32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
306s
max time network
364s
platform
windows10_x64
resource
win10-en-20211104
submitted
05-11-2021 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44505.5459869212.dat.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 51 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30921945"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "343214466"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2841627321"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2841627321"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30921945"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2BAF18F-40CC-11EC-B34F-E676AA8D1476} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30921945"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2830064655"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a111abd9d4d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "343182476"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2830064655"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30921945"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b5b008aa2024f4581a8e5e30df850c3000000000200000000001066000000010000200000005059b437b0845b53d145a792d0759d115585ae0be7736ada66c686aa6d9260d1000000000e8000000002000020000000829f696a61b8f8a8698f6bb7a9b4a1344dbf71fe659f500129319aae73fcabaf200000004f567ba5f514b6b0e5b822bf5733a60f0ee281811a466fadd659dc8e86b703b1400000006e6a9e5b268879537cecfc3bc470fa3e0a4a50984b7209eea3968696a500dbe0ab9a724ad0c405066dfb70e4b05a88f77400300465cd0f612d20bbfd2fa1e602	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b5b008aa2024f4581a8e5e30df850c30000000002000000000010660000000100002000000028af0655b01789b97b200cc73eb83fc3d79b7ca41205944e3f09d2bd88b1784f000000000e8000000002000020000000cc4c306d72fe9b45f069355adba2f0912a6816446b83d42661d7963226c1d28c2000000093bbbbe1e6e6c91185507764ab024676182ef39702d0415295b605afd536099140000000fc78c05452978b0ea8cd2d04e8d7998d88803414f2e312b7a4fb466e637379dfffe87f2d4c14b5def338aa20861c84995b1dda30a4253a17d15180260f5a22ee	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e029beaad9d4d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "343165878"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2580 iexplore.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2580 iexplore.exe
2580 iexplore.exe
1032 IEXPLORE.EXE
1032 IEXPLORE.EXE

pid	process
2580	iexplore.exe

pid	process
2580	iexplore.exe
2580	iexplore.exe
1032	IEXPLORE.EXE
1032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2580 wrote to memory of 1032	2580	iexplore.exe	IEXPLORE.EXE
PID 2580 wrote to memory of 1032	2580	iexplore.exe	IEXPLORE.EXE
PID 2580 wrote to memory of 1032	2580	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\44505.5459869212.dat.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5
a46e27d1a674a729535408d54d78d4e6

SHA1
1ad0f6b6df35fcaf74aacb6195d93132d08ea74d

SHA256
c95ecbe6c10d85cb26ea3272fdc61301e5787f74c4b94fbf893116776ca81e48

SHA512
412d5ef57f201da817f15a7d7e091ca84a800934c7d33e83b878c363e70493b91119cd967b957099bb874c12ccc7879ce15f9ab81b813fd181d5d45e27b186b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5
a2e1c84e2badbcb83f1bc80e070dbb3f

SHA1
2403923a316dc38a166e8685fa28b1f31e8d90d8

SHA256
376cac3ae77cfa59e0147d2c049c38b41476da690ecf630f7540b06a22adb8a9

SHA512
e76012bd155866236a752ec2fc0b60bd23f1f07185d0cbb38b20cf46f19c56c6774eb2a6b36c8899bc41122efaecc626d9f79b97d9897d90f03b8df5da5b195b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\1TF55IBM.cookie

MD5
2fa9deb23e44d77eecea4050734f3333

SHA1
1c9314b2e640f03c542778ea88a077386bdfd097

SHA256
55d3da3dad3d64c80c38c1f15f4a499370fcbab38a769c5b23c80505f06031ba

SHA512
a954d84f48f159b354c5872a5c33d1b6bbd7d5acb9e77c60ab4e7f67792d8ca54e9735748e8880287535a504595ef6f093caf7fb5f8e3c5e9c734955929ccc92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JOSA03YD.cookie

MD5
90a0576ec47d7d5595c8de474f7dbfcd

SHA1
51d41b42b107af84348f1ce9ced7cdcc1459c0f6

SHA256
302ec22e5645b79dd385310ec562cea12259dc2c80be5e06f2060de64825a254

SHA512
b210e6fe798858564a90f64c9166240a714fe74ff9731951d3a2ef4bfcbe182638b65dffe8dd7daaf3cef1f3080697154abeb6b51e5727122f507b2b8d95038e

Download Submit
memory/1032-144-0x0000000000000000-mapping.dmp

Download
memory/2580-146-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-177-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-120-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-122-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-123-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-124-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-125-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-126-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-127-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-128-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-130-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-131-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-132-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-134-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-135-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-138-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-139-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-137-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-140-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-141-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-143-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-118-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-183-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-119-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-155-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-153-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-154-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-151-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-159-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-160-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-161-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-162-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-163-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-164-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-165-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-166-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-170-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-171-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-174-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-175-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-176-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-149-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-178-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-179-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-180-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-148-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download
memory/2580-184-0x00007FFBC74E0000-0x00007FFBC754B000-memory.dmp

Filesize
428KB

Download