023dcbd278beb22bbca615da3c724374975571a062ce46acd023b7d1da891edf

Analysis

max time kernel
65s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79c14dd1cc1c0795abee4a3b788e8292.html
Size

41KB
MD5

79c14dd1cc1c0795abee4a3b788e8292
SHA1

a2ba5b48e442a2ea340070da0853a335dd169acf
SHA256

023dcbd278beb22bbca615da3c724374975571a062ce46acd023b7d1da891edf
SHA512

4cebf300abc31c2e35014a208d2deca1af2a3a7eca6b75bc7c04e166458411cf5e1e3fde3d1eb59c0d38401291b959e3b49ba8f8806c9f8e186c31ed379398a6
SSDEEP

768:ICFI2p6k5iCEcQkvyGQ5ZnjyjYXac8ifQfP92fkPtSYzwS48LlzTeN5WeFzX0G:ICFI2pVQlUZl/eN8eFzXJ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{114E71C1-BCEE-11EE-8383-46FAA8558A22} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
688	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
688	iexplore.exe
688	iexplore.exe
2384	IEXPLORE.EXE
2384	IEXPLORE.EXE
2384	IEXPLORE.EXE
2384	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 2384	688	iexplore.exe	28
PID 688 wrote to memory of 2384	688	iexplore.exe	28
PID 688 wrote to memory of 2384	688	iexplore.exe	28
PID 688 wrote to memory of 2384	688	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79c14dd1cc1c0795abee4a3b788e8292.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:688
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:688 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b615da9ab73ae3005552c309d21d86ab

SHA1
4b8a051e660bb44e3f5dd28ea3ac950e2afa0396

SHA256
325079237477861c36c7b22ac8570c4e54e2341f92b2d0ad06fbe48387738c88

SHA512
3d44c4d6caa2c6b57c8df759c852fa62c374812877ae5a88c5bb9cbca3b01a1523f75d3efddb26e48a1bcb15af989e9cf22a84c2befe363c6b94ab4b7ed3a923

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d1060d3542a66fb02a16ad8a70aed11

SHA1
c1bb1913ea7e134ab7ee7e0ddfe1e0b1a4b83458

SHA256
c226877906108985b109381a79cc66b7b39841483622b4bd21c0a4a29f1eab72

SHA512
0d6d43b47af6441a55bd0fe7b292352970f1be8f81b371aed400cf7b9654f75dee29bc58724f7649989d46f3ae68575f01174204293820d2c876449980b9a83d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
530a888c56a224eb178ccc51260a3a85

SHA1
3f4019e1701d72c66a0cc0122429558485f598c5

SHA256
a778a0fc4cc71ca57fa8f6d4dfc13da3654b0fa13c167648f9a5f4693f06ad23

SHA512
31aee53606b5c8bd1236da8587a8b5f3c7e2bfe58641d0d77055192c34f045009df845950485611572899508366ed869832209ab24ccebef181377501f23f904

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96a37c5357ca4457d5fea8f2869f0dce

SHA1
89ee68992eb760d63c39e36ad76ce394e392ac8b

SHA256
956a2675f1a64328c51b2c025fe0df7be9c1a1cb4958ef2598a30b1c14923052

SHA512
2cd59bde24913a7acf2777ef2b4a207390f52aa6ae29de13acbdf046059acea3d11ea6c3f0d859c9eeb1e27b4a2602632773c5b5a8c11ec71e1bed133b020f75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4071c0f71f6ae075526a9dadb3aaa64

SHA1
5d40090a14af453b56b6e670558f8a896a1acbf2

SHA256
c237c119e95eb7e381a817f4fed3b6b21d685a54fb04b606ea4eec63fcc8ca2c

SHA512
fad6cbe81b6132da7cbb2982a1c80e18685ebfbe3aa5c8b83551b627bea49ed648c496b23d6b581df04939bf051d2f571be99daca9fd67eb6c96c0faedaf6b24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0e0a21747e5debba569e65f5caf06e4

SHA1
5ae82117b6834860966ca6539af9d3b9f8d90fdf

SHA256
6584f11cc76634ee3222ced5a930ae9972d8964b66a959bcced1c7a1c8b5ed6e

SHA512
5c9595664e36d4e9d7819dd3ef9ad6621803fedbb022c24e205381a28e3b5e45890c5beecb52574ec9a70953bccd7f99ee8ccfe3533c494eb38e529f3cba2403

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50ce51b7f28d03bb0f4eea8fc36a2232

SHA1
c22ef348d147d6bcd94d6a41c66046338fad5476

SHA256
2484ad4d8de47904670c3276c2439bc114c4d57144b4b39dd552961f4015a621

SHA512
5e6a06451efcebe524ef924fbb6991f807d4fd7daf961853a9381d62f885b4714c1203428e22d0545e883905ae7f3389a7acefaff75f8cc65ca02e380fbe3b1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7002103edf591fd75610ad09adcaefee

SHA1
ef36d4e18c7bcdb9d6ec6c62fd0700a4cde4de03

SHA256
6351e11515c47e6922113d8eaa83a3a04ccff036b888f1fa56fd76aae0605905

SHA512
a1e82208ec99257bdaa132e3a1609160cdc488af53eeab5b82d8711cfd1305e9a53110e0e8817e7fbef649e8d4d627e0268c016f740244bd0e896015f3e7c396

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9ce3e67c2836f835814827f71242811

SHA1
9c108efa16382156db79be579c918c8b31a4504a

SHA256
4bd870a79c898bb4280ec8cae93823595ebabc1e4448dbbd6b8f2a08f62b2634

SHA512
fee33f7ddc700dd8772699c18f08055f6bfe22f4ad8355038277f7f0083f303d5cf8502436bbd09fa1f7ff74f97a88c136e7823d312ee026672e9789cc3e158f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a74b506262150a407f4996e56751e479

SHA1
82f9c38fc3d4d46089cede6d2f4225535f5f2da3

SHA256
723d9e03c36bf20da2cb8e1a5e34c5ed4a277648e537b8ea2d9aaa97bd7d1aec

SHA512
ab9797d390dda9d1fa713fabb8d8d2464184339e7599af2466d4db6cdade3b69eead0b3061c103a89496e3529682d7b6f1202c6b2a7016bde5b8980638b9212b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a11146680665d843ae85ce387e3d1ed

SHA1
2c12b1fd8778a6ee8273ff6b5078aa623e3f37e8

SHA256
99231f5eca7786b5116f7c128e4b806444c41af1ae63cc7fce39a9e834057bce

SHA512
9a8f6f741e0e5b33c8334a5b5ce300cd6c393a2fa2383bd76306a2fa070053e64d7dd3d211e306c3449be7bfa67ccc01c96bdcb5b76b42284c9a3e43680c3f58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bc41ae0a8ae32be8313f0ec1f2408d8

SHA1
1e9f6907726cb8e0d94ec01a9f23a773cb446540

SHA256
9aa1a408514c7033972cedb0d374ba697d6d9b8355b0a74a2bb9b7f98be38006

SHA512
d3262fd725bc910ddf19aa7ab277cc8723ab9c3f26afb3f943bab5dcede0ecf43082a7da3dcf87338f3150531e1a8d34e51a4d906749b2551d67a99e480036b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7034021a721e50c53a92cceea34658d9

SHA1
bc3d6f3864ce4d3cb6a5eb64aadac357e29c8711

SHA256
7299085e083d1df8c4599894dfcb23c939d99c295d6293a34af6ed658d84121a

SHA512
df6291e0187d0541fd8e2f1e8e0d88080f03f1b761a70c29309740520b9924289616ddb736312706332765e431901cc52696392ed1d1a79ddb76084caf390fd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef4b326635c4d547b94ff6d07f14bc85

SHA1
1c5b6c0f9f179f4216a8872d0097f7572b120000

SHA256
2cae57b7c94ac86405ecb9ca1bfbdc1304330876befec6af626eb114a0c388f8

SHA512
2d00229fb51c2b56ce2abf808b4cbd41dae73dc9b7a81e84ae8df311f4dfea7e9f53548e288e27243691c3249b4029ceba9b743f7c8a6628d991223b82b74dd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58beda346b9fc57ff3f98dddd2eea0eb

SHA1
e15c0fbe0d3043788dc686011990975c54763e6d

SHA256
f97c0e5ff6227e535d8a4891c7e67d9c96f5e836f49aa366cf61169292f3e0fc

SHA512
98572b7cdcedbc788cad0aaa2c5873b724e75579401d6b2aac867d2cd8c57042f80d4e8134f8937f565f5427a82acbe2cf6542dacdf53a85c743f35d5c2ebeee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3609786b639aaf032c16b4d4a36cb391

SHA1
f90bac6b6ed4265765aab9b7ea6c409dd41f1483

SHA256
096ccd2c5bdb179b5dd5350bc195334e4c2b98e1658f0e6fb694cae41393022f

SHA512
fdd80989462c7aae44230a13f0ae6c99271e04e14f787b160263bd8c285f7ba88fc3aa9f5da396349153a650868108a17e21756d5c8e3395614c953e9d759824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30e3e1a28a54bb8ef34e12fc2335b8a9

SHA1
3cf12168668d1ebb7005799643779c68e088547a

SHA256
bb690e2ac3f676527cc598cd8af59108b3e7cac75f15b3c92485246766652a59

SHA512
af2b27b56b287873c21c2843a660adc25fb80cfce8817e605adc5944c993f9ec29d10353b116e701f075eff3ef4005f51dc4141c045d94c7100d4a29d3dc8c97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d378b19cb1c4913c10e937b09a3d834

SHA1
f199a490ebe318cdb74e45313748a3712a0c5cf5

SHA256
fb9975d2e477b9cc759ebfe018dbb2898b0a9566a74ac36591141a83e94d17f4

SHA512
5384e8f01824881916020f9ef7726df92bfb079c127a95c8f5623440ae5d8d2908c876f7b43828a2119b3236241b4b6d845b2c74e567f1f55a13e6a2d0a7327a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
635f56451236171fdbe860e7b0888b8a

SHA1
f0baa200ceaa8132a1b6a8e340b597c53f8d7e2b

SHA256
b5be26f8529e2e023d0da6050b70bf7eff2520d73a1d3b924017fcf69837cfb0

SHA512
419f275afa3845c966b1bbfe9e7d2d435cd4ae58aab047dd0d68b17edf177f11b7a638145a6fa5fbc60b8b052e3bfee906eac554c0f6cefe4e882792a32138cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab10B5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1145.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit