5e9386c9edbf457f4641b5c8b6f3071a1c5b0dc473540255832a894df25c6380

Analysis

max time kernel
125s
max time network
152s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e9386c9edbf457f4641b5c8b6f3071a1c5b0dc473540255832a894df25c6380.html
Size

37KB
MD5

63472f7eb4e09265d3f8c9db9fbeb082
SHA1

f4a67cf7f944f220f7965bf05bcbd111260730a2
SHA256

5e9386c9edbf457f4641b5c8b6f3071a1c5b0dc473540255832a894df25c6380
SHA512

596c1dfedb527e6a96a1cdbb401ca0fdc14275fe038569a7cc5b58d8dcd15bf670264695a30e4e9368623a38ca550fcdb31249aa4e558389250dde58d1cc2a51
SSDEEP

768:/aZD4RZhpMbYHev2E478dmNqbXoAV6ViNRb:/MbYHev2E4WJXoAs2b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ba440451ccd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048ca5449a4d21846ba8a995ea0abd35a00000000020000000000106600000001000020000000a2f570dcdbc7ac07979a1ce209b1966cbb0795caaf7c8791fffd2dc88d23b59d000000000e80000000020000200000002fde450dc0a89844bcf67fc06906f1af6855511c3631645e0b0fc4c982f622a290000000a7354022589c7accfeea33b673ddc3097e7ab96d5d1a4ba2ceb887a729653be56543a966343828710c70bdd0f053817e6a33c5367f342d23e6a45eb85c4d0480bca05b9f850b806fb5c3c04da57dc383bdb3dd8bf916774970d1ac20bc6f5cac7b9d81dbdebd0e1fd859298a598879a2b502cc3552b188c22bdd3207dc621c793646496bdf835e1fc7f494dd9aa2d282400000006a805bd484b6b0aff6ca910c56b51050baede7e024ad6d4bb73ef48d8d6409e125730cf2aecc1f150c6fd66c38908debaae682161bbeb242e4ce7d61d185514f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "370375058"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048ca5449a4d21846ba8a995ea0abd35a00000000020000000000106600000001000020000000ac41cf634e68857c9bbcaa34d300c695cbe625831b08239d2f74bbf5791a96fa000000000e800000000200002000000081c156ccdc6e9f430c7d0454b84b9c7b5a36525f5b5ef6446ce208f3ab2f446220000000fc3b384d11fb26da3fb78a49316720a447cb7c412fd26f8a6e0592f584c1c1e7400000008f6fcceb9f50b5c5eb91c6d57b9ad614b24510eb8acf8a539ff141905fb3b7349d0eb1b67809ad603cc573bdd97d66d300f2b732ed694cc0ecf847324cfe2acf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2289C821-3844-11ED-A920-7ADB5DB493F4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1064	iexplore.exe
1064	iexplore.exe
1492	IEXPLORE.EXE
1492	IEXPLORE.EXE
1492	IEXPLORE.EXE
1492	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 1492	1064	iexplore.exe	28
PID 1064 wrote to memory of 1492	1064	iexplore.exe	28
PID 1064 wrote to memory of 1492	1064	iexplore.exe	28
PID 1064 wrote to memory of 1492	1064	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5e9386c9edbf457f4641b5c8b6f3071a1c5b0dc473540255832a894df25c6380.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1064 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1492

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4856252ed34037b5eabcb710b2dbf034

SHA1
3614e12d797c108baee0c5d54eef78f6e095352f

SHA256
2059db5e252d70e320933e50f3bca1b772e0f6865606e808d996931262da7f5f

SHA512
035b28b92c5cf00f0909be4cc02f00dac3a0e6f6092bef11beef50bfaeb8c738bb4d2c5ed9c32db5fa42ce9761ebb771d92eda81c9ef2dce46196cf7eb706626

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HMQQ2UKJ.txt

Filesize
603B

MD5
fe5612ae6186f23a10033dd91ce1ab67

SHA1
e0f37803b0eb026069a095dd242035f213a38b85

SHA256
31d9b818b07ee4b519fdca258ae5a03686dceb6e78c278ffc27c34bf0379ce3d

SHA512
a3a90ae34e75dd95e714ea4a0b5c3f65360fc831c88e9d41257180c74f89e8f43c8539e68510150c3854d69e14abff2304e8da429ad063820a31e4506c58253d

Download Submit