e5734f6048cf87608c13080b9f7bb9156e680d6e8356fcb5951cf3ba6c8ebf84

Analysis

max time kernel
146s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

876e204811543ef9f451d273bd534210.html
Size

57KB
MD5

876e204811543ef9f451d273bd534210
SHA1

f04011c6ce14a6b9dedc42ec26dfaab8523f719c
SHA256

e5734f6048cf87608c13080b9f7bb9156e680d6e8356fcb5951cf3ba6c8ebf84
SHA512

e6d40ed28b8dd4f48dfea0fdac9f21346e0dd0896499a63efb5ac2f7b094ff4fe64c972dd712fa49342c3e5cba504f422bd0f72cacb1cc8f27d12b90f2d03bbd
SSDEEP

1536:gQZBCCOdj0IxC506NgZV/sU4LTPNmXZ6CZwYUQyODp2mlfMzwCGyjo+RjssPYPQk:gk210IxqNgZV/sU4LTPNmXZ6CZwYUQyA

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e91786640000000002000000000010660000000100002000000034e95800311af99c31e77a9c66237afbb7d7b88825e6ce5bddecf070f9a280ac000000000e8000000002000020000000b613934e869e2e0f0995305af44b80b882b8d642a642b1f8fed60cb8d5dca71520000000f5febead0ce9455817803d566a9162e9accff1a09f8795255cd75545079f68c640000000128e871c7081884eb8494cc512a405c9679e0ffa71c2443a095f7848acbcfedc5141345f2616a1ea4e69504228449edbcd683cdad5d7da782ab3a028d273316d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0cdb3863155da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98D298D1-C124-11EE-A3E1-DECE4B73D784} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412969211"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e91786640000000002000000000010660000000100002000000077c39a56799f8563b7d33560fbc71b5e7e8e1bd72afbe55d332389fa5d8a6c8f000000000e8000000002000020000000b0bad57d7c06c60c8bfb05c87ee01649b1cf2a7863b02110308430092ff1ebc29000000060e3ff3d4545769134feb8b4103a386d9dfb62d891caa0d9a6a4830797a520db01e97dcf2c553f19e2d322c4717fe94d3c27b2d648c46b7f0240756c2c3741b791d7ba268e7fa938b27c9074796e609e7211c6d747cb2312c3cec51c07a1325e09bcb3af25a82f85f628836d2599fe38ef5acad10287a0388cee8270c11f40cf73e075504d4ee7200efd6114c0d5dc0e40000000381804d7f95bc4988b1993d46cccd1672c7d1656b0d884e1e84a86780ba8ef2bf81abb8a559c72718cb3ef0957e81fb4c76d8c6a32a4522b8bb5641e3c8ef0b4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2336	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2336	iexplore.exe
2336	iexplore.exe
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2884	2336	iexplore.exe	28
PID 2336 wrote to memory of 2884	2336	iexplore.exe	28
PID 2336 wrote to memory of 2884	2336	iexplore.exe	28
PID 2336 wrote to memory of 2884	2336	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\876e204811543ef9f451d273bd534210.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef8abcb7c1d1b45895da98c941c2bdd3

SHA1
fa39d756e0b03ade306bd80411c1a5ce38621a24

SHA256
5e6ee8d2392ef7f23a6de8ecf247ea410fc398f75042809a2153a30f37502d64

SHA512
1b001b03ff50224eb4d661758d2b7bca56ae0d7e795c639d22cf24102ecd7546f07d4b20d7ac74c53574e0d17699e9a8698d54c1ed089310704c0176a2237bf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c87bea640839d6fc1c237301affa96be

SHA1
10f9c2755c75aef50b91c5cbc49d21dc4c660f3e

SHA256
887fa159fe63cbaddf5fbab276437037099ee4862ce98480aef18f2b422d0d3a

SHA512
9518373f12b4b22dc7bcfa9204a923e5a82e9229a29dedc30f4fdc011f74ee6fc526b7fbeca78245c556baebfd5398605312e391439b87eba3381ac265722d9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e0b991ec46fcad822a360f8f54b834c

SHA1
d714b9d4ac7d13247c0712b9f160f77a1670e221

SHA256
da3b7a5fc88c1e4b51126c634faeb768ce7868e4c57ce9be6462225e9cab7633

SHA512
eab56604ca7f570c6f5c5936216e15c7f8530eb1c804ca52b64629b87b18c3c8f48035d988f029bec56620d5e75bcbe28f5d33f9666cfa93fe6698cbb8d9ded6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a5e3f9551074752243698d064496f6c

SHA1
c7442ce8b2e7065377ccc664359f0d7456df9078

SHA256
e55b3793c981e38973a8b1fd54e5f803742e7f7b5fc5941bed12ff6ef6daf0ae

SHA512
c1dabd61825955361a263e41a33dd7c05a4f03808a4671d4fba3ffcaed0ea1b11f85ebf2b52302e484473f0dde60e3596b18e18dea2d1848cf7f77ead13417fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fa9bcd3f8555a2d5fbf155978d75591

SHA1
2394fefef13713e59b4ed80967918fdbe182e223

SHA256
ddf3335cdfa5b03eb1fe3500634e674aa7b99750569d76b83346c31e6e858388

SHA512
242bcc8dc5c3cf45ec5611ce777ef992b688263aae10cb9fab6e3a858d0da4a332ad8631f9b5f42bd3e2ed6a42e212659d6fdfcea7eac0611ffe7cd9c62a37a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93e5eaa6b3905668cddeee7612c40f2b

SHA1
dd386ef07b3038ad8e96d959109eb7dc1c04e87d

SHA256
bd270a266556429240e1a1a572f05605dd0ae94c0d4f6969fc4e5058297973bd

SHA512
0fe0d24be32f86eebe4574c85488a7d8ac0645f847de5b930cc679863e824b732504335de4acbe62d79d55102110e4e10740255ca7871aaf097082938e47858e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf4dece9bb1c91484ccd56f33f8e71af

SHA1
6f948a5babb9dd24962ac19263f293a8b5d57207

SHA256
f1be3dcf876555e029bf2e9672789ddf70dca5205ceb77fa6fbf3ff93235548a

SHA512
f9c4722346ca41d907d8bf84be69493e156bd6c2dd93cc930e6136587f37fa92559185d9badee40f261af745173529e49bf7cb98e22b4c20438515d206bb7a94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca118d288191425a8e0ef35a35322786

SHA1
5f518a80ae1f86aa51633b5081bc49fb6a763808

SHA256
294edd5cd2ac45122ae64e3e6fbd9cb3a0de0437865d8c6027340813f8837998

SHA512
c043ee2b36aa3e652fe9f5359aa8321eae54e26d234c24c0d01eb56158cf35f4e5f26fb87a1d0468d67e3ff0efd41f1e3b447d7c4c66517dccc0d1b13f5acc6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
936c961787b6a7ae9e664374c074a172

SHA1
1b8a5ee7c11043773587dc0e4d2f3c34e4c0699a

SHA256
b3ee9871c85897244a710460a4fe75e8ed03cbbc0dc24b73ff0d0ba1ed9f7531

SHA512
672d3e36cbf927eb7c3b8c0a5373fd010b48c6ccfec5ecc1a2be76cbd1e955901918d5dcbac517fb5a2cfa5491b285ed257eee37a13bd18622ccc633fadeb78c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94f44257dc345e63ccd8e3f09d3d8971

SHA1
2413f96cb859143ab647c71c0ec5c0d4d369d836

SHA256
c688812f26980133ef80ead2de48ac8dacff2778a0ba112df9578f750a5d21a3

SHA512
b0e5b687a6f7406fa1c5763b1c90f38228a22c6b5edb0fb0bdf6d2d909297fe573e27dfdf6e25bee17054bc86a87b7d36cbff6ee01c4dc5f412cc6bffbf6b005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ac7296ffafb9949c4138260a6294014

SHA1
80455f293d864d633dc0b3a2584fcd39e9f43386

SHA256
29ff68d050ac680e3cfa148f1bee417018dcb94bb8d8ce7597b9e85763d2976c

SHA512
0c458c4504aa12c36c4434f416d0a223f22abe92e3cea02a60c5124775269bb4d8971e7a7ff07770115ce51e0a117f48761e36d67b2441580aedec93dea4fbff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8328782163cf8893fd3a0f7bf55a3567

SHA1
98fa158c7ee8009633df1994d3f3831bc7da1f6a

SHA256
09ea15e572ffc0218262b68b95872167c4841bb5d9bedffd4d27c80c89ccdd0b

SHA512
5beea1b7bbd2f1401337c7ae1d3d3f86d298d19e4a81f2c5748134e31907702b71d2ec12c8f5d4bdeb347fa1c06ae95aed90d52b8a03f8cd150e83062e48ddf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
546c37243ced25ac5244a5efa7ddd538

SHA1
ccedc4b02b20080225c85e43a967f361d3d30dd8

SHA256
44eb6c50abae14b74b43a272de561428b15cc303a8808f71be5d84611b5b7895

SHA512
88cd890db1fbe2e81b27fe7a09ff1bd7ad7eddb2f236afd61373237c610b1ab51edaa4353ddf193d1c35abc23b4d7add08ca7801158a30e1f56c33010457d9c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b674ae907acb4a3c02b3b0faefb85e4

SHA1
f4fda0fbefbe4f811a8de4077224c6674568054e

SHA256
d36c973b7dc28ee6b41c7f5033ebf3ef245e764084338383da09cf11919fefcf

SHA512
ff3130d0e981bc0a9d9526290c5bf7618db52f3eacb70f25dd438abd60b5a20a0495f14f634004b11cf69efc487863773526ddb1473a9416c073d37a704b08c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e5635af378fdcc9a96b462f20771dc5

SHA1
4d7818b97818500ad38c3ed67e37756f17a51dcc

SHA256
18d8994eca706b81da4170a421d60dba0bc29996109437491200fa2648f4fe29

SHA512
abe53c5323a4bded5cb5bca529d89f1f6878aff6e0605e0c5f32e31b306b3bed5ec429e000e710ad3f727a33468a1f9b3a6bda4f1f1d4c30680ba03af2ecc417

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78d1fda6973b040370856010b7552728

SHA1
9023ffe7cbb20b17da7b40ca8b9a97f26d1937aa

SHA256
844e9767e34794c66b7083ef5b83fe81fba4ef38dfb60f1262539893e1c46e9f

SHA512
9fedb259a50c086444e3df24ce17c304d6513e29451f07640891c4791162f310c79ce427e9c9b8e7fa872c5efb6a356c934699314a0030f579ae92d48a1f7ced

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0a70662aed221071984b823d5965b5b

SHA1
4b4d9bbaeb22ee0067508d203bbcca1aac4a970f

SHA256
a7cc2cb74a258fcd9ba8f2e77955829778c568f4a2e3e024a5a820e42e6c935f

SHA512
e9db26036444e9f7295e1d5654ddcb8528d6e3bb105f7443bccc8de3bb468bd98fefa81b330154f849621828b6f422ada6cbd2943df43ac13519cf5c399961e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4961.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4993.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit