hxxps://storage[.]googleapis[.]com/2da6837dc6275bb68b46/6514a705919ba7ca3aca#VjgwSG5YVEpqL1NJSmR0S1E2RE5sdkl4OWVESEtpVndRR0NBMnZJVlNYRXQ4em1JTklHTGNUalc2ckx6enFYUGpIc292NmRzdFJoKzRlcFU3YlFrVE9mSndrK2hCTVo5RkhqeXpPSnRpQXc9

Analysis

max time kernel
126s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2023, 16:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://storage.googleapis.com/2da6837dc6275bb68b46/6514a705919ba7ca3aca#VjgwSG5YVEpqL1NJSmR0S1E2RE5sdkl4OWVESEtpVndRR0NBMnZJVlNYRXQ4em1JTklHTGNUalc2ckx6enFYUGpIc292NmRzdFJoKzRlcFU3YlFrVE9mSndrK2hCTVo5RkhqeXpPSnRpQXc9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d3d143f12e2e84081f0949245386079000000000200000000001066000000010000200000005953efa287e1b4d54f7ceae3e52169acccbd52d1870f12fdcab11183b431a0d8000000000e80000000020000200000005c30e17b780e7dac87669b8dd7828d23ff5e661b36ffc7b0980510e28a5676d52000000093ac5a36d204d5b326fb46ee2d35467cd4fbac1bde030c8616683d788a66a33640000000efc4da5ef0ac428cb134b9da3243bbf1be5625c8d976a845e7029c68eb2305f7ce751d1f8ba7cc1afdf5b9ece3de29c0bd2dc23341bf46a0092d7b92ed75d024	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2071793683"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "393178119"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d3d143f12e2e84081f0949245386079000000000200000000001066000000010000200000000f35c900a4f33d6200172927af57581e8513f62f209f2cf1f097c2c9027560bd000000000e80000000020000200000006b43f69570f8c3c71878d7f3c901b55115e34539d18e794eaba1879935e9b9dd200000007f2cb1f5de1f2dfc747047958e698fcd325c42743a9ac3f6a1f6ce02f20d09404000000081ad89974c1b2a7b3f2877fca9c7425977077f57f37c562ee83d7c009dfad7c8e113a46ad6c039fd89cd5a0c6ab59b5df9ab0d7816d7bc03e3fb362b822f03f9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b01dfbaab59bd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30052ab0b59bd901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d3d143f12e2e84081f09492453860790000000002000000000010660000000100002000000005ceda7a2e7ff1b1a631deb9f8dc7bfe79ec7d6de6816a4551abb4379446aae5000000000e800000000200002000000026460b40643b6762fe3fea4e2c46a5d952293ce676044ff9bfcb9daa51b914e32000000026262297fa7ba13dc1ff06c79161e144b8f3ffa9e04f0483b35c0679206f720940000000e4fd4be4dea1c02a18c812aad8da9aeef1c3ca447f8f569bd19a3d1955387d92d8e33756467aa53df900a0a8c8d04dc3e7709db84ab210aa6d86ea976c895095	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a80981b59bd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d3d143f12e2e84081f094924538607900000000020000000000106600000001000020000000c33f23fb9d64e01ed643a08651b88f1212916e4b1262ff141faf81980d2ed30d000000000e80000000020000200000001d03ee623530a03acd27b0c80a8731acf0eecd9c0c2fda427876779a414cd5a02000000021f8fa18d8b53749c10df9cb96eb3058595ef079ad93e760566ef6c6dab36e3840000000b2f1ec92cf571c1863775497fdbbd9aae8c1a798eec84edbd1ec8ec802a406a8ed822112fdbee56b355e1850fd4f10b2463f4166bfc4d66b33f58924217a1f28	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038389"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c1137eb59bd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40d60396b59bd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 704a0cadb59bd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A6B1BC3E-07A8-11EE-9156-E63637889D5B} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31038389"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2071793683"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2088825114"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d3d143f12e2e84081f09492453860790000000002000000000010660000000100002000000046db41c237824f59527444fe238287e430a6ba199765087c4552cf101e7563bc000000000e8000000002000020000000c049e8d5dd14400fcb8530bc960f37790f33ca2fbe285792033b01075f16096020000000163924bc5b154086fc60fa72d640fb8db64b74149801b9b1de44885f44a2b2d4400000009681d654de91cad6f97e7c60921360d5939ec3abb8da3e2530e5327fd3a24db17ac4fc4fdaae4569c6919ca28fd4db8846b444d27b906e25272b7128a2e239e2	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d3d143f12e2e84081f094924538607900000000020000000000106600000001000020000000f0e4d56be53b3700d565fcf7fb873de2d93a45aeedee44756911b849cd11b098000000000e8000000002000020000000b19c22eb9d510cd76882fc9968e73fc4989baca7fe80ab88a6e081891ec937f82000000086cc9de7aa23ae9776870d1bc0a65de5791280bad4f254b4aed1a5699ac081bb40000000ee444c6c6d01ba71d482f8b10b68dcdb96138cc4cd7dfa7d63edb4660e8b5a4993b6fa2c112c24e66668ae757954cc6e59792042965c2973a513cbdb3f931a21	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8038f77db59bd901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038389"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d3d143f12e2e84081f094924538607900000000020000000000106600000001000020000000e0937e350d018683daa7da9f4eb6cd85211ad96ff9f13fdad1f339e2f2bbc9f8000000000e8000000002000020000000a987fdab053bb57ff603ff46f39a19a6812978c30efec3db01ce283a850ac63920000000dbf4e7adcaa6caaebd240b9034efddbf2bc7aa490ba0ca8b7571833a7b8084fb40000000dfb78cc6c4c68f5540242e037ad59cd356d571af2a4da86be7d6e143556c61359adf9b6140adfb1930893a2dcab882facc61f6c4a7dbde5827fc163b552b5a95	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1176	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1176	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1176	iexplore.exe
1176	iexplore.exe
3800	IEXPLORE.EXE
3800	IEXPLORE.EXE
3800	IEXPLORE.EXE
3800	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 3800	1176	iexplore.exe	86
PID 1176 wrote to memory of 3800	1176	iexplore.exe	86
PID 1176 wrote to memory of 3800	1176	iexplore.exe	86

