a022ab9fe86568e298d

SHA1
b6608dde0ca7a132384df5230f54cae81f05babe

SHA256
f98125564b99f541282a6d72ceee64d9781415b5c45f9b9793734baba7030943

SHA512
23b69625a2e5e538184a6ee6b1b1bb97eaf34fc894c70a1a4c3102f81f196192aed97ac1ed5ab9c629d6550566f51dfdfdd166466922ed67f53154bdd249be86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac10905a9a639334ae009f43e527598a

SHA1
f46456d2c359ec7f860226095110017bb3834f21

SHA256
046d334b6a5907e62309f1cce3472e5068b119a7254e32c30fade2d3462e6e49

SHA512
0c05ebae65a56d7aa36b20c52d30f5a9280913c7ac8c81479a2a3b6a92e86b6a71302f13ebb8db767ea15a3a1e8f3993ed3b98c2d6c6a983d08cf7dce7810a42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23ff61c2a01aa06171a81ea6396660f8

SHA1
2a850d7edc1f2b77ba0019e8d0fdbfe6a4973f38

SHA256
b1166ab1776c6ed376e53e6a54b712afcda061e9373241135f1a567849c45dcc

SHA512
1d8c8f4cf97d33f22dc29b73d79b6778c938515992a05b4856f44908af57af24e86769fe44bbaa08e71aa5f0bf0fd392dec8fc44f2e7d68b9a7cca7cfcdb755b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8eecc7dd8070197fba194c9df159aa0b

SHA1
11a785b089094ba8a50ae8d570c5d721ecc6a7a1

SHA256
2399fd82e6193e4c0b3a6dc74e94896513b6bb9d9d70d402c070ae7e565d6ec4

SHA512
1947d67b00c7799b4e11675d2c3ff42cad7678015667fc13ed09561d77dbd5a9917e08731654957bd14e9d9f8a14b5080b8920e186bfc8924abbf7c01d75dc22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42f785ae8eb25ff4c645719f7805757f

SHA1
441a656a6154954e7e2c8ec175fdacc437ebba1a

SHA256
28e1c6b1882a75c593ece969f2efa553c7c1dd6a3314b9081f9b6a9ef16f1c63

SHA512
95f86a496b9228504be8580672c0810e308d1d5d2a140b03bb5aa39a971577d9c6b3d8dfe103fd842a36bce31690f908d2a532054d9abf1c7d5759369b5a6c83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
249326bc6dfa90e2fa8cf1451e4ddfc3

SHA1
9a313a3faf0b4c25c938eb3f2a028e321bf81132

SHA256
9e36b73eb510a19a6a42d4b9f9408eb56dcb16ca6ad7f51ad56ede15b3ddea31

SHA512
a8ad3e0f7726217f821573663bce852c9211afa477f1ee8e488189528bcc30af9f0ac7d67ee238c2f5352ab936b1a548bc31eafc69d626502bb66586d0c02132

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2b960c7f418596ab51dbee1cd1e1895

SHA1
fcd46295024a86f52f3dbbdc86bf9911a6ad8209

SHA256
ba50228ad7f090aec49c26a57c6054ef19cbf2f2d0d938610ac1060e1c8259d1

SHA512
9021f01cc45d0114a730609ef74c2eb290b06330956aaf495bf7ce2a8d0c1deffb6a2c80d75a99fb36a4bddc201d09ae4ebc4aae74242efba584b5378aeeed30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45f10f4eff4925cca398ea6dc1f4b6e7

SHA1
677575113527870d08f0b524627d04392024d609

SHA256
59ed2a11ea4cc3bcbb6e9c8ad232b743251a8b65045191f529d0a6cf6bc77e74

SHA512
ee2f8f0844408dc0a405c814421a6ba7f11dd67b773fa69930ac87e0f051ef557436cdac319c073a98ecc206710ffccac775cbd8da9096f89d81ba67352dab5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90227962f366ae0e24867ede5a8de810

SHA1
7f596517f33d2238a735f0c5e9334aec1b3bd7f2

SHA256
4aa44d93817fea3b9722c94ca4243421302f9be734e2a399a778a5a794357216

SHA512
49952779df1429eb43bf1040d6dc238fa6cdd929f1c1393745bb0e2269b62a86d8fd8116c484be958e3650d5bd8ebb5437a752c6da0fc3ab0296cb15cb3b997c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c965e1a89fb82460d4cdcd20d1068bc

SHA1
46ea8ab4bdafce37f4a95577eb2ce8c17d408deb

SHA256
00d99222eef23836bf66ff81997579d846214e3d413360b2a2a9f981a6c82ff6

SHA512
02499536333c3d60d54bc028c099993ac5372c32a9867c982249bad0af26895a57ab2390b512a11a9d98a41b1f8f807ab5f8b6c938e049e92aecbc712abfa54e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab145D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar18E5.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit