3f1779948e5d73da23837ef4f39e285b9d6bd4a029589bbf51e62557b3abd2db

Resubmissions

05-12-2022 15:14

221205-smedwabf89 1

05-12-2022 15:10

221205-skaynsee5w 1

Analysis

max time kernel
102s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PDF File (1) (1).html
Size

22KB
MD5

362c4dad867f3fdf9fe3c4808fa20215
SHA1

2618e47d94b09eda56fb436f614bd74efd7aacd1
SHA256

3f1779948e5d73da23837ef4f39e285b9d6bd4a029589bbf51e62557b3abd2db
SHA512

b4c27f5900b0b220847ab7bf5d8f9b388fd70e6df3e38d33209f572575a2fde9621f7d377d3df26228cdaeb67464e8b37413f0bd1b906f354c942f0f427f35a9
SSDEEP

384:hc0s1A4iX8i/VyvXxBmjiIOJGsfVNEtND6NSuNBto8UHAm9VN8tNPRNvtj8UQtAl:hc5ChsvXxBm3XjPeHjvDZAFGE2R7v

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3516322052"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31000772"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70a01dd9c408d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000772"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000772"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "377021885"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3353041044"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c06500d7c408d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d70658ad46bcf843911a76abe42257ac0000000002000000000010660000000100002000000016580dcf963845c1a7baee68acdde752caf612fdc454dfa85d78da515a12d308000000000e800000000200002000000083277d4493c1b64a84b0462cd03f56a1bdf1485d2eccea10a657ce2696ca0c2020000000a0da4310559780387447329a301383590bf52c59b5223f60f983ac6e340824ad400000003d684c45ced6e7cb0529fffd75267ee15eb8834659c572b76e58262ed3ea712083097abf9a476bfef04ec8aecf15395dacd2a8c6a13bc12589096095d771a589	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3353041044"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d70658ad46bcf843911a76abe42257ac000000000200000000001066000000010000200000006b4986cf3e310a6f3607cb5a601c3b4b6114dcc3e7801bf8910d657acb006596000000000e8000000002000020000000a745dd68564974835847065fe528d4708a0b4c2c7d4be892541a24fa214fd65920000000d4e304199dfe2780c7757e15ddc666e083f228318aa467b670257d6872e6bcc34000000042232f87950ce00883669f8b9e4720dcfc14f8b0a4b6684c4e3563bd9ea5c867760a475230081981c075dd419e2b36549dcbb19105ad82ea90e9cecbe3398e48	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F29F1177-74B7-11ED-AECB-72E07057041D} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
392	iexplore.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
392	iexplore.exe
392	iexplore.exe
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 1696	392	iexplore.exe	78
PID 392 wrote to memory of 1696	392	iexplore.exe	78
PID 392 wrote to memory of 1696	392	iexplore.exe	78

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\PDF File (1) (1).html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:392
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:392 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1696

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
ac572cbbc82d6d652cdbe2596aeac4ee

SHA1
a631b27cf33fe134f42ed411d7ea06c21df41ad5

SHA256
50b6d8f62150a7bd25fb3e462130e8e054a0f1fb619487e8c426a4c8bf6bdca8

SHA512
070095ec83e4eeccae5dcbadcb3132f08fd0aac50badbc42cb72691236b6cfcdf14ce275fb1bf5511896bb4dd25c2121e044341003c1a507be8fabc0b2b1bfff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
abb00e1241cbce9e6dd9331a4c369f21

SHA1
364efc5e6690709f053344539cb30da63bef8573

SHA256
7a615e2e6ad1ba41c0730106623c5b3d7ae974bddfb2adcb4b1d1a5af244b4ad

SHA512
791c75f00012d44e34ae5d4d76d443b65da2d12d9fa448c126dd254144d11e09b6f22443d5271309e8d146b7d1a032122c12618762b6e88e7f6ea16dbc036d8d

Download Submit