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://storage.googleapis.com/2da6837dc6275bb68b46/6514a705919ba7ca3aca#VjgwSG5YVEpqL1NJSmR0S1E2RE5sdkl4OWVESEtpVndRR0NBMnZJVlNYRXQ4em1JTklHTGNUalc2ckx6enFYUGpIc292NmRzdFJoKzRlcFU3YlFrVE9mSndrK2hCTVo5RkhqeXpPSnRpQXc9
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1176 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
f555af3f1b663a55df56040069b6097b

SHA1
ac566b3ec3882b349616e37dcce15f1470496361

SHA256
e9a0504f3aaee42e85baf24a611a6c237ba0de8c974cf2cb0b9f26913e445d5a

SHA512
8fca6bdd6356875a5e21d988cc809e6d062c1ee3271293f837968138fc4f302c5457707c4152a62b1ab8469c01c90d4dcde80bdbc210541ef12d151ff6edf1c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
0232201d69d540124d50fe7edcc9c249

SHA1
dad5aee9d296525bdfea3ee4bf26f61680b4c5dd

SHA256
0a0f196691a99d60ec97b391faeb8b8039508c9dcad6654b3315ce84e69dcfbc

SHA512
e9c8c8334a9142398069a4b841d398fb6fb942f4196d7a1ee25f0d2ee2bd40ff4deb30e3dfc83b11bb06e211277fb203faa24f8c5601b394691db13cf545d072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\challenges[1].css

Filesize
6KB

MD5
2c78b7f8fa496092bf41d5edd51611e7

SHA1
8b0b1b276e8194b0a5497db478ec2ea9b4f83c42

SHA256
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

SHA512
53a7750ea46082968c2ec557857ad3975cddb0b45595259f0f3e9fc16360b87c5f257e058489ecaf80e61a97f92f1c5e34fa2f6fcfe922f4ae22392ffd75b4da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\v1[1].js

Filesize
166KB

MD5
317b802cc0f17f3a9fd3b9cabaf19b9b

SHA1
e35164543b7549a89ed7735874069b40c51d9fbe

SHA256
e255255832bea80c2261f97c868582de37b75fc9368bccecd68848cf285d6593

SHA512
0a7c05c0746e187253b25d3b19dbe6b4a7a5cde2a6546841a246b69f2c84e0e0facf107015ec627363143d0f524f4cbfaffae1c7d4714c836d0a4274d599f488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\api[1].js

Filesize
18KB

MD5
47d9ed8b2fddb896e78dbbb2d7e76c90

SHA1
8a69d2673bb54f4491c241a1d7efa686e6e9a817

SHA256
2760f96d3b7629100aee1cb3ec7c47a3b6f0dee1152c339dc91a6fd67cb87887

SHA512
8cddfd4a202ade0db43bad83ae16a5f62589188199caebec9816b191cc4474dc3804b71338b800acec54b002b78cffff1a167ba57a30a9d6fdfc7aaf2465ff6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\v1[3].js

Filesize
167KB

MD5
d8261a2bb15d858e7c1d044c564e2fe4

SHA1
ddc86e6ea04a23726b7f22a5db01438a0395bf6d

SHA256
a2148bd9df8c3281cfe51acffa742727fd3d983f9704ade5e739e1d438d387aa

SHA512
1ab81b2f6cdd6284e52aed9ffa25979cb232aa01bd594bdbf2375e950136026c9562dc58e277b21657cfe708920e48f39cffc6e80ebce9204abb3477d85f594c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\transparent[2].gif

Filesize
42B

MD5
d89746888da2d9510b64a9f031eaecd5

SHA1
d5fceb6532643d0d84ffe09c40c481ecdf59e15a

SHA256
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

SHA512
d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

Download Submit