hxxps://firebasestorage[.]googleapis[.]com/v0/b/mrje2n53563ghdgc0eetsra[.]appspot[.]com/o/Bn[.]html?alt=media&token=0f034d1d-cbf4-4703-a4c2-ba4dd123dfc5#test@test[.]com

Analysis

max time kernel
86s
max time network
143s
platform
windows10_x64
resource
win10-en-20210920
submitted
26-09-2021 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://firebasestorage.googleapis.com/v0/b/mrje2n53563ghdgc0eetsra.appspot.com/o/Bn.html?alt=media&token=0f034d1d-cbf4-4703-a4c2-ba4dd123dfc5#test@test.com
Sample

210926-rjzd7sehg9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 48 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3629599326"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d0000000002000000000010660000000100002000000041facffae5b5763eb8e0d1bd7d5f80633e06e5ba8c00876209540ba5702d4d34000000000e80000000020000200000003075b3521c6fc27a878f8556b8348c5ac781df7529f4f61d683065e7ffbdf25da00100005524d3cb9a637bc25d144ff60095f2decfb788e44e181d853cb1fea1f63c6b8a26667b08d7d2e43a148caa519881eac30097768f8658984fb3cb1b4efb0d270149361c6f7020ccd79b1230f45c62c264495e9be775e81171a2f78ad4fa1b3c38868e40c71b43861e0e83bd4d3d581d6a346bbb61f3354b25863462aae40d6097e1b2c61d02a30496b7117afb3db4ed0c2e84f4f9627360a8986b39db636fa83b566f00bcd68d305adf215542cbc022e8e426909f0ab56aba58e16571eaf54af3fef5c93affeebaa119b7d62b186c6f1c5287a1be7db204c0100631a183d2b88cb683b81cfe5c509c29d55b155be286a2b838c470d2bbe47c86ac50708084794061c6262092b61d53e910e3f28ea0513af14088ad32548b9d244e30080a8ad129e1512fc0d2810f7648fe115fc20f565f4e1d78c83311d702f1b49d4fc8715da34ee5bbc31ed083fffe2986614f307752a909944f6498adcab56ec3adc5d1bd2063a05d62cb23546327f88b0558361a01091340b597eb075f5073345723861b9d3f418736ff9289e79376850967de777d84a6fe344f7556e40153d1c242e16aef40000000c06e3a1f8662008f365a0110d9ab400368b77eb5402184ed96fee9925fbed7daf56be6dd61f574834690c44b5b7fa9357b1a69831100c842f5ff3c774c8db585	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "339430623"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d21ed3e0b2d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3615770364"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d000000000200000000001066000000010000200000004714d582bad4bbb15775ad3e5f4fec374a4da07d553ef62ccc83515f594bae33000000000e8000000002000020000000b9b77623775ffeb55557c53553c8a2edc6938ac1f49e79e2a8d6f140261dfb922000000050e6073098d060bac1e45732bc4a1b8d6d60334436d06e7ead5e061ac67e6fd9400000001522d8bbde50624fcd17a387a697e63e87d84cdaa7c95cc6c6f00c8c56218c83304e58b78bd5e6b82ea09f29612b9bb801eb7a3ea68667de6430337a480ceb07	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30913248"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "339447217"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30913248"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3615770364"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0322FB1F-1ED4-11EC-AF2E-DAB78683E0E4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30913248"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "339479208"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3704 iexplore.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid	process
3704	iexplore.exe
3704	iexplore.exe
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3704 wrote to memory of 4312	3704	iexplore.exe	IEXPLORE.EXE
PID 3704 wrote to memory of 4312	3704	iexplore.exe	IEXPLORE.EXE
PID 3704 wrote to memory of 4312	3704	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://firebasestorage.googleapis.com/v0/b/mrje2n53563ghdgc0eetsra.appspot.com/o/Bn.html?alt=media&token=0f034d1d-cbf4-4703-a4c2-ba4dd123dfc5#test@test.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3704

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3704 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4312

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
MD5
28f3e514f353bd25873a84aeb808527f

SHA1
a3c7fa6eefcbf13fa3d4261cb34db5721aee1b28

SHA256
3c669eaf705e66de35e607b29d92833029b36bb75ec332e83d2765bb63cfba90

SHA512
9b097162c5b25a2f181a02396435d7f7ff09bee576284815e9fdcc893fa9e35766123c5c7e11ef1230becc4e05e11a87b6cd9a24ddda3436ce043cffc668a260

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
ce98c91d236b64b56ca87fc7186af2c5

