165936bebbcbb3fcd835a32db5a409786b2e555fd582a12d6dc1a13dbea7c65a

Analysis

max time kernel
142s
max time network
176s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 12:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

165936bebbcbb3fcd835a32db5a409786b2e555fd582a12d6dc1a13dbea7c65a.html
Size

17KB
MD5

879172664bd8fca12025cf4158be1ce6
SHA1

0613c9a5fa31aef7ae9c59ec894e251d3902f538
SHA256

165936bebbcbb3fcd835a32db5a409786b2e555fd582a12d6dc1a13dbea7c65a
SHA512

dbea5b019b9f65e4bfb164fad9605ef87f30f550b518893cced941ec0f43246474adc7e766b26d7cb168541196ba223d44e0ce9dda258de99628cbdb6d2072a5
SSDEEP

384:xDEZOxqAdLaeA/P1W1YYIqYcA0AEyGmpMgfCuQZiCd57LlKzW6mozLcMRzm0m4vz:xDEZCqAdLaH1iYYIqYcA0AEyG4MgauQS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "370384190"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6086c96066ccd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf0000000002000000000010660000000100002000000022f147cbab0ee97393c530e18ccbc62176718e115a75469579502622240f1a04000000000e8000000002000020000000aa1d3c2ead35241c8070cff68feb3fc87fb5a6fcdbfe9bfbc5d38f5f86bf1e51900000001feb455cb382106cc57ea642f9a816f661ac7285556a9188115a0a8fd93cd5c5258eba67dd39b4692f4d03d10c9ee84d561ec4126c69997dd5c00c399e53e73306ebbdb629c64a48824f3111fa731a5b06ce42f63b51b89ac854b138c3a2a28c9c52a9f19d8166257dd0ee99c5ebcc010c85fd41d8f47614ea4bc1b747fb469e4955cb2b3b24f3641fb6a84ca3fbf59640000000dd832ec12404321de1064fc0c24b1663da006d236eb0b6253c02e3f735b2770fc1f578fe756fc6298249b94ebdb3cdd9d386c215db1ca3ca564b8177f5a84de2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64CCBED1-3859-11ED-8B55-6651945CA213} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf00000000020000000000106600000001000020000000d87c2609161fc8fc0d457fc7a3df9a9de67f1d37e25857721cb10850b6c2e405000000000e8000000002000020000000323756200fb3da89c3462594e4537afd651ea222c2a2ad2f3570370afadec23b200000000d680916c7f59048cabc0e4cc3d795a1c82ea3af138a8b676e2021930632deec40000000eeff8f569f35d4d9d297edc572b110505d4fe4f56fe4c6e0f0c5c14bddf23f1c07eb480c56bac1b806e78dbe3fd8651165e07a94f000c77bfde17e98a806c047	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1012	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1012	iexplore.exe
1012	iexplore.exe
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 2036	1012	iexplore.exe	29
PID 1012 wrote to memory of 2036	1012	iexplore.exe	29
PID 1012 wrote to memory of 2036	1012	iexplore.exe	29
PID 1012 wrote to memory of 2036	1012	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\165936bebbcbb3fcd835a32db5a409786b2e555fd582a12d6dc1a13dbea7c65a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1012 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
a3c80711842a96c1f7ec5c4d4adf2252

SHA1
920cc053cba916c24ee59b3cce03dd1c48ba39b4

SHA256
fdd070e09a8aa6dd5c99b9539bccc5e45bee8b5bf48a96a152e54a6260df6ba9

SHA512
17741cd25aa05dc6d04d6c2c637aaf984b2fa734dcc8ead9012ad2dc2fcc2e8e7ab45b8fb99f7f4f1f3fa28ea8589818b54fbee5e2d7107f64f620088e625caf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9QYNMD3V.txt

Filesize
603B

MD5
5e2fd70d7d3148d2dc88b6c44847c3dc

SHA1
10efbd4445506236a78c98e681b6640b334e1cd1

SHA256
f20c5485999f09217625d15510c3f777c52da44e715841b311d3b776c7163c80

SHA512
ccb3a4d27f3b2bb00c055e6a75df1423b4a93f07e15e13c133193adb55c5ef1e5aee8f5a2f03c73f989a83ba77b813e2524385150ef259a7549f4d878454c13a

Download Submit