hxxps://iindexformprot[.]blob[.]core[.]windows[.]net/index/trial[.]html?sp=r&st=2022-11-23T10[:]52[:]22Z&se=2022-11-27T18[:]52[:]22Z&spr=https&sv=2021-06-08&sr=b&sig=ZwgkLDCJs4WfhkBNR8ZWCPALTKhsAm+6W1E81Awnu6k=

Resubmissions

23/11/2022, 20:50

221123-zmpceadc44 1

Analysis

max time kernel
272s
max time network
288s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://iindexformprot.blob.core.windows.net/index/trial.html?sp=r&st=2022-11-23T10:52:22Z&se=2022-11-27T18:52:22Z&spr=https&sv=2021-06-08&sr=b&sig=ZwgkLDCJs4WfhkBNR8ZWCPALTKhsAm+6W1E81Awnu6k=

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c095581486ffd801	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{34D066FE-6B79-11ED-B5DD-7295FC24CA51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055e705317208724f818ff84de6ddc69d000000000200000000001066000000010000200000002abc3c2fdb31a3df94069e6d2125c7c83812529b11d299317142dcb22d683414000000000e8000000002000020000000e4af898894a230e078fa0433206bbb17a5aa79cee1f9259fd71a15c792c6fce320000000d25edf041c7552add457164922213ae4f2f2a4d9baa7b0c9baf38723404a5b184000000086c775f4224e4ca2eee42ea2a75b5cf6f73616a2b3d88c2eb65b6884c4a6dd2f3475a3f47b29e6a779d265fa3cc58b515d82a72756f860680a16347152409434	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30998406"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "113542911"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055e705317208724f818ff84de6ddc69d0000000002000000000010660000000100002000000015494a8c34a61797a774699459ada86ce6cfb16e6284090d5b53dd901763b1da000000000e8000000002000020000000589b3adc2bf90f6af0824de508398d7017d70b64be0af8483e226509bfb331412000000063febcd799b4e4bbe3a5c3c4f8fc34db340916ff3bcb75a32a5fcbc94ceb64c64000000062bbdc7b9ae6117dca5f79ca48e5952f6277fa05832a7e9384a2442244f1f6979a833414e397b5089009d0b4031b66ffc6091a96fd1692d4ecb4cbd7ec4866b9	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "403230583"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f13c3b86ffd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "113542911"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30998406"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30998406"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2360	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2360	iexplore.exe
2360	iexplore.exe
4640	IEXPLORE.EXE
4640	IEXPLORE.EXE
4640	IEXPLORE.EXE
4640	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 4640	2360	iexplore.exe	80
PID 2360 wrote to memory of 4640	2360	iexplore.exe	80
PID 2360 wrote to memory of 4640	2360	iexplore.exe	80

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://iindexformprot.blob.core.windows.net/index/trial.html?sp=r&st=2022-11-23T10:52:22Z&se=2022-11-27T18:52:22Z&spr=https&sv=2021-06-08&sr=b&sig=ZwgkLDCJs4WfhkBNR8ZWCPALTKhsAm+6W1E81Awnu6k=
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4640

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
75d74db32c0f9bc6de90f871bb1a8317

SHA1
b4d9c00fa54d1c94445d2825df0722b8fe67aada

SHA256
e34681d36a61e2300692ddd9ecc97e99e68e51f8b250ea45d00cb0a273de76ed

SHA512
a62f41f43a9ec02d81988dd216cd0926a30c304b584373a2b5c47d394ab02d8806c3c5ea6247bde9537c0c82026216c4910b7ec591a8a8cbf5c3cde694874324

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
446B

MD5
f6ed55a4704f12fd4905e2614582218a

SHA1
e09d183170e1bbf151e09cb24069f8400c00444e

SHA256
f4999c87d575b509bfe27a3d31825c4599c98162d47da1adbbfd2b8d06099d6e

SHA512
a0572b8f05c77ce6e4448d86fe9dbf74aaea593ca4566b6d6e1889d5cbde9fa7e4ef700f7d9d6fb249d7b8af141c56f1c6b2fdcd93e6bc8ce02a99e50462d40b

Download Submit