hxxps://test[.]shrinkurl[.]org/

Analysis

max time kernel
39s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2023, 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://test.shrinkurl.org/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0efb8382023d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\shrinkurl.org\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31007520"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31007520"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "902118626"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "910714465"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6851ef31fd3cf49b332bbb4721c97480000000002000000000010660000000100002000000036701a5c6a98ad7cc46abfc3fd7db96f855abf06163ef431415119030f371aba000000000e800000000200002000000027d75c03652683b71b2ea93b871e57136a84a2250d1d527f0818038cb9c2d8942000000096d5586babbcedc8e304da9a5cea9c7e4e47a5b1879b044ab40d662a5c0b4a83400000001d2a3222a63e439c7588c6745320ee89b95413755a8587db8ac793949bbf0baff916a96f1347c1f6c2771ea3281c9eb269b96b954232807c1ae0a5d19e6536ec	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\recaptcha.net\Total = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "902118626"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6851ef31fd3cf49b332bbb4721c974800000000020000000000106600000001000020000000db57ab10dd60d5c715bd1ffbbb86b66f7dc22ed9bc136fc01ce2748f5fa125c9000000000e80000000020000200000003734bb1693d20511276c508726a00b93e9499232358f84b2695dac3a114abba2200000008c4e0579ae86cf763f29772eb72a532851fcf74ed13be29d914e25cfc8b9c87f400000003020874b3dd7903d7dbea5ec461bbbcadc2b0d7d2853ab7ff1fab54869e26b2c89edb17bad653b9507ac6173295bf8d47f532ff37c0b56e7943061aea3b0342f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.recaptcha.net\ = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\recaptcha.net	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31007520"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\recaptcha.net\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d6c4382023d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{613A1615-8F13-11ED-919F-7218A89707DE} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\shrinkurl.org	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\shrinkurl.org	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "21"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.recaptcha.net	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4356	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4356	iexplore.exe
4356	iexplore.exe
4228	IEXPLORE.EXE
4228	IEXPLORE.EXE
4228	IEXPLORE.EXE
4228	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4356 wrote to memory of 4228	4356	iexplore.exe	82
PID 4356 wrote to memory of 4228	4356	iexplore.exe	82
PID 4356 wrote to memory of 4228	4356	iexplore.exe	82

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://test.shrinkurl.org/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4356 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4228

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
a84659e00d09b65942dd6319948f4b09

SHA1
5019ed50b4dc83eb14ee8f741b7fb78b0cd32483

SHA256
5883ea503ab00c9fa511bb6ba9f0367ef9e37951f681ed647d76e61646946708

SHA512
974b291e90ddf2bea9436bfb1ba6649530a29d1611885fc909e41a99f47211414c9cb86d13cbd30229274da1ca35533ad0da2c695499df77036cfe0b096ca404

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
7f42b69ce0d9cf7c3c9bbadbdaec3978

SHA1
c19b564bb8feebd4c930f6134f6706e1912e8827

SHA256
51e1a3ae22abfece6588f0ffbd628dc1536c0c9731753fa848ca2d6b9ab33bc4

SHA512
a40cb218e33c03dad1d7ea4f046bf3107e834bbb404ca004674afef7a9f8c9ed63c85641a40109163a939a6a7bd7cccfbaf5cebc4d7122c697ab9e81b3120844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\xyoggsx\imagestore.dat

Filesize
632B

MD5
e9bcd7fcf059ae05175e31a8351ce626

SHA1
5db3dcf44b632f5688d9de9999d4acf5bffa0153

SHA256
fb77a3678522c4cbd2b7fd4f265a219f36a4b85c543a141c99fc16b83c3090f0

SHA512
b56633774332f6a44fb4d9208fa99e48f7ba655f34d31cd34802af3ae22e19dc86fcbb10c13af65ed6ba527190e99f116f14ddf9c1adf49c0350134a06f6e778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NMSO4O58\favicon[1].ico

Filesize
198B

MD5
c6acedaff906029fc5455d9ec52c7f42

SHA1
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81

SHA256
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b

SHA512
7a8d002ca6b607e38860ad4485493e109cb7d3bef241b0e5bf2a65c2e316e6185ded8ec74e3fcbd78745ab302c6d876657abc178ee028d1b8b9a5572f429d972

Download Submit