5de5f342e04cfe133080864bc8401a039bf63bda6a278cc2f84ca7eca0346707

Analysis

max time kernel
142s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 02:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

95f9ec189617a4d728204b4350df97b1.html
Size

237KB
MD5

95f9ec189617a4d728204b4350df97b1
SHA1

d7c6d92ec7752b06df612c13ba18e4256f68a38c
SHA256

5de5f342e04cfe133080864bc8401a039bf63bda6a278cc2f84ca7eca0346707
SHA512

f05057a09773cb9386390e1bc2e056e800ccb4bd19add658e84db1e4429bfd481d8e1f1ed9678bb265184833a873c92a5e517c958a8a9347a2b16d891122539c
SSDEEP

3072:PeiuVFC6+d6e49b0v14FLvj6233L14Ug2IlumHKQuTcqNE1Bo6JwC4VjAMvFFk:KZGMb0v14FTfHIlbHKQjqNEVwZA1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413865992"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93CA7AD1-C94C-11EE-BF7B-F2B23B8A8DD7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1204	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1204	iexplore.exe
1204	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 2172	1204	iexplore.exe	16
PID 1204 wrote to memory of 2172	1204	iexplore.exe	16
PID 1204 wrote to memory of 2172	1204	iexplore.exe	16
PID 1204 wrote to memory of 2172	1204	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\95f9ec189617a4d728204b4350df97b1.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
71ae54e638d90bb900e726c50e673536

SHA1
dd3f0ddc106036845e378f916bffa0837935bd1b

SHA256
469625e4977eeb3bafa8cd4ab692670bd35ea4236b7592941772b3adc915c425

SHA512
12f736e40f2139e85783ac9f2af5f506286217f3605e15a17fc89eb03517aa333f5ba1e799b0dacb31b0a3538815d5a747173f13e684d2446881fe2eabb0bff2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_31F76613FE0A74A21C6F79AA5922B05C

Filesize
471B

MD5
fb0b153b1d1a7803020d2c2f76ed0eae

SHA1
4f3d0ff8474b25d4b801a758dd7225dd27d083a8

SHA256
8422b31ad0923d71a0a8d8d5bd62efe038276bc255c8f2a3977e6ffd45bb50e9

SHA512
0e4aa5a7432d4d644f5b342c64eb5253be840a52ca5ea95dad28c06a2d7e42779a32b0ec4dd044390c5edd49cf250e387e280ded638ea8949fd0338b693d4554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
3df4710e07d5fb11ffeae0b21f95f75d

SHA1
49791643de5cb7d16cb3367f971f293b4321bc65

SHA256
a51dca1128a815329d9f8baadcb04cfbb85f70ae72f2a11f0142321d0277e79b

SHA512
d9cc9952e8dc43780261539ea65acb2f3900dbdb84dc5c400ef61e63126fdcd2f4a596c4409b81fad1f69529ee934dbd4d36ab70ce5f1d70ca2a31daa1276a73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b40509a3aba643dd03e0b90e1a9c0db1

SHA1
3edc508f770124db9e896d264b58415dfe3678ff

SHA256
df0f36edc2b9b08f14688cfdbe13c43b28b592d871d3e8d15318d17e87e742ef

SHA512
1a942d5c9d160603615ff593d1638c5a028643816f022d40e4624a46f9af87f886e9a4050e74e10ba4363244903d307594c45c8d11c27cc929ff92233c114519

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
495ca6f8addc4207e556ed7af3c80ee5

SHA1
17cbc41d1f8dd210ad8157772c9178c37576fbee

SHA256
5394e78a63623e7a31003f76787ff12400d20834589338353554d2b77fa22b3d

SHA512
2f19606529b6bd21c6d15c1d20ff5a0d3bccaed49e3a0ce6ddb4f2d739cfbb420447eacdd9badebe48b0ae2281fa8edc915fd2a01119ca705128469a0d54caf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
777814b5386431dcd607cf208f3e5dd4

SHA1
484ca36498dfc22093755bd334291c95ad399fe5

SHA256
500fceb485aa41a71d1d965b97d00361c23f64a2adb67c1e4dd579e1406fb189

SHA512
31398f58003f4d5ff0d9a104c200ecca385aa18aac136f92317fefebb5857cf6fb1c99b0fcf25195e84c75080adfcf7a35ea373f6e7e026f0dfe33bb4b104b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cb3862fad6b4921f1eee16217430f95

SHA1
bff2b900eb6f6a93df5b0187ef8b2f307422e292

SHA256
e923abcc60f40b73ee19a364c9b8b2ccd0decea0d91bec5db0a946c886cff600

SHA512
3378627d378166d9406beba8880a2cf5c99f9b78b0c7aa99522a2ecb1dee3c98003a7ad0a66054d050a4a3e279e8318ff3939122776bda89b5941d4aa5eb90b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b1ea15903cb22ccede4d196f15ab49f

SHA1
3c571087b97a5363ef615acc869f15a756d40f87

SHA256
32b0910fe266959235283a9abac7640acb802c342192c3a2a3878dd269813567

SHA512
0daa4f825dd3e8ad82a91d8617cce25ae0085892b2623cb523fe3c5b5e51016627ad2643ca1ffca96fcee70c9eb624e1077dd55292a1248509a5e6885668da41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0189bcac8df9a89f71e31344075ab282

SHA1
c0c692712a5d554adb49ff76f6f1c4718b407cfc

SHA256
a0457f171249d3c9eed4cb76ffa745470547138ca6b65fd3b8e8d73af142e36b

SHA512
b7a7176836985e984b50bf9044f098c41bc788c5ef9f78068e87310f3ee69204a48db0306b70ef31c1e27ce416881f496bb5082116a2225dd98a110eb99c6ec3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac7d94e4a96ded23a6ef55b0458f273e

SHA1
3ee3487eaa04b43f3f904694578a127a69d32d7c

SHA256
7872494bb56ba3c9da56c053847910c8a3c80ab9e1f77d1187675d37807e93f7

SHA512
cee2e0f2d4de5f30b8d42bbb80c89d2b4ec3c01bfb607f384b29107170be48f1e4c72aa88d63e692096350ab4215ab545f29e96bf14397c41d5711cda0c58e18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c6fceea74528dbc2404dc195d0b882a

SHA1
a2e2e55b30b1d963d31cdb1bc116e71f73d36808

SHA256
0c63f6f868d4760584fb2f1bdeb930c554f65c5a69430ee49e469c9bd033a6ac

SHA512
73cc1f50a0b997c2375c54f724c00fde8bbc58f27b2a9d6bcdc969e8772581c1889d531c7ca8043fec5ab68b8949751a5018abf6ab382cbd9a006403d236a2ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82a1f9bef3be9b6229887c31ae19960d

SHA1
4d9717c24897ece9d20a77c6621332b6f0165566

SHA256
87239d454fde65506091957f70795469d98bb06154f0d35a66c59d50d1675bd9

SHA512
35d400c7bbfdf83f02ca9fe4b7e9a602aa8d2985579bf64d1a1d7fb9f340b393c091924affc3bc6970112ebd8af1ccc24e9da3e3a20f145726480b6126ff5a97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
190f08efb2d7a7b46dc0ed9962a0b09c

SHA1
5da810dbeb4e92896fb1b84c7e43aa8d211f3d64

SHA256
9e4fd44395a91468527fbd8e221ea748700c3d904e23851d3f8d99da432b0415

SHA512
a2bea90ecc2489ae1cbf0fb1e09dbd4288daf8d9b67bce82af7ca3f76e5d521dd4d512f5f26b94cb08f188f2378713a9ee7e92a30600bf41b5444c1e4a8beb62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96d2ff664889e72a731d834b8a8b2c83

SHA1
12ccb402f171407fe865c19dee62ca3b4638850b

SHA256
bc49df683e5c8f443e16457c16ef9225306e3cf2fd309f2fd9ee0835e2f1b56d

SHA512
3974d296e34333bdc51c55de5c9b7028ac7fab48ac04097271ca2812897fac17c6c49ccdbbb18558894996c4090a45481759a331f8e8e6e6dfd058724af54bc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
fa991161008ea6607254b30084e48084

SHA1
3a42baaf8a4d0489dba78cdb275a5df72c5efffb

SHA256
12dfab49f5f8c5e34699e8c31dd8fc862f0972c0feb918570559d999e51f1e41

SHA512
2d34c0312faf2e90ffcf2cee12b96f11167a32640a561747ca102c5d297dc609a0164cab179f3dd1becf81aa20551c2426d94985f0aeb02c335fb9fbecbb1a62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ac845b429956631fd2effe28c9693555

SHA1
4a77177fd81dfaa282772d64c7cdd2997c0b6cc4

SHA256
addf85e755a0c3cc3d8d745e2b7fcfaa6ccb229cbcc4a894cec07f7436514db7

SHA512
2854d72090a52373deb7e2c7d1c0f236c14f6a52ac14e54bece04b8f31830b49744bbc9f272141453c9f0c179e74bc3f46ecd79fe8dcf1946adc4cf7a1535bf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3D6E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D90.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit