e5391d5e2bd4c00837037a6797e533f0ddcf6b9a063097f26a777ad0771e522c

Analysis

max time kernel
48s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

671954349830df7af4aaf4399b684a61.html
Size

121KB
MD5

671954349830df7af4aaf4399b684a61
SHA1

e3672ec39136896729662bd114f368bf38187234
SHA256

e5391d5e2bd4c00837037a6797e533f0ddcf6b9a063097f26a777ad0771e522c
SHA512

82b65cd688ce8d5aef567d1209803dd84fb618a92ba61d684263d8d963ba50618a464e16d9bcb1e77ab922c116650b7a5693c522ad46523685fa494e5b5d1795
SSDEEP

1536:zfpQNVc+McVWkPKq2AMooYcfYTnfm492DE:dYrWkPKq2GTnH2Q

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D3683AB1-B6A0-11EE-9E34-CE9B5D0C5DE4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2128	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2128	iexplore.exe
2128	iexplore.exe
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2756	2128	iexplore.exe	16
PID 2128 wrote to memory of 2756	2128	iexplore.exe	16
PID 2128 wrote to memory of 2756	2128	iexplore.exe	16
PID 2128 wrote to memory of 2756	2128	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\671954349830df7af4aaf4399b684a61.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d5284fa8602f67aa5e9b5d3252dc5b2

SHA1
6f754c7a2145fbb43c4ab582e632c3c6633183de

SHA256
abd03550872a302a400a7a9c9dda89b941ad6ac13797f1bc475fb2c3bfda1a38

SHA512
d32fc9e71f06edf23076b8242c0fa625a5c368646a359441179f5b667adc0b7d9d4248ac448ecd8452ec0e52881bcfd921c0c03183893cd1c341eebb66d60266

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
499f58b059620013fb60ae11435dbd6d

SHA1
f8062ed31ea847ef172e8bc42e15f502b20d1a0f

SHA256
7c007229eb4164e115a38f7aea8a969f83b8206d2c59c85e251712902f4d60d7

SHA512
4803020c70fb89b7e63dbf1b586c81ebeb5e248235ed7d8ae6d4b6ba62854b398b28cb9295c060809951a013b2ab0b9c4466e1a307b03c8ceec931503f04541e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12d02227cea88387e67b64a5fa6b7bca

SHA1
f91c53c75ef10dad806f6f5dc31715e63ce38d2a

SHA256
1124e9e5dfaff819734c70b87243925e1d188b2a2f9b60301bb0865b1c6f6d25

SHA512
ceae0106973c985ed5d088b4b84a1dee899faabffd516bba71b0f3e254f16c412604645b1d745f8e1ace91ec9bddc9478d5d0fd821466d065bb8a7c785403885

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
424a647e19310b02eb03916390d70a7e

SHA1
e5c5f46e5a43fada43736d24a8ec474b6534c07e

SHA256
908ca6888e0afe462c8dd85fe62284cef4892a6fce967d77b16c87bee8d66451

SHA512
a1ea55a09436406e6eb754b6d43fd423a169305eb0e31db3ff72cd80de3ba5defb4cf3239128fc05261f8bd7f6a61d24fd18e4a0b8074eb278f75de17e779591

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44657df8f6271962956f199fecd5624f

SHA1
7d0518f59e21f5febe08bad4baa25d7e7c20f2c1

SHA256
3d94284f2cab889ab2028019e3a77209ee1ff4488c4f005170824d71ffb1669b

SHA512
1e1800dc2c56f95939f6b734eab47d9ec12cfbbfbc024e58da869fe994cb93400af109d98b252542f3c9d8e1fd895fa67ee587af0b40dee2e26750df957f6f7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18a8acf65c626eba80f0ac7020d82cf2

SHA1
e3803a266133448b3c521194561fa03131879b69

SHA256
e2eaff0a31038009015b69dc5f9d9c63facd8a1e69e3ae6219c63272b859d931

SHA512
8274b4cef8b1bc60122b9f9e1a1a936065bd1d7d082b8de07985b22a2aaf69da3bb722d6883a47d6680b1d8e558596a4374e385372ec3e4450d517a731e0b920

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ed4b4d9114d4aa4f4cef68d3b96ac9b

SHA1
f6d366dfee47f34af8d9492b47e972a4cafdf343

SHA256
049dc33b203b55f081ac8708d74938602df52aaeb594ab6e35c26a06a24a43c2

SHA512
0d6475011559b2054585d4c8a9db94ec8079a47bf7df747e4114010c17d430c94f3d6563be7cae8fce59756e2ecf92af273c349ade224e002823a233b15580b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45b707503ad1615947c1a49916906b04

SHA1
82292666591fcd3501cc8d39ab43616ecc3a0344

SHA256
7efc032e49ee76a6c6054054af80f098b63ce9d5fabff3034b616bfb3cc9b836

SHA512
51f1472f803a228ff75dca6b79a545bbc8fb8a9e13da15adb285ef83d430b3a8e920d8bbc9a62a1c8811e58a71f62d614b3aea1824dbdc7572d92c75a54999c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
265be1d8ae9b73ba29b56381c1fd3a09

SHA1
1b838f7516a8a44b60eab42e70cc262772e33ab9

SHA256
054d9727a2ecade5a2e333b3fb1d92821732c16d4adc1713b2e780ee8c873bf8

SHA512
4a287328238c90cdb77f965d9bcb9a864da55f61e001e2feb17c1942c324c8113768eedfe4c4e14b87070e64cf163c119962ca303a9de17fa7016356ed2399c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44163f16a83186ec48a682b89e8914ad

SHA1
e8cb477e6ac325fce95bd782825b041c8b9d26a6

SHA256
04a7f8069ef5085d2c75a1cfa2e787a780e147e9c54855986d642b5085af024d

SHA512
6f8ff6077b7bed1d74c2e8baa7943d54b992dd76ef8ac56b62c78807549efc6a20fef69b36de7c00fc8dc99264b5b56e9aacbe83eb57d8ae56d2016b75dcd214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb659a2fe01f2a77267aa882d9b41487

SHA1
c452e3a49aaf8b6b549bc06311f5ef2183826e85

SHA256
340338d43a297fa4499d3ba8bad6422edebee2d20adac225de313fd493494bd6

SHA512
e09ee47fdd3adc5f81f4e8913d6d5987ba5053fc33cc935477703356ac0ed4bf1cada3eab77bdfbb6440132548a51ae0ab2b12e097b8caff219be7a77bfcd627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58413a16d75b41c7d0b203446cc34ff9

SHA1
4ac8416b715c82b2ab52fc7d59835a59907f542c

SHA256
899cd39cea1d2aa02285450823d1f85bfbb3ef7aebb84703c128bf8cb5bb5250

SHA512
0ab7dfb53b52161bf286cff90934cb4e854853e339df20990c37bc9cf8a15d87d03bd9b669ac1f0dce984e5e3972652864918019ebefd64e6dca8eb088042415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faf7a9eae63f3d2a2cf8449f96ea974a

SHA1
78dd796acb7ab0cb320672d5aacab79e9f58f116

SHA256
0bc2cb11851b9be8e936702c60f46853b52ce17ef797487ae4434d540fdfe163

SHA512
28b2bb5706cdea2a15c0704a6adc0edace25559f2c8691906178fe58e047559de826d0b2391ad703677dad4d8de870ff14dbf99ade63de9476ffa67a46a283ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2461f13262c937b247960943df2e7c84

SHA1
21d219e3bcbdc9b910755b8368bd6ca282fb297e

SHA256
6d9561e1b44628e6074d7a9532230ea0e9996852bf2bdaf0b1f3f586b7d6c3c6

SHA512
fa58c05776761bb715ba6c81002864252c40d6cb6d3923f428eb51f5d0fb2346124cac14b2b5d0257447fe0e13fb1c605fe5859d70fdf3fa66b2a60f0e286ceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bae6e3559f208baa7ee4a82d8584faa2

SHA1
8e35ebf2984daceced1a94d12bd9f4dec8aa1e8d

SHA256
884008fc999b5b357d5dcbc36a588e4c6759b2e76f8a0cec5552c12b36a25a69

SHA512
059e9a6e7d515db3563ae0bc32647cadf3acb89807cecc28689f78bb6e5e44deb2b55b8597537e3f5d5ed65f73d3bc5863027c0c760b2f86e7f0f2fee79f0b9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
956efaa6bedb143d496e1cd35d530272

SHA1
b49277aa08835e8f0825d858576564326b0cdcdc

SHA256
4024aa85f336cce419c2f14d57e43b96eacc9d19a996765d1ce0bea5f15cf257

SHA512
52c286512053fccb4b7bdeecf2b9be4d835ab0e23ac51fa2f20b00ca3cb61ed180360a1c501e6beaa3499572830b602ba914a52b85f0264091a4263c1be80c1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d64e014da87d05bb7918412d9ac536f

SHA1
2751d697013632bf755b5a647524a75cc0fd1e3e

SHA256
3a4d92b2c3811cdec151783a572f717ca30a293a6eb70efdd801ae7ddbb2eff9

SHA512
4aabb23e21f74b715a00fd10f19479f21e4353ac228080ff1d079e9fd60951055324307b66e4a0c4187f67ec8d208448a4c6cf08bdfadedef5ac31361b776be8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31e947b81fd9272406a4d75c750d95d0

SHA1
29efacde626447cfbf9de7452ef85f2a45366b82

SHA256
46b6429e68aeb5825cb7188d17507b68fff9bb340c52d9cc7ff932e04d1e7e9a

SHA512
90b6ffb6e312e9133dd3a55b6afc835c79eabcd79984b6d5a5f1ecc2657917ff3dd9d53e362a4677550f67a4c5cd23bc72d9731d0abd6ad8d739688f79874b33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96ab737ab92f08eb0b9155c6e3071ef0

SHA1
b2b5032bdf0ac0bb8be53b45face51d7bf86eac4

SHA256
5103c000ed0b4bbf317326b6353aabd72ac5123ffde858783c65e01cafab0d80

SHA512
2c746f71173c2b4283c44a0e0a8333d712b232f6c871019596d57ce5b49d5994cd7116ae4b2e70fe53faf1aee48dd7e09684947a197fe2a2bc2f19b7197f4ca8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47bcb18bb00cb2154cac3c872e9f28f4

SHA1
bab1076645d411a2a166b9a489e0a5c807e44018

SHA256
6230ee732cb43df34544a66131dc2ea3397a9712b0c81c2e29019c194d42d414

SHA512
0dbf6473d11c8733abccd033e67ff511e584c55db17fec0488fb408e292fe54c4bf151d80bbf6fc2e6f5637eae7c58df219a63a68d6f71670f850342b18fa6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFC3B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFC7C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit