b55306e89623cf72aa8fab043c6e4c568328d85268f7d18ea450a83ee1af091f

Analysis

max time kernel
68s
max time network
135s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
08/02/2023, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

B55306E89623CF72AA8FAB043C6E4C568328D85268F7D18EA450A83EE1AF091F.html
Size

17KB
MD5

632a5d0ac96b3f3f3a845cfbf1611480
SHA1

ece23645b3cc152835107ea8847abc48c8a504fc
SHA256

b55306e89623cf72aa8fab043c6e4c568328d85268f7d18ea450a83ee1af091f
SHA512

03fafb42e0ed6ba53f034d40819e88468b57948e29f54e8cf3406ab4a23aa7b75d4327b21ad4542faeac8e9c13bba89ba2639a22d2823dcc8e7817d4e48a17b0
SSDEEP

384:+Xx9OeKvg4SYC2KvhxwOKv11+Bzd6FTNHnV/VH:+hrKjjKZXKKZd6FZH

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61E661E1-A7DE-11ED-84FB-6AB3F8C7EA51} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000803db83d240c2f43a345a7b4b0c9ca9600000000020000000000106600000001000020000000576ac6c306772b0fb4fbd2f107b56eb6f94f33a6944f6290d11218019f83ab11000000000e8000000002000020000000f0deb66ecbe7575f5de1d29d11f33b7dabbed664d0c3c93bbc01b68fd7cf6eb690000000b7724ad51c8a1969db25c9379683090c70173e44c3d50aeae6bd76d25b0b0729870b747ed00ffadf381b6c7f97a4aaf036f0b6427edfac8128d6ec619d69fdd12625d9acd841d8386ba4bed510f695cd575c93bcb467c51bbda46e0445e0c0421e3c0682b403a414afef6f587847a4a53ee0d0cffe63ef01844bf06c32c386d7332c1016360ff99bb5ac066fe36bf453400000007509510c73164d3efd3934adc4d8b4d7e153fcc6de497fb3ac9d6423e2919ed73b4da1186e41025d588668b771e073bfc8d15f76cb08a6fdc66bbe1e0e1a72fb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07b173eeb3bd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000803db83d240c2f43a345a7b4b0c9ca96000000000200000000001066000000010000200000009e9ca56085b045dff474344e0ce22f00e05f0bf9d45eb67a5997f9679a1bedce000000000e8000000002000020000000f54a1dfc25ec1650dbbf9fb8008e1cda20e5864fe140c2d906affb7b8861eed420000000f173080f11c5bd9bdcc8edde9f365017251c683de5d50273f056c2632410f27b40000000c65528a407dc82ae8c5da1ddd3e4b207b62761d6c436429ceed88690f6acd4930dcb96a56b74e3ae8171f4c285db215e3131d3965ea6441d122388d63e536903	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382645885"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2044	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2044	iexplore.exe
2044	iexplore.exe
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1652	2044	iexplore.exe	28
PID 2044 wrote to memory of 1652	2044	iexplore.exe	28
PID 2044 wrote to memory of 1652	2044	iexplore.exe	28
PID 2044 wrote to memory of 1652	2044	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\B55306E89623CF72AA8FAB043C6E4C568328D85268F7D18EA450A83EE1AF091F.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
1331f8dbab656b9d0e97a2eaf459b7f5

SHA1
f30f2dfa38a642c62d26f269327c1cc804606aa2

SHA256
4d7c3d60ecc44ac70e8f8d1a62048dbc013345b609c2201b5630d5c93386177b

SHA512
1a1baac01c4a33f1fea5b67e03df8d9428a4c20c4e6501205670bb8897b755e9ae9211814daf3dbcd36a1c46f15eb53d8593b45bf58ccd4fab65b2d35f5a6b4c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X4IBM1OT.txt

Filesize
604B

MD5
01325b50fe604635d575a6f3f321e673

SHA1
fae855a5934e268634fd8409ef808c25458c55f4

SHA256
c1f70cd7819750cd1eda4d2bea73745ef4005c4ffd2d9215a02a541e5b248030

SHA512
73b19c7c80115e6c748cb10b455f97a89cd94e768823e9e1b1bf2bb0d680ee0dae23cdbd082c75f9f65fc0b506d2634abdb1b8fc30fc83ad1e6819242e394eb2

Download Submit