e908fffa59f56f0861e1d941b4993bd44f34c20f983d3575e7cafb6917ce3ee1

Analysis

max time kernel
131s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b69938154c4036e79a0391479eae32f.html
Size

109KB
MD5

7b69938154c4036e79a0391479eae32f
SHA1

f34c4ae460a8d028d3b37ac81ac2123e6af4cf6d
SHA256

e908fffa59f56f0861e1d941b4993bd44f34c20f983d3575e7cafb6917ce3ee1
SHA512

77aa69d22910338d28ca650a3ec4c5b37b31c3c6861574735a2f5e4c94b2ab1661574ee495f234f857aa919427b0a8a607e3c34e7047faedc97b23ebda6b916d
SSDEEP

768:llRyeL/o1iupboltBiCCe3/hk8dBG7ZgL:llpLg15pkltBZCW/hkQBgZO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412555318"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ECA8FD41-BD60-11EE-AD08-DED0D00124D2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2448	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2448	iexplore.exe
2448	iexplore.exe
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2708	2448	iexplore.exe	28
PID 2448 wrote to memory of 2708	2448	iexplore.exe	28
PID 2448 wrote to memory of 2708	2448	iexplore.exe	28
PID 2448 wrote to memory of 2708	2448	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7b69938154c4036e79a0391479eae32f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
3e1b9d57d8db5fc03a7430f8056ef8c2

SHA1
429235e65e6b5429365a32cba2f92f358b2246ac

SHA256
bbf874dbecadead609a962ade3555530a4c35fa49849d59e11b0fb2650f5623f

SHA512
110c5260324b0e2e421e60a389f12ced348843a4a976c468e06a1560463ae28c9ae09a87b7de964ac9f1b92f7120c91574a787ea7c1e542fab2308c6e28aa806

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47204d6e071ec104c38e66b4d64395d3

SHA1
c424b10387300c81994f5f9f83850fc5a03e74d6

SHA256
4bb42aa3032a38ffa7c88e91b2b3e4c42bd7c0c0393c33e7bafa5a0bbddcf473

SHA512
4afbd18be60afcdfe5454586d4c3de6a3299c61e88b25be5e820944e8d58f1d8e06ad5efe7a096112347dd34445d5201a70a9a0eddb64d17d4f12b388b71c3b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39372e2ecfddce256351d3294384e8ad

SHA1
c82274e2b81d9bc6019a38b9930431e5b958b184

SHA256
5c12cfa94ae7e3dd0d0b3accb249113868808041ad6572c503b62026823f97cc

SHA512
21e80e56b21bc126b9790680bb443c977545cb2e1e757eb76eeaa6d67f301968538be40e80c47bf86846b69cc732a3b0b75230d4e1afff2c587d94f6644eed27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8faeca0ef0f11de7eb6b241567ee9292

SHA1
b18e2d7c10046a9d17ccfd5fdb6e4e63aa89f414

SHA256
69cec433378cd89ebb78c885ecbfea3ed57276947dfab1b118c61456af1b9d48

SHA512
88f2738d96b9832c4e4d52810d52c16f9ff08df3e263849f287df3ddbe9f2a99e7cb386055b8cd3d9ccbfea448b45aef8a9a3a3dc6a7454e191babe33ff531c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b71111cc5a6b0f2bf8b1680fe82f1971

SHA1
8fcd6183e7a0d64baa5d3cb9efe8519857552698

SHA256
9dbd24309a0972231993e4d3a34b9874fd5b7655a08cff78e2e2c50786cdbb78

SHA512
616c7db25d2bacab54c72aba7cb7a0fd5a71486f8fad642247f0dff043aaba1941fdb1ca3a25a1a911c4ef3b2caa00eacae88bdc4cad4980212e5fad9fb8a375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c4be2fe1d2a8d6ac572a974ce7ff33a

SHA1
83553a38243f4e14dd5c827c1b7981ed892e9a32

SHA256
8664c97c371fa959ad8c543eae0e24728cd738a73b7194ce20b47e90ade154bb

SHA512
887e38c6ccace2674f7d2b75ee6920d89af72483f5439097244f382ac9356bc0a5e89d5f2a59c9d280f804a7b0c79e9637a8b212c9183204c6358258408dd7b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3072a2600b8cfa345196f49e938b9455

SHA1
77aa032d28a9e1602c977a1f34796c31131a5807

SHA256
d980900e3fb7aef6d6b24c0e1d195a9d547a632346c4cc0d46d1215058d0a7f3

SHA512
da8d78dfb2948d5bbec9e69239b0928958f3e3eec657d04425da80505a8475e1e50b77ce791fc2d2f689d989fb1b666b3c76b4364117b8f0ffa19d5d78b1ec77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7207089dafe257b914899d0771221614

SHA1
2405e6d9d7ee490a2106cef8b97cd47d481a2a3d

SHA256
aefca4fc88641e4b6fc0cc8537dae6d1a6c0551ac7f4ad02243c4fabd5cba77f

SHA512
2281a99560b7cd0cbbb629b3e8e339690ec17334ba7241133c470745f47b7e6da05ed7fbaabcd4a791c30d055d5087dfeca21f4dc65e69195597fe2b6556fa14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8ae30f14299e8f354697eead547d527

SHA1
39d4efbf76f366756d810d9e57d653120ac32739

SHA256
fbd2c4007fb0ad2891fac9c28a39f8683e09d5962445741f515edf56301e21f7

SHA512
0b8c0a84406b3ecfdf9f9f7c3a61b68a592f4ca6dbf0d30ab7b14a92fa9ba55d33d7025688044d4ed4e66592d70cca0a30cd18f2351a42486181027167413961

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
268d9fd6a54cc49ec2a3029aff638d05

SHA1
3abd88b5c97574dc9d7b5060b314e7c015e23809

SHA256
9e883f8ea9c3a927014be33634b3da07e4f9ad610da8219ecb68dadad95e34e9

SHA512
89eb47f7e9de91a423ff3fb5bdedc651f83fcf19acdc37762ab68bfd12e360185b98d18f707a26fa175427cb29b24fbcddf45c3892a24ad3ec11935a8c1155d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd195772cd4adc984c121244d2c440d9

SHA1
5cbdcb918ce486d84eb7f757936ba42a13603753

SHA256
17fcc187f2edfe8a7549e5d0f31a6ac6da5f7862bea1a5be6a66d2810603c471

SHA512
3813d9edb23bb3a0cb0327580fc9e49d0edea414d6ea4b1d2309132a51fc199cd1cca96649da84213becd9fa145c5b59d95c70c2fef7959bf400490ba27219ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00c3368948d78ff5caa236b9a09f40ee

SHA1
84f60ecf93bfee78cb783dc2677132f73ded8f06

SHA256
dc90f6d4a4ba1e23103b69a82ac169eb1d6a601cf9590a7e55ad48d2457a6412

SHA512
c62725e3cef93acad2b4d7de0585609f9c266bf4ba5861c8d36948ae57c820793142051d2279a8c59f941eb2e16c6f8331ddb3c2fb4b5a394711fb34f14efdbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2fc237ab538c4a0abec3359a3efe8c4c

SHA1
cdb06bb236b32716ed6d85eae6e809d22f2deb3b

SHA256
e385b430b20a09eaf60aacbec3ec825bf245336bb29431258d5a0acb7cc7ad93

SHA512
063d027861adbeb3f1e4bc53e75181261eea6a68f85841984bbcab2b7f1207267450f2ba375fcb182d0c26654fed12f2c6e2ab8bf31cc2502cb7a1e96d494f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\httpErrorPagesScripts[3]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W79VKSP8\dnserrordiagoff[1]

Filesize
1KB

MD5
47f581b112d58eda23ea8b2e08cf0ff0

SHA1
6ec1df5eaec1439573aef0fb96dabfc953305e5b

SHA256
b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

SHA512
187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7FBD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7FCF.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit