63b8479bd76dda6d8319bfe64fc22f157ee81a659452fa027ba18b96322eca90

Analysis

max time kernel
281s
max time network
187s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/09/2022, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63b8479bd76dda6d8319bfe64fc22f157ee81a659452fa027ba18b96322eca90.html
Size

609KB
MD5

86e1e8453d6de39c66bc68d1aeec1243
SHA1

8c96c704c8637633262bb6642ee6a65fe3c66871
SHA256

63b8479bd76dda6d8319bfe64fc22f157ee81a659452fa027ba18b96322eca90
SHA512

d4259583e2d493c635b48359b978d22f7e90477d04f3c00de5c4a4628f27d314228fcebc0e98677ff67bb86bc0c73c59e991b8a5dc61eacd4aa37973264f4306
SSDEEP

3072:0ClpGTetRqXgwRsviV1ytjVswRuzl84NebWCUkPDlJtLn6CVhJc7MwaMyFeqmqDb:0ClpGTCRqXtRgRQcSvLF2RPthZpWMH

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8C79E11-3A0B-11ED-8AB9-FAB5137186BE} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f3d159765a7f43b6bf060b4b70c9a300000000020000000000106600000001000020000000485abc7bd00fb62d27d59763d2a4f3a445913b507ecf81b6090e8ce594a65714000000000e8000000002000020000000bed29751e438b7e3a437f33618772a617ec75b29cc86d6d685bf78975bf09e1790000000eb476febbf94aaaa02fb3e3f1a7cfa33b976baf004c3731ffe358381d6ac7536c12d38706a02e268e7aaf1f27e82c6532252e22a2769f26b3480436504b4d4e390154bdc4165682eec76a53f18e109e192abcd07ee22332b598be0d67e4eba5445ead9af4cc086e9517aff0351a0a78373d3a4de1280a06e480160395164120354cc0d8c901b382e64b257737b6853aa40000000fa5cfb51122ca04fa71a4eb52a794a10314083c793167e48ffd89432537503ad28617bab4c31d55186a7cfaafcd6b4d0e0c16d46b55b167171fe0e1dae970dee	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f3d159765a7f43b6bf060b4b70c9a3000000000200000000001066000000010000200000001e5a26d2455f8a5e54c780012a963edd6415f125631d8ca8da1fed4d70d49630000000000e800000000200002000000057919b2a4362b38eb79170f2a37b17ba810a8a70cd4f0b5ac4f346fbdee8aef7200000006a18266b64b3e078c37e7843d27e81d778cef32e99ebd5c7d2302fcc20f5ee0740000000971f2488512631d89463dc1831454e2ac76edf78265bc7fca90ac3faa3e27f5f93612bafc159ea56773feace86c75bf4467c2a33d7caba2827ec7f9b86dbc280	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 205bfeab18ced801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "370570805"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
968	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
968	iexplore.exe
968	iexplore.exe
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 1976	968	iexplore.exe	29
PID 968 wrote to memory of 1976	968	iexplore.exe	29
PID 968 wrote to memory of 1976	968	iexplore.exe	29
PID 968 wrote to memory of 1976	968	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63b8479bd76dda6d8319bfe64fc22f157ee81a659452fa027ba18b96322eca90.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:968
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:968 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
877899e1369bde28e659ca0361ddd379

SHA1
dfac345d43c671f20443b55cc3e160a27dd14565

SHA256
b2a623cb02ce56f928953297bfa2cfe1a709bf68757d5950c30afdc8fd57107b

SHA512
c01c3f7637d1d6452ea0a17a0581dd700e03e2502b690983a31e119df71481f92ff5095e3cdf2ec2678d77e433aaf02165ef796a2af3fa600653ef0d62347ff7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SWBIBZ2M.txt

Filesize
608B

MD5
1a1035fa9abd18e2049872488ec1eb90

SHA1
faaeeab6f939b8d054978e3ab2f80c5e9fb47be4

SHA256
1878b377ccc30ee36d77923121b368e6e6a985fde2062354afc11a131ebb2d8e

SHA512
fce3a79404523e844a7ba73c4dfaefeac94fecbfc5a104ac5706d6c2912eb29518dd7136ff9ba55ccd0a7393d6eeb0385185a0fcd2e64a22d1e6822664f86abe

Download Submit