cf045646929096d8747d7a1d1400bb3c96d5dec410d8cf8aee294d9f52e81f84

Analysis

max time kernel
0s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7eeedc288ebefb99ca7380ff39e16692.html
Size

7KB
MD5

7eeedc288ebefb99ca7380ff39e16692
SHA1

b4f5aa574a251eac02e48cc1672a167ba3d081e5
SHA256

cf045646929096d8747d7a1d1400bb3c96d5dec410d8cf8aee294d9f52e81f84
SHA512

42547fabc9f1b244e4349282c44c2e2d4741f00c2801e887422b940038b9a66f393e11f612708ce26bcdc34c44a2ce5385d5b118ed225507c2e4dc23d78b7e3a
SSDEEP

96:x0CDZIaxaI5pXU5ntykWvkjBRDg2ove14cdD1z49HqCOpqX3i8xZaxGeGyYbODJn:a4xaI5pXsAk6ve1/DC9KCo/x4ODIQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9737861-BE61-11EE-B751-62DD1C0ECF51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2976	iexplore.exe
2976	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 1724	2976	iexplore.exe	17
PID 2976 wrote to memory of 1724	2976	iexplore.exe	17
PID 2976 wrote to memory of 1724	2976	iexplore.exe	17
PID 2976 wrote to memory of 1724	2976	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7eeedc288ebefb99ca7380ff39e16692.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcb9d24e565b021ffdbd6dfe97cd7d76

SHA1
f9ad0543ae1a70ab7248af66cdd3b39049e4b2d2

SHA256
4bf03f155e77d78f1387e799abcf75d5b79966c022b4faa84f13e76a0b44132b

SHA512
c599c2b976bd190b48952a57f671d9555fe49887e16b54d85832f4b2ec06244dbcb3dfcdd4f0fd1be1b3ebafaef988b2d54aba06fa7ff085fd19023c004da8b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82ac9d5d1a272e714d6874025abc7ed4

SHA1
e2dd3f187f2998a4e228ad5fbdfdb18c4035c617

SHA256
e8f29d19c12b3ee84966a9e8bc02ea883521b46c75ceb0f1fec9fc0fe661769c

SHA512
6313cdd31b537e84e85081cc22ad5f33d6a48d9df9b8cc9a0ebe4357413757d16bfb16b42e47247a69a7f645dc8dcb995c7eeebf72f718a7856cc60cfcaa4631

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13dcea235c5de9c038cc503890813502

SHA1
788da7e8d219141b77b182f7d1b514ff39676ea7

SHA256
aa3c2bc7400378fec815136832da6bdc8070118a243e89bd10211e2fd8713ded

SHA512
63efcc1169215325700e8195cbae53a928ae9501507333db604c81fbd4438ebfbc00358bd4369afb3103940191e4be32d1bd9c8c56087906ecb821bd496818e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13569a0907b474fed424707bdbef7537

SHA1
13ab052bc4d126b994ef1d725afacd521b0c05d5

SHA256
dc4d6ab6485a9a12ffb2dc7527856931dab9a73bfdbef6c72087442d5f8d31f0

SHA512
8c6b00f70f49fb50da6ce00f0625fe1feb1fed8d424b58dfc1d6d38640405639406c1bc95c6abb84ecf9e7f12b87238a14f8b5b122bd12cdd92f73ba325ad2e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
154ac1caff3af460d6e9cf296545e78d

SHA1
e52f1ccbff1329f13284614fcd992cfa5c0e9389

SHA256
87ac1586a00ac71237426db4e02c9e7d04e5fc8e9ed595a87ca87d597d1079a2

SHA512
5061a128388bdb93e78d55625ef0ad31f442f29997f3d5d8c1eca8f1d67173817bc2873d2a57005eeb91bbab091aff89c691c15efa004e69ee39cb300f7cdfd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03396796d53e49cc45ed0438457b9281

SHA1
7d8c3137102f64d43a33a56d457ff6de214961e5

SHA256
35908ae49c25b86e992a1dd489bc60cc2c89923b12115eacde94224259a727ad

SHA512
342a6daa3e4d8c94efd77732d39f9317544c02bfd510a10c51817a130a2a077c4976a8bd4b78beb2c429944683ea6eb0843e699cc5829b99e8a80b0262fbce1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
082e64d664e4e08d342c0cf55c62489c

SHA1
f703290d1b8b51de6208fde4438826116e786f61

SHA256
e7a98f6a2db46a6b02f29486078db2cd924ff615c174b6edc9e675cf0142f9e4

SHA512
8b9b8ba403b32def43ae54cf77c3fa3453e6d31ef3457902f1521249ec6576bcb252c6537de32893fc7a677915182f484aa32f356ad82408b0fad0cfe19bef68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f895d10ad6b15f64d4042e14c61932a

SHA1
dd28dd925967e3c6ce80eb834edf328d1dacdaaa

SHA256
4f3bd021a92a9ae6ac6850147800bd6d12641ea1641db4682bcef901352506ff

SHA512
c46ff70fbd7e81ebf37313c432fe6f89a01f29ca03cb42720e0d3a1d7b88bafbe5a8751f7a90af9fcbe93ec80082817bc07d7bc65e8a413a1b95996986ab7fdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b90ea662ff190a27eb46e13af202ca4

SHA1
5cbb537aa60f58b466fcdc6a87d00f083c6578f5

SHA256
d9be9369ffa332df5274675e80cc2b1e9461025dc58b1eb7fb78b039eef1c404

SHA512
6801ab705890342265e2e559051caa9cddacd2ab14efd3d4929b7b6d4f36df073ccac80878f0c7634f760765fec0796f604893c2f7497839fb5ca845aae3171f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e9bda7ae52e61f70540f9142f4f0f17

SHA1
2afccda6fc701327ae5b4d34a6c42fe2b1644158

SHA256
590ac3ddf97d1e360537258afd0921aee514d3926c0b15e31ccaab540cd78813

SHA512
fd3b217ac64adf668f6f1e32278f04380c7c907b174962b9c31f4f87d63a78be789e8acd9f8118053f2f4cf3fce83a0a6e019d134e28dd6a0cfc9fe8ce9f6848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71824da2db3cca7e1ef813fe4dbe57cd

SHA1
85f455b95e7fd7ad8660054c73819f694dc9c530

SHA256
c104036c087c42e9327a8b584df0393a4c7fdc41b42f14d662e0068472b86ca9

SHA512
1e6d170491039b908f3b41e23b2a2eb3308d535a80b7af7598225f6ce26f4ba7f3b8e8ecf8175d2360d021230c25960e99f3d2a4e7ca14f0e47f8210ac72b2a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08c1fc0d9328912d52fb6ce5c36b491b

SHA1
50e3e663d4e7c49b4cf31678a7e1c19d25f5b4e1

SHA256
e57496b42edae6f15fb188094d73c54247d4e6a60f60ecf0948684a1dce28a06

SHA512
478391b908554990e164dbe239ce3cc5fb744151d95c8f0eecce0fbd8479db81db25d1dfe8b83afae68f01d6a9a86807b34d7588def3460a258cc2295554c4ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62e3be1fc4eee5c2f5f08e11ff25e867

SHA1
92a4337228b02158c5ab6d2992b3dafdcd83f35d

SHA256
44a255bca0654910ecdbe0dc3d30f38dfbaa531d7150d549c66b70bf33483466

SHA512
f13709fdc2d13aae140f0bf46493ea7a06f05ab570cb3c7789386f618767c199f9cedad17fdfded3f7fe39ff5a064280f70668b74e33b13e4fb6301f8d5dd14f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8565d7d221e49cdf5de1029ae08e6bd0

SHA1
78e679664280900725a71d1dde415555b6d7015e

SHA256
442eb5da2b8d0c89455b6a9d8799fea1299173c5bad91f28004a922873bff382

SHA512
eb7d0da28d3787205ab35efcbffe66116b77b54050892195312be9e2c22d54dc0b3376888d83d35e065df06b0c001aa0ab5d5fd97a71173ce31666a6628de44a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e24fe6495a858e83da12b78751670a9

SHA1
45580e9fbb0e911891ab6cdb526db8031eb0f9b3

SHA256
f63140ab343eb9c3bb9b9d5f5d72923424b5f75056f90d7a51790196552f7922

SHA512
00cb7ffd5dee5a37b7a27bba18c294df5b387b7e6071001ec169ec2a43d3a58902ff05a22a3320014d9d8443dc55fac78aaffd35d2bb31fb882b39847da5bb77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b649dd586d33192b88a4a2fb4dedc9e

SHA1
60ef951235ee64fe47567a65079865b3b3e8bcbf

SHA256
e44aa26ed71bb718d2c4d36bb87b92ae9c4ea76aae1ffd8c305d15c4347c9605

SHA512
bd278fbd75069a1cb1f7982cff1f61a1c5805b77ec7b91d6a37aaaacb8989983ba5f210cfacdbac3b81b514e5d4e95668eafd7356157e2c01444ed8351703356

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b56ae4f6450d2837d88db75aef33911

SHA1
158142c09731c324891c1ec4b4444db12106da5e

SHA256
06edd752bbd972e2e2a776b3237d9a468799532428101d53cccef58a5a82d21a

SHA512
8b77f5b39f4a6af224d69140efebef1ee23ca6bd49d329bcda3779eb63f864c4172a57a05b9cf3b27b067ac401c85fcea3aa933c26f65c3975e0d88f3645e55c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b0c696abe411d0f61e3f28cbc9beae3

SHA1
5fdfd8504264173a2fdf3fab40b91e3b1cd70bcd

SHA256
b7dbc23c333a9f02700bc6c277db2b664f542532f2de1f2251dbb977d204885d

SHA512
662a89ef2cb42bff386b16e165166bafd71f20401ca281c02f30e41f169a8629090f9f069887d3f3cfd6e015f9e58fafc4dff1ae538bf924245877a7bb24594d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab472F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar47C0.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit