b44b3e062eb159c76e778b5dde7ceb7da1dd4d414092d8710bdbc161ba04fc3a

Analysis

max time kernel
144s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

795ccb4504e1fb7b0d402bada96b1269.html
Size

50KB
MD5

795ccb4504e1fb7b0d402bada96b1269
SHA1

c12d16eaad10a826fff4ed1409c852ec905d2826
SHA256

b44b3e062eb159c76e778b5dde7ceb7da1dd4d414092d8710bdbc161ba04fc3a
SHA512

e63a4869785aa2ac7f4d3538313bfd5a03ca3e2acd3ccc3fd2c23a149543f89540c5dfb07b62f8b1db766fe8d12f65b208996c8feb49d70c7e8ba62aef3b3bba
SSDEEP

768:zXsodMU/Iz/+TqMSz5mamWrJZTO6U8Vo2fBU:QyMU/i/+WME5mEvTOV8VO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412494368"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02FEEA71-BCD3-11EE-B311-F6BE0C79E4FA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2496	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2496	iexplore.exe
2496	iexplore.exe
2296	IEXPLORE.EXE
2296	IEXPLORE.EXE
2296	IEXPLORE.EXE
2296	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2296	2496	iexplore.exe	28
PID 2496 wrote to memory of 2296	2496	iexplore.exe	28
PID 2496 wrote to memory of 2296	2496	iexplore.exe	28
PID 2496 wrote to memory of 2296	2496	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\795ccb4504e1fb7b0d402bada96b1269.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
53aeeb44d70ef26dde3fd01e770b6498

SHA1
98515b17576421a940d8d8cde515fe283bd5590b

SHA256
a3890be4bcb14ef11e29616ae9da5234180e10b082a2caf1518030d8b5c09736

SHA512
b0f52b2a7643c3726fb8a04e25cdd1b1e1a441e461adccaf9d41f443541178b6044c2aa2e608de4d5f6c18155f9874bc8b08155bbce2a0a925da84f44c54acde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_15F1E9A5587461A3CE6ECC6AFD0065ED

Filesize
471B

MD5
308492bca80ebbf422a07c13926aa29c

SHA1
7b0c3bc89ca431dc2d1fc7f5a6ad237df793b005

SHA256
b099d23461b4ad0748e2bfafa3ce4d2ebf947889b88c84781d42ebf2575f81a5

SHA512
9aea486e4a66d753e80308fcabaff2dc4e7527e294699f19a911398556a5f801dcbeae3528fe137e726dd62c07940cd67017d2d9b8d3d9f5989fa8feea03d3a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
1b54fc58a50dd6695d0a28be861bf641

SHA1
d7789e3d3cc984ff720ce73b7758f357cb22ce46

SHA256
7f5e40f62b2ba95f3b3cfa09dec31012ba2f13db58442bdb6d3f73f91eb3c696

SHA512
fd59626c5ec59c13b2195d72a1b830ee57d42609865adb2620895e1404783df2dc6b1731f63164464c660e00e8157bd6633be0f78213a65884ef157e390a7c00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
620be9545360c9eb158a30443604c43c

SHA1
9c436328a50dc40784a4b6280a378874b3ae5af1

SHA256
6429bc5f39379d5655f150743d434041bbd447a7a5ad603ed4e80d2da96fce80

SHA512
a12f54e17308de9d664f8627b9d4de8ad8e904ce56088aef4744c6a3e9e63bc0042762aaccf47f121408e801d55ac2cd293398e7bdb250753b7c26eecf0ae260

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b37bbbb8b98a93cb159b70f6e2f9bd60

SHA1
f675cb5ec539f8c299d42c417d26fbad4f0ec128

SHA256
e5bfa15ad470f441e9ba59558087c0b138c7f99f661d032f6d02596784e60372

SHA512
2aa8022dd7218e7c80155b44598f80738815761b2fcd7fbc59d0ab579ebce5254bcb48c78f74123180f2ecb3f469450a43a6e65b0b298784fb397fe9ad10ecdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22adbd3f1986440438323e409471b38c

SHA1
de43b93b79cc312364a681c75d0dc28ee95481ff

SHA256
a26b5213405adf9803e8aca95191afcd40c5ecf95dfde2c50b066eb1252e66fd

SHA512
1085fc4d718dfbabd37bbf55e8a47d30b930f3903307587646235d8962cff4964ead9c352c62bfb95fed82b5bcd83d3198d937262e3356413f7dbec637921f80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dee7db6933a102f874f8dc023b3cbb3

SHA1
872cd1e8d6498fc9fa101978e0223a32b05f9eaf

SHA256
af4db18df2cc434f5b999d9f502ae90e30d21c76c5290ba73ab504398af3e0ff

SHA512
45855fe3c962e5ea1e7a3b2abd8f7bed10d0e6b647146bd2574a824917bad458c29cad8f19d299984cd2d1d4fa47154919eac5024ab1425a52ee4b7c43823768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4f8899a5698d923ea22a100230e700a

SHA1
7fb1b48b35252c08f605338acdca7d1bf1786ecd

SHA256
2917b43687edd76988563d29fa58f012cc40829d5a201745d80e1bd4b953a629

SHA512
ca962411271f7c9f3a9b79a0c4f9ed0247af1650f8a1a5add898e5d8221affc3014dc6e17b09a7ab88ee5052f345d7af3b3720aa3058f31ccc85565585f758b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7bcd70ec7571112660def9b5a5e5496

SHA1
4d23dc5bd3dc2a96a04749039cae626f893b8fb6

SHA256
e11fbd51cfdaf8087293536e3d7281547ed79176505bc3ed8653f5a448ed52c8

SHA512
6ba37e9650d8abfb0349b6f97b7958092db1e95c52271cac51db568e787f424c8cfeb401ce7601adcc1ec3d51dd953c8280f6675797ce8ec546b9e4077e09a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ca70b72981bfc24c04577dcfb545c0f

SHA1
cae9b73134e3a686dfdbb3844846b43e5c839a59

SHA256
eeb71f00558714e28c546bf7e4241620c5bec70a1f2b5972eed1578a29c760f3

SHA512
5c4b2d3d415ab13802a9c032d07053f0e0e3774a97071b8c3e96e752a7b24a1b1e02c95f286167231514b05db371796520f4211588ad56cddcf17dcec41893ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
103786e872ef36d2558df4919e341bfa

SHA1
617e7d6f3b4ca25b3c2a454e51c7fc12ab134cf2

SHA256
942979323c3500a2192844e34fee432f8633a8db25c42328088b10adfdb3eb33

SHA512
832984ec8eba647eacee95fb446cb414b02610e6bd0795e9974161d5f4235060bda41dfa011d415b13682fd1126a6bf56250312cb0a3ba10a706329fb3a20042

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
013b6a4e0aa9703239b13331a627ac44

SHA1
cbbb955c5f651bde1abd64c7fbb319a4cf363885

SHA256
b4f0da06cc7254a4db90e4a6f1cc92af1caf906699d4d48ea70a77992aaea88b

SHA512
1def35f432802fd79280c926368ce31cdfd81b9fe6187cf8d1a0b396c6629823d873fb8229ec3c9b0631dcfc7637801e404d0f11a710c3f5f55922ecb737980e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adb15257ed37685ebb288c271fe65be7

SHA1
0f5141cd14c2d2521fabd0289170cb1cd6fc3fe3

SHA256
08c477130810ed4cb2696384b32e78724b8a87909591b4c72c7f7a9502403d02

SHA512
2f4eff1c58fd6c7f36dcb6d1e71e482c58da5feaae7895c2eb25e043972217bdfcc1c3259303d2567c89a9a5021f0a682b4bd95bf6213b2a3652013a1f74afa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_15F1E9A5587461A3CE6ECC6AFD0065ED

Filesize
406B

MD5
9f117d65717d5e98af1bca5c82a0e09d

SHA1
6fc33657122545b21233f757cf41e579e837170d

SHA256
fa08918bdf9f3b68aa728f26c391a1d11bf0e003e703db433b853f9c8a1a7593

SHA512
6cbf54d694f40ca6ee82d992a96bb314f5c48a22aa28b2a36de21f93af5256e5b5f68bf342c0a36d2212043ef8a65f9f24e6221152c70cd87286f3a420404edd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
1899aba7b500cbe133bdde1521f3b9f3

SHA1
0786ec463df25d8d4c7b41b7b9f926dd46f4147a

SHA256
38a6707396e3e949bd9814bbf6c5b409c46b6c0beb47137927401173931eb93b

SHA512
1bbfbaefae662e9110108e42184775375606c8835e52dbed4664ba0e8eb06d43a1525a3e6af160aab0b6073884228bdde5cffec83f187527eedf5d194d7f233e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5648f08879bbdcf864f0122fe68a4a05

SHA1
b24e5f52d5fb6d11b2a39c183d4294661bb49b8d

SHA256
2c55b4b729b2d802689a5d0f1a31de05af17f25b18adc3af5c980773f8210a3c

SHA512
e80a0698818556131ca620b51134ae8b0149447e0749620a78b2259ff2aa1c800e7ce0f7b5c4e0cce08d3e433e5ed44fdac2c6a8165a6040c0ed1f7a3e5d0a67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5090.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar50B2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit