be1ab543aaa38c7c027c2bb78c168e8c8704ecbbbe9975488bccf12f5450e671

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5afe342093915f0689147e204a7cf89f.html
Size

44KB
MD5

5afe342093915f0689147e204a7cf89f
SHA1

7fbb92f6ed81b796239e1ecdd5bb6357128098d1
SHA256

be1ab543aaa38c7c027c2bb78c168e8c8704ecbbbe9975488bccf12f5450e671
SHA512

5f1d6adf029b0bd462731940bc25c397b0096b185ca7b8d39dd0a2d5f67bc8269558a3f737934d0ab604c2b2aed4ab7060d7deea3940beb3c77249fa6e39d19c
SSDEEP

768:mwS0l/sGVLsk8ejW4mTNn2o76elgINO+UZ/zk:mZJtV6elgI1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000ffded2de2fe6964781b9f5eebe5b38e001d1df3dd2aff68411db0bb33ec6235c000000000e8000000002000020000000b2c043c2f2cedb39361b3dba24d2d9f680e2579dedbbfa9bca661b9033d3723a200000000b93bf67f7beecadd4480837a6301028ae4c09d615ff5c3bd2c33420b4381147400000008ad98250e03369a3eacfb7e195128496ca0d05d4a7f31d8876c07ea204d8a21c4ee93517dcdc07d47830d3d09c06653f77509435f15186e367506554b4bebff9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f039e31ed446da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{17B9BAA1-B2C7-11EE-AA51-EEC5CD00071E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411389736"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000f3caa5b551c3815830f4ca3b743a33b1ccbb99dff69b4049715226631af47ed1000000000e80000000020000200000005b882c8d9c8836af0d155c8ade0ac23eb80bc66372e398cde66e949e42a6ed08900000002400686a824244636f26e93893fdb22214b2f625767a224a62b8225ec87557413c4c97bb7db89684eca2a2f2cec79f28b278612b7be99c1eb41966b8b08046c091032b1d83f872558d6ae3f050fe47cd2c44d629268c3ee6091358f31fa48f91ca51b33471125faa91a281db8053d10999a24da412fa6e3cab3414df33cbaf594ab89ca166210e9935fbe915b706b85b40000000696fa3a8bcef4b9ad2a6812e358694f59ec88d2f9ec77611c821de716099c04efbee73b120e01d3a9a4b6a4681e8d9b7808825193c870da5eea28ab5b46891d7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1684	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1684	iexplore.exe
1684	iexplore.exe
1928	IEXPLORE.EXE
1928	IEXPLORE.EXE
1928	IEXPLORE.EXE
1928	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 1928	1684	iexplore.exe	28
PID 1684 wrote to memory of 1928	1684	iexplore.exe	28
PID 1684 wrote to memory of 1928	1684	iexplore.exe	28
PID 1684 wrote to memory of 1928	1684	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5afe342093915f0689147e204a7cf89f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0bedf6dade86e990d2698f110897e40

SHA1
3fd37e2aff085754c877150cf670c7110e1196a3

SHA256
75d6e6828a5d9eb040303187dd0d93aa206af1ca3d200b3a7d799d4a9c9e5350

SHA512
15a148e4ca5cdb3d31a6efd8695ab1dcf2c4813c74b84671c26d48c7e1f687f85a7b5ba8adcbf32b3475914d3f794e21b403260ae5ceacd799c6dafcd05fcf11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d49d02dd9e01504e7112b15d6317a034

SHA1
4aa23f7fd1a7098245d518b5a8bbd43daa8c4b8c

SHA256
341ddabf2a0d251605fbf57081696e014dc2243dc231aebeaaf5b37e34ce995e

SHA512
14ae15705870e38de1fe00cd51c7870a2faace171e9eef1c54578cae48fbdf0a9cc06415bc9df857bfdf7760b0e5f33b4f779829470abda99c321bb6069251c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b0911ebc365e56ce8c53db4a655bd27

SHA1
934e521f97916832d194dd018f05c034a75120fe

SHA256
419ba054087a81bf4f7eeefc89c9c5c84f504cb9853934164b3d3bf580a1bbab

SHA512
f25465dcb004f6ef59fb2abae0c1e0c5db48ef56911203f6dfdc345a1af8b4e3776675e23007d6e24490598dbad5dcdb1d3155b1de3444b36bbc95269d316090

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f19f24f3ca8484e9e66ac8352c80f4c1

SHA1
683215f804962bd2d07f078b55b657577ebc680b

SHA256
c50a50c727a2f97114094290f15e5c671b223592ff92643b069542b5220d994b

SHA512
9437daa0bf64842d1a178a941fc15f6a38cecb55da3e531de866eafa0f132a2c0e0e7f1d210376c2766c0f121afe71905feff6f26cd665d23c7c4a8692f57193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae7b0002af8f60fa582ae43454d6eb0d

SHA1
aeba70f0f975fa98d692825f097671e135877af7

SHA256
a3a77ee0a4ee56bc7c82f9102c07a1c281d610855b4bef6daf0bc1d73892e99b

SHA512
b838983294e7021716da651b131535d0f061c6fe58e3a9d45c9d14bdb04b5c340f906df2173b55788bd02077c2c6a26c3d213deccf294bd4703fc114f397a51b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2cb3a205164e848a7e60500114860a04

SHA1
dabe8fd8b8217b88d75dee979a56e85b01e6540d

SHA256
3aa6074643e41168946a84644003cb1a2206a56a73524db04398415d5feeaf16

SHA512
ba4bf9755231074ebba88702d6dc4ef8b71cedebcab43bab85226d1b3773e4806ba32761f87848027ba88f5d77ba2ea0ef1108660c944c7dce446dcba475517b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca8c98973ff6b8066edaf3d88c030d97

SHA1
958c688fe91bf0719023158716fd39fa69bd8c04

SHA256
8e284729ea6b0e39ffaddc431cbf284edfc74e108360cd7cd00cb417661c67f4

SHA512
1b09522d6c84420bad9cd0969b957bc872d638e5756edb392e3e2630394a6cca17d233a7d431b658faa2efe41f78f4f9b13f7e28a482ca18ae6e72433bc19348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71de73d152ccbff75264ff2911db4022

SHA1
26c2001c1d01c21936fb95d9f75b3dc1094da292

SHA256
ba9c1c7643ee12d08bbfb5b886c9883bb9122f2e3e2efb06002c62239e97e3aa

SHA512
8901a5e13b177af161b24251efbe29d5a6f3d75e308aaf4f6c000d791055a98b3a22026f4851dcd025fdebaa27460614781529794aace633e9363e30544065e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2bd4c1417705350ec77695078e1f5c9

SHA1
ca7a4bdbb294b789e0da99e2be505f1221cf2cee

SHA256
ba88ecf72ab91d159bdee1b1cd04a0eb24d465f0938916f94e7f46e6b6887d2c

SHA512
2610fddf86ec16ae2e1e2e5d9fe47f07b8adfd84932cc1f22f7020131140cd7681a781b13f2df9bdf9164f5b8e3a2556cf45080d4b825660537e83966ea3dfb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b32e84219c9ceada3015322718985ce1

SHA1
04f9416e8dc5e3f2dfd7a975b7d46dc779bb2ae6

SHA256
c8b38ec70d59ff99bb7820eabd202e09ac98718419679d29ac4851b6eb766754

SHA512
bbd9746fadaa1c5f464dd9c69a833586e561850f4780c17b63341bd90478970e4188481fe5bed67a173ccc9a998215b473d84fd7c55223e1891aec96216418c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2069344af0b412206438fa0794c1839d

SHA1
9d8bd9a3f3d0e2af027e3dbe9ca0b7557db79aa5

SHA256
7cc4ceaa859b07a5c7d9fb08dc91626e0dfc2b8a6357964972ea571abae85718

SHA512
86f23356842a46d090f574dd110d046a9df4b0264a13ff365176f26fa06ab2a815836b42a5c28a39b60f61516431ea6fb2225bfb752567c07572ae96277b0d2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6b8b5ad1b6fd2af3e376351cc2e8092

SHA1
14860b963413bc945fcba9c12362fe11ac070836

SHA256
a4c55226e098e636b270aa4a6b44628d82229c51cb33f4b2bee7cba6d00dd5cd

SHA512
b2ef1391d5a616028307d01a0ed90f26aecaf9882e921485ccb0729f5f76c9521fa244583bc1258afa5a81fbef8107509f099ec63571ea4f56b5b63b09ea74c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
709055c12e57d88a87e32dd2be296c66

SHA1
e8f33acbbdf7fa282c6fac4c7ddd93b7447f4b0d

SHA256
89d23358acee833c72323aef24acdd9de24d48d2fbf65bd99a5dd9a97347b397

SHA512
9d33ce3e6a1ce0a877ae80fbb7e529ea4b4dc29cb68f7597c5ea49dd535b7ce627845bd6b746be7733966faf10d5a5a9cd4ba497c4494cef499c950aa19cc2d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
112a718c2c8ada3cca40e69730468448

SHA1
37f0b813b80b1dfdf7a6adfacd902092e733e9ee

SHA256
4cb5345bd7aa2ee8c2d6ed176ed09cfa9bd9ec6238936a34c4240c01d8910d3b

SHA512
ee74246bf1402d597345e08e7446d64c4baad03163245a6b2a42878cc9939d572c555f4b97938ba5a973b7319d2bd04adddcbe0c87a8f33ce85a8086d8514576

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0617ea0b397976b0ed9c93de140762f4

SHA1
8e673019614d43fbf3dcfa71393c9a5115ea342f

SHA256
6121fee4db790b89d613dcdbd6aa5ec3ada7a9f36f1b4344bec9eccb1b9dff44

SHA512
19e791c68d3de79c8eb3389515ba2210dc5f2e18206eb3f13b3a2b01359ee9a5bd105d5086b6bc47369b4967e77db37fcb11251978ad16b1d4bf4b270f6bb45d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3558e0d8dba2f7a9281fa2ac3f69be9e

SHA1
96723902b37a60dde64108247a002867b1e45c6b

SHA256
821dc4042f594b2e8e77a56e0717aef489c0134d85ce098b3f880175f0ec0b31

SHA512
ec3589a67e5bb9445367ffdfbf8f4dee66769711327beea2f690f88baa3ad84dcdfea1bcd84329a0462e6617fa45f581b96e21163e5f5604442e099663c5e2c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d012df048ff079ed71673c4da2c8041

SHA1
ed4d798bce98165a09acf402abd089a5d0aacd23

SHA256
2fbe16ec31697d5c9a7595bf83f3cbc4539fc5591bebc4bfd3b123d21a2ce279

SHA512
f7a5a3aab7520e385a2fbe86b9071aad36a2510f9e7a90179c671fb0f794675012c86aa8b876df37b2adcde99ade19c9ac927faa70a5703f34ae8eafc74f005a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4710.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar47BF.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit