32605dafffa4f34cf46881e152611c90d0dd7569bdb80f7920a194ffb47f099d

Analysis

max time kernel
5s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9871b67c3a81cc76f44a4434414680a9.html
Size

99KB
MD5

9871b67c3a81cc76f44a4434414680a9
SHA1

12c17d21ad060948f72801cd570019a40d9a5005
SHA256

32605dafffa4f34cf46881e152611c90d0dd7569bdb80f7920a194ffb47f099d
SHA512

db6a471f7f519ff53414b9b25d71f289672376427cb1b65f20955fb04e7ca295ed7f433326ad04a8a46855bdb4be348bc014d902e7a7d03fe9747d21c092864c
SSDEEP

3072:gVTHWzf22m+ExAYY28sDYDXiyWzRKcmr0YlGb8oatuhvq:gTf+VYY28sDYDXiyWzRKcmr0YlPtuhS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1CB25001-CA26-11EE-AA86-EE9A2FAC8CC3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2024	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2024	iexplore.exe
2024	iexplore.exe
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2796	2024	iexplore.exe	28
PID 2024 wrote to memory of 2796	2024	iexplore.exe	28
PID 2024 wrote to memory of 2796	2024	iexplore.exe	28
PID 2024 wrote to memory of 2796	2024	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9871b67c3a81cc76f44a4434414680a9.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
6ce718f93b5f54ad87895a04b64ff884

SHA1
a43089abdb47247daf6542f9e635c8d804080f4c

SHA256
87469dae20a5ec587776da454213a0d19ca223fa86ce6c2ab7e7d60db483acd3

SHA512
8d4615cd01157ee36919627a7eb48385972839cca97b9ba5048cea7c0ab3808cf082f547d5a503b770b53f7ab298d0f3177d806e7738f5b5159171772ad59e3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
705925897ec0054f4c9b4efe97043326

SHA1
cb3f195da953e322e2a0934aa72cd88582997d17

SHA256
676d170ab7c7ae4e145264315dd0fa00e533867d8c1739f6df0884407bc17c04

SHA512
d2c5629c26dc3b3c197f235e75b5379deb3fb159daefb209eac05b29994124700704cdb2c94fe12da0a584fe48967555a4668b492466001b5342d219274bac65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cf66db57fde511496ef5daf3310b6d9

SHA1
804e9b26d72e72b7df0b6822445c614fc9a8b934

SHA256
7a7b4112854709250734c69c66286fc0c163c06cc01f8070799aa640366b9aec

SHA512
16bbef02c947699f7b47466e76590cf46cf4d4e769ccf1bfb1ad359d22afc90dfb93395d182d3db718586320db498568a004fbc7ee91e581c5329c46f7a97d00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb9deaac4bc811390f79e75d6f7b144f

SHA1
a51282924896dca9f64a213e190a53e9b8cbca98

SHA256
362160eee4728ea1ded57c8a9bb0bc00bb8b9dff9f886f762a1a2d2d6903a07a

SHA512
aff2ce2c0698dfa5688a6620de340c7d62fb8e405b6ebc71b70a3d88dd332898fe78783b65776125fa1fb155b8f77e4bf88487d728ea3ff170fdf7965d55f72f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f81735af33af1855b55db633774c93c

SHA1
9f08726aad820615b652894e0f35d2d672676078

SHA256
b9fc199f77a465af0475827d98e106046f238afdfe230c4f4145affcb3475dc3

SHA512
e74a6520cd7422ba6db6adb351f02db233c1b204fca617a461232d33e95154937c9b0f625e78d8bf565d02ed112d6e6e1725420e3fc4d188c03a5feaab90768b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5827850f04fd76e70ad89660673acb8

SHA1
6b47ad89c2c6ab639e82a3cd6597181cac5fe46e

SHA256
80c044dc853646fa215145409aa53c75b7d38418ff88e8a28d3af300561042b8

SHA512
de02a35d45e1b4b9b9b423395fb13f5a36a2be2efe379c6592fcfb19dc580a0187a640bf2b3371216dde509c0efef7b4645fa3ed2dc4b3af8884925beff2339c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e0b87e5230eb4e9f2ac265ed3fcd2c3

SHA1
5286b2927bf3f45d497cb25cd3fb09561ecbb7d6

SHA256
9c34fa89272ab012ca6e967b3bcbbe77706fc1b8f117435323d8962d9f7740f5

SHA512
940ebf3dd19023d47f27ca823a8632851570156bd4b7a5294b603ac1b2346e656e0035bb743ee42c2d1309841dfbe2d2f7faa8900f90865ae90ce0c371912d4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6fd42d552358b5491d915a99e7c21a4

SHA1
260690ecad296302bddfed67dbf42d8f7855d0a2

SHA256
fc04637fc717e3acd5bd546a1028a8f86934219105f84d26ebea15fc82830837

SHA512
a035b535bd50a79ab20b47c214ea26fb83c7dfe37e023ca5bf5860cb5a48a6ad96331e30ef18f93d315ffbe1ff3a5026f261acb6d8ddadfb18545587b116033f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1e9fdb994a402f15e512fb5f700fa7f

SHA1
332e8b5129e85a3a0494f78191b7574969b921cd

SHA256
45de50fe398c48b5b5248a653154b2fe805abd69d4eeeb4252fe0b5a939354af

SHA512
f28f034495edcef9a0fbe16a313907f3e9c4455be2e89d774775a3ce19be171fdd617f5c67e016d09afea63b1195190999fb2f669826a6270c6b761ddd81d72f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
632d40170f11982a9242894d14c676c7

SHA1
9b7ec12587273f5af6cfbcc87c938a19a4c88d39

SHA256
9ab0bb6a9df1ac8534dbf72b4868737578dd6c833e3a7f48908ca0ff55b5199c

SHA512
5a69d0177702991def1a127686139256ba9ef1da16b3a045de9cf4e8e5c6b6ed71d6c9258090744df270f49a23359705ebbae02626f1b59db1a3d0bfe830158e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1057b21b7682df03e3cdfe829a352e23

SHA1
fb7e7078881c6ef3e4043a50b14db9fedd850bbf

SHA256
ea4e9a46dbdb79e1f6f7ca5359a51bc469a6e5cf9e99ace2870d7be486fb7f76

SHA512
8ef0d96f20f74e30f7af756aae804d3b0c141a85356f0a8c726bdc27e6f86b4722cf33a3dd0a971648c356454a6f74c5c86e7911f8921a880f47da579f1b22bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d07419cb2865db7ef038df3bddf545ab

SHA1
4ccd17b7fa0cae70400bc34395521a0710f04844

SHA256
4d3d525ed7e1c313d9ee7a1f322f8f0fafd4e300b3c1f21271efc3195b1a9bab

SHA512
1f113432ccdd24fc72d11e89365637086454b12dd5f19fa0204229b47b2a21d9a345cc5e489214bb8e9ddd092baef950dbddf2f4532b337e4fe443ac0e7772bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a08d8bb4e9a8fde2711b3d4609b4fedb

SHA1
24d73a972392c6b0ba26be40c4911493d5a6b1c5

SHA256
d08e630927c72e14d526641d7c11dccb3ddabaa63795aff2621f722af0fbe621

SHA512
bf626bb138053d308ab4f7c86500b28a32f75f91969a5a58cb0702deb3b06bb02ed20e69cdc4c9bd77d192fe66b597be3252a3a0c657e65f0a762223a0451e37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2bebf0a105665417ee11564365d0fd8

SHA1
7d914b61e28129cf6f965d2afba0cadb79d97fad

SHA256
763601cef61911dac0e4c7718af617e28056dcd53c1205dbcda5d1c061da5773

SHA512
0a4ae87f2a625f154887d7e97f96f977c1fd2b8db53dc92a655daf988530f5143785f40888fedac06760313dd63bcb68e920f2527ee7572d29a41057aeb7be05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
206fd028b328c213d9d5b5e9120feb2d

SHA1
02b1de2f2bee6ff2be133ca3195ca9f7d8042777

SHA256
38b011eab7554e78e9eea24ea404be7a9f1368c40617dae89d12a098d14941d0

SHA512
30decf70075d7338226551326c8e53ca4823505f3efc003c2d95b38d1eb622dece2428dc70b3d23102bc69deef6e0c2d5e5dc8fd6fc9e265307c8116abe63919

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9072a17d4f46729e0c7d402cd8c71c1d

SHA1
14ae9af2055d923861bffdc93bd81dd82c2cc94b

SHA256
36533f86377c8110987e97685205ababe8df33c141d4214a1dec67a0f600e173

SHA512
e117cf910785bae2285359600402cc8aca5a4675d6b104e61d1d8f0cb398fce83dd07083dd575111954b13e4939b1f662e82546638f12e0dd9162ea23611de87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dc069645ac167a6a90ac957010ccdd6

SHA1
f6ce98b5510350b18ac62ca26003b0a562b36cb5

SHA256
4226b32797b7305b023ef5833e0d6dddd339c6137ebebd99b58fe0ab871a3259

SHA512
5e72a903f683f7b7c9b5169b436de846b2b6cb0d39673af551e40a9e8e8ee9742feffe6cc0f9ee57beddacfb4c57b1aa705423ba2caa6654feae24ca4b88c574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1338153cc8c0353c97ebcaad8c186c91

SHA1
22b17ae6f6969473a3f5bdfb6dde4e7093aefb45

SHA256
d04a0e7adf6829ce73435d6ab5a4b01178802837f99b124974a248e628b4440e

SHA512
195c0b44fd964e4e8dae03206717439607c3275f8417faf8f9687b7dc1e3a0df786b6e1168673dfbf8e69531d33624367aaef923a02e9ee312149c024ec12f7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1899e3ce5077834dae37716a8340c5a3

SHA1
ef470f1b590e20218573f0cd866faec09f9d71f0

SHA256
011aaacaf12a61a153faf822d9395efa0d3e987a653b4a67060e3c0a67713f1a

SHA512
b52991684d9af194a80ffe674e509a31874a363df3846572c4a55c68f7a227cc854359ab443660367aa0eae0fcc4666b3dcccf62439496c71096ae54f18de862

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab25BB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2783.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit