e08bee606422693f29a68fef84cdbdece00e1699f70207c644314e3d578d2fad

Analysis

max time kernel
0s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

966e028daa87d2082e9aa8eff6a761be.html
Size

6KB
MD5

966e028daa87d2082e9aa8eff6a761be
SHA1

60f3a418a17def449a33e22f145d57e58a9f8486
SHA256

e08bee606422693f29a68fef84cdbdece00e1699f70207c644314e3d578d2fad
SHA512

69a37034ad56e2061c6f193a7ed12d5e88042e155d08720db461683dbe0458404e1ef66a945969ee51b0acb6cd9a469e11ff328e2b16e425fc585293a8bc19d2
SSDEEP

96:uzVs+ux7fmLLY1k9o84d12ef7CSTUSZcEZ7ru7f:csz7fmAYS/Rb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{204F7811-C96C-11EE-B665-FA7D6BB1EAA3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2112	iexplore.exe
2112	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2268	2112	iexplore.exe	19
PID 2112 wrote to memory of 2268	2112	iexplore.exe	19
PID 2112 wrote to memory of 2268	2112	iexplore.exe	19
PID 2112 wrote to memory of 2268	2112	iexplore.exe	19

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\966e028daa87d2082e9aa8eff6a761be.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
  2⤵
  PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c61af2d5626a725668bccfbcb6edbec

SHA1
311f6d5ffda851190b618f6065ae3dfc7c36b03b

SHA256
ef22066bde151c7d2b08ac0a776f6a4048ff6af97e30163ef0a91ea626ab36b7

SHA512
1b68c19f00e7e2dbccd179f079f003ab8766b47129f6ba35eef8d42aedc618082a9b754c0f70c0ded73b4ea73d7a41e969df38ed0344d93e0a23cbcfa8f1e4fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab5a3a0236dde12ba22f725e7749b490

SHA1
40bbd2a1aa6474da111109efb87134c836988c28

SHA256
d4a81ab0547d8e6466ba8a0e153581c1d12064699be704042b618cb28b5f91a1

SHA512
409a358ce558b2419b5202e5d8136cc4edc3022088d06cfd2da221f5a7dd8b61888342a92ca811277a5fc7fff526581be84b67b1a4a17548170ed80e5ae68f88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1157f383b54ad728fddc7a5dbf0df73a

SHA1
a0dca669bde411b51f484375906f11d4c17db004

SHA256
84f84fb56802b832d3542320a59476de8c5a4590e299e1a51b5dda74896a9175

SHA512
f3de545a0741f30e665495115f52c15a512fce4ea5ee956e03aa6161f56aa4c6bc186162c38cccd075c647345942a11cdfd12bfa9db2c1c54fb5f3d6a8185295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
272223e4a45bd8b4e59c78bf6029ec16

SHA1
230635c293c4ae3ddeebb02901ff54ff64d384a2

SHA256
18046ae97f3bab005d45b42142ffd91f8b427f319880d01a3123416030c36bf1

SHA512
d120d680cdd1e619676822fc3f94406c50a03a0a4c5efa7435a1b24f391991199657b40b532c2e72e40fbb036adda227cf6a26d9f93de443afa371cd45f22c17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8a595b3d9de1d9076cc710fb0d330b9

SHA1
de692e551a6455168012db9f2b20950eb341e868

SHA256
99f22176204a8a2f731bb4abd867f0d665b573043937ebba6ffb029f506446ef

SHA512
f03ccb5da9bed8bb4b61ea310cd72d997f4b598ca43e5486e26f15b0bd354d26cbef999c6a8be2d97213ed36097d73b47f668113a615e086b9e253ceb2bfab81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49e5f26dd36d5f2ba1d1dd73ca909724

SHA1
e00f9a14c94af9fc7eff671fa1a827b9682fcb68

SHA256
29fb40beb7af2310f94ef504b52702a301059a9f917b7fa6da5ba12c4eaab1b2

SHA512
52841d84279b839a9789bf1825805fe72342c07bb6476b77825ed210f7631f27e40eef5b18229ea7c161b99f9c0ace3193f6cd073630f794144eb3d6519b6c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8555879f827a7cdbfa47a4953b0f273c

SHA1
756d2d21dea550a6ee05195e414e0bcef074ee60

SHA256
54f68103484f712e08f580cfef0be7da37146a0cae827958991239c6cd5fd44f

SHA512
17a53c4bc3db9690707db12424ebb339b29cdcc908cf8d0fb267e3b5d3d1a9126f3f2a5411152d799aa6e8e3d1d327f338337df6b091cc42bfb2d5d89686b700

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d31bf1f7879a1ee30ec2dc6b0c097c8

SHA1
9a199e5f980035af4ad8d9047c37b90c996f5354

SHA256
9a8edc6f0bb4aa22c2dfafa5f72c086dfe0dd05ce05ea55c8203302bbfec8ac1

SHA512
83f9e333a2b0ce2a116ffc2bbeceaca4445a63da1bd434359272c0be7af6bd02cc92b169d5c30c0a33a83b8de670bc62205011f6ed96710ea6bc846aa8dd13e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8502560df1af0051c38671471262a9b

SHA1
a1be2e9dc4917575a3df425d3abe31d6e84a6655

SHA256
d531febe85d5d1b8d52a3a632f3ed5ab842e9c444013e1e556e59ff47a60538c

SHA512
fed06d19be6db815256cc7f9c0d6acf7b9083d4b19be4fa9f95eee36515ad7633369b26f697b510762275a760ee8f05e3111a66e06884006937b8cf0dfcb4e24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8af25d49283d5fac5c41a98c9d7a8f3

SHA1
2cff36f538f174ba817a612c87ce2c8681509fd8

SHA256
85c10c64a08923a3563f5a97917da7e4fc2130232fc5791fa449d9896989c408

SHA512
a178826dcf3d23d493e2274fef112ab8752b11b55eae64d71d053a6f6343a722ebf99a38662bfdda16a180ac586344eed3c746395595ea6fed154e0a524c24af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
705485642fae886e77a7ab333b5e2155

SHA1
78b6dcc35b945e040251c0e4a462d7ccb5673367

SHA256
6b7b1932eec4135c7d7896cef2f82f17d27a83b3cc37a5fc821e822e999cbab3

SHA512
e46c5212a36fa803ee5b8fddcd0c7aa09766147228b1b66d4aced126721598236da25088bc01fb88a4108b83ddacfb5ac39086b8174814ad1e96e0956039b37a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7db61b65f69009a15cbb17cdff7497ae

SHA1
e1b8df1360007023ab97b44ab16313a1ae4760fd

SHA256
2b66ef9f4c751e685c2443cf5e7434a773960e997e7d5da912bd1520f5cbc813

SHA512
2335b7c0efb6c98df52445903d9fbafd26bf7d122778f556c8c26c98bda8136ce7d60118cf611a373fddfdb52394c06b0ab385dfa31fece13945664fdc5d8057

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91618ca4bbae781fc499ebd6ccb54245

SHA1
56e2d8c6750e19186606552af12b4549975ef1ca

SHA256
34ab96ae30f71e7214243fcac0cd71cc7acce1f69d31bc7439c59fe390cc6e7c

SHA512
bc77fe1eb251ddab151bc51a9c3f2782c7b5a1f18c15edb3771650c15985b22fec436ef3ec5c0be56d7349f54fc61d41a41bbbcc48eee649435d57cd9c4835c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e42d6f774ef61ca225c4f0992db40d02

SHA1
61b1ba75522e739043ddd917f89281ea515ca284

SHA256
c3afe6feb78b3b8aeddb7997cd9bdec2eb8b83632a97863e88efdf85fc6ebd16

SHA512
8b254e309b5a3fd51313dcda331f0a9cd8f1a667d2afaeb84b70844d34ead2c4b438ffd3f96273276d0dab5694515e28ce8959ce61893abcbd474a0bdaf40d74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db357feda82c1ba04eff9f287984376e

SHA1
84b5c305d55ca01a413aa8d6e3569098099b4d21

SHA256
52664e84fe1d377c17e759a9d804818a2c378302c1acf0668ada4de001ad3508

SHA512
5447f718fb8d9a15aa3d4d502e4279ab879010cb90d79b3223e307681dc140d63be08d8de48f02f1a5206c5ba8668c75c7ebdc78c73b1dbef38206f5a119aad1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c6a26ac8ca3691c0dee2f256b4cd0b7

SHA1
1e93fd4a3fc4fdb717106b091af72cf2985c2059

SHA256
be7b5e0de50f4b876298f14fef514d0c2c5ebfbe5be271303ef0a1f13ae516af

SHA512
f97f08be5868684cd49b9e625c4f7a7046ee5af0fe659709569cef9a2e759bcb5955ea9dcbdfc96224348d75d79750228939a7ee7bdeb019d52173c5564de455

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d8b3483c6d24fc891e728441c6c13b2

SHA1
2a11100f9a0f2c58c93a3519ef48a5b507a93c39

SHA256
6683380b1465670075eb227678b3e7986bc1dd01e588ea08a84c67f4cf70f1ff

SHA512
852b5ce99a9ea37e9ca3c3ddf15ec6a4ce4fecbba7ee38c07a69d457031772f986f78d1e6fa83ce53235643a3c047d0dc1d53b42f8a26cd853a11493c57ca0fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8bdd68a1bca32b1f9bf0b72374c8ae1

SHA1
228199167ac82d64359ce1605554b3100106e20a

SHA256
32dfab1fb25e0529a4fd1cacb2e703ec5fd9249a0480b59bcbe8ede47ef21ac1

SHA512
41db641c7ae38b7f988c3f92ce57b4faf8d81a29deb6075760dd699d4c8ac434397d44513b8d6d98cb5258eda1a6656744dec9f8701731f524f4038bfd5e883a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7924835a51293f5fa232a9071048414

SHA1
a9dce5e5bde35ff9bc37bdb4af117ba19d1c2c4a

SHA256
4b5b9b95e5701d8bff81e06351d6ce21d1e41b2d2c82f0181cd01d537a372246

SHA512
a734266b9e686ecb138266f5a4d9d214d2fad486f3974990b45fb8e7e2af0ef32a896e4847b8f80c220d87aa5c1abc650d1d787615931c78b6a8b9ae1edeb48c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5A61.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5B11.tmp

Filesize
45KB

MD5
cae17bc9c5d74e0e1142b20a7889efdb

SHA1
cfea5f7d29a7dad0a1a25daf18a0cd4cb79cac86

SHA256
4d74c7d252b593f92d04a5538ff5688a4ec720ab664ac723512fbcfa3f5ab691

SHA512
42ba66aa767f8a15ce38f9e72990fe41e4fb2d7266e4334be0bcb7db7ac7eb38e7f3b424bb4fc5583197257e9fefc11ab19285f0881a054f338463fefb483dfd

Download Submit