SHA1
ed75a894a924e03763b46178ae1a6842f91b7a24

SHA256
d28dc7a774741853733d1e6e385f27c910d0b97eda6f0a1ca47580e85c6e484a

SHA512
2787eede0e61b8e938a7fc47534b8d2aa31a01920013752bb4877c81e728931b9042a8ef5304b7e919f2e83bc6b1d1726bb1d34888e82f6a0ed4f34512b881dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
MD5
de27664da1e04c94901fcc3880064613

SHA1
aeb52fc87f907dd40ae683c52cf3129d4b27e25a

SHA256
7e59ce8a2d7d1e1201e535a3175bfaf239b9f5da7be265c18c5ff1e1bc696282

SHA512
2d1e23a6cb1641bb1c393e404950a781cb20e5123c1e85bed129a02cc54b45e84ef49b54bd4a19a0dd48c66693fe119fd4f6b6733c71d34655d4ef67b760fa36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_3B9C2111EAE052C5BA0EC1CBB6D70DEA
MD5
b3b0696d2ec27523c6fbaf967afa6e80

SHA1
81360fee58617af76f052ea338335147a4a99585

SHA256
23f5c00ee65e6c4a2bea51a5ea065736c7deb385cdfac237b20c89483cd47612

SHA512
ccf63b9a1e1caa9793c97bd01c6d2884588ccb13ba29cbfc3a40dd47dd55b4b2e6229d54dc1ac8a37e121cece42186a25e3e143fdf064d2779cc7a8955886926

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
MD5
946eb28583c9591ffbc97273a4b6b2ef

SHA1
bf9dc9742a2a47ba568eb39aa6e4bed2015e5b6a

SHA256
ce6c503a29c66bbf7681370c634f2b384b6561551defd90e260f1ba821207350

SHA512
9c2ab79135cab5e2940c22d997733ffa657580a381294d1878eade5e5d6eeb14315f9f3db8d355113570cdfcff4a80415a84be399064256194d0991de524218d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
5b2f2f6c7f1545815b6f75e9b4d1e526

SHA1
6969cade2f6adcb8bbdbd194473a34b943a9d8d2

SHA256
5dc863f03f0339388d4cefd85072c81e0e099e590e0f1ec977f3178b6097f697

SHA512
22cc14622403fead7360bd963464d89c07e50278adfb7c87cef459c985b32343542e66a743f0b9d9bd2036dfef37028c7e47c09807fb2988b4e630555bc7eb29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
MD5
9046c12498ce48073e79b771e1000bef

SHA1
5720d32fe9690ae68a7010f00bfb33dd1a0c645c

SHA256
29376685620a80f7c0c2369e1a7ac322587ae89b67a915a5adb80be04fcc4e93

SHA512
8c396bb2f0e4653eaceceee7c98ea30c3a6d18ff219d64d2b9d2bfd6caf8d0f891e0e9fd239741953c9fe8c028e30ce07fe63e03fa0b480cddbebe86ce6537a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_3B9C2111EAE052C5BA0EC1CBB6D70DEA
MD5
53ff11d66de58aaeae1d07407a0b02e0

SHA1
6a3285cff61db244517919a53dab5b6a07fda38f

SHA256
cb060a9e9d67075df872e088bd4d1ec089820498c055adccc36e268fc8d5ec85

SHA512
0f663f6e935e5ea28ffb6a00a7d1f3b4621fac4b8f1efeaec640854face7b11df75bb9b45ef9869de4a27653652451480d3c2968b4d09d67bf2b606fb25d5cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\1EZP73TN.cookie
MD5
95d81ff3ea20053de67082b78dbc79fd

SHA1
b5fee4f25e974ec014a502f899e4fb90c901ed5d

SHA256
63e050695a7f773e07cf1f0fdf2a0130c61a216aa1e3e059b64ead8d7118fd46

SHA512
de189ed8ee970e71b949d20c0e2f6a70becf23c0c4cbdda56497924a31e9eda999cbe660017526bb9d1be523641ea6b731a2f8cda72b0a069ad4e8512a3d437d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KOW05SWA.cookie
MD5
10b5cfe4caab40c4e82100e0a680751c

SHA1
92ef9c68246c45f8ba44ae989634412f8b6dbb35

SHA256
357e7f5eb9da5e8bdd0e35e2dbd69151c4382fca9ce8a0d30b5487fbcdb2308c

SHA512
4d27783eefd286b08917d64db0cecb6f8fa6ef6058614ec2c95668ee07fb7fe3fcdd0861559e71c2efce066fd7b4b5bcec5a022d3f137271f71cd06af4f56e72

Download Submit
memory/3704-115-0x00007FFC06750000-0x00007FFC067BB000-memory.dmp

Filesize
428KB

Download
memory/4312-116-0x0000000000000000-mapping.dmp

Download