hxxps://flixhq[.]watch

Analysis

max time kernel
21s
max time network
27s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2023, 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://flixhq.watch

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 20 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{18F12EB3-08EC-11EE-8FFF-42C2EBB090FB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000063e2a90ba744e24e87fadaabf1fdf0eb00000000020000000000106600000001000020000000a1ad1ec44668175e53dc2bd672ad7011be6ea8407dffef10ecf56ec0b338ecf4000000000e800000000200002000000012483b85ec48e7a1faab96248b3c87e0ab2ef64eb5c2b8adb94d37f6322bde4c200000002d3665ffd835dd057fdc5a893b0a0a1f66fb6851e6a78f1b803efa1021c925ca40000000eba6e0bc2b49b6332f7f5ff8dbf946c2d0d2349c1f701236b0fc48b6dbdb928dc4cf6a7d4abaefb735b0b89dc0d42af9fcd475f65b3e928b064e1e23b493adec	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0baf0e2f89cd901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4632	iexplore.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
4632	iexplore.exe
4632	iexplore.exe
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 4656	4632	iexplore.exe	85
PID 4632 wrote to memory of 4656	4632	iexplore.exe	85
PID 4632 wrote to memory of 4656	4632	iexplore.exe	85

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://flixhq.watch
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4632 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4656

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\phzg4yt\imagestore.dat

Filesize
7KB

MD5
dbea3d989cd9b529d2b2b76b28e600a2

SHA1
d61dfca4fabe4313c5c1191f1186dd576eeec28e

SHA256
b92e888f2879596307eb548450ee401642219d8dfa7923598dba5b99d0d07eb7

SHA512
000f0c02df75e7c65afaad1becd6d21838164e8bd50633f96ec85cb30cc0cb82b3881ca3efb33479978afce40734d037649dc9c97e91d5aba977d8901d7d6e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\all.min[1].css

Filesize
99KB

MD5
ded1c367363e8b20bdc6a19b8350a737

SHA1
8c06d82739d14b094ff6d9036021a252bd1d985d

SHA256
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf

SHA512
89e71d2e66ac925ec2564aa45cd43f647fd72e5bd664e2728fb632eed71e9e6a43d72a404a8ce9993fc4d223ed985201e3a66676d01cf5e341bc7d07fd9a6207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\bootstrap.min[1].css

Filesize
137KB

MD5
04aca1f4cd3ec3c05a75a879f3be75a3

SHA1
675fcf28f9fbf37139d3b2c0b676f96f601a4203

SHA256
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

SHA512
890415fa75ed065992dd7883aed98bfbdfd9fa26eec7e62ea30263238adca4eecd6204f37d33a214d9b4f645ad7d9cc407d7d0e93c0e55cf251555a8a05b83ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\bootstrap.min[1].js

Filesize
58KB

MD5
61f338f870fcd0ff46362ef109d28533

SHA1
b3c116c65e6f053aaab45e5619a78ec00271a50f

SHA256
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

SHA512
8c2694d03a7721b303959e9fe9d4844129cead2b2e806e85e988a04569da822ec7a0e2ec845d64c312d3e3ec42651810b1336aa542a3e969963b1b2ef65dd444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\popper.min[1].js

Filesize
20KB

MD5
84415b7368fd6fc764cbe86039ce0626

SHA1
62f238e73348c77eb9e865426a7d1b7de23cbb2d

SHA256
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

SHA512
8423f7a626064813ea9d7ca974ac4a3d23b304717be6853cc10f356ba3a21971c531e2acf7ff0285b81897ba54bf02265c96f4dcde1bb35a350f399ba2479e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\postscribe.min[1].js

Filesize
17KB

MD5
12dd498bf90c536803c2aad708b66c2b

SHA1
5f9363d39a405d1c94328cf2303ff4a05c0ad163

SHA256
c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a

SHA512
ec593a501ebf74c092e564a1aaf0b477d3da6813c9a88f29d0d2a0db8143bdf19718ba4e6b13f64295b077ca5cb9c13460c30f9f2f35982a82597b22f79ffdd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\swiper-bundle.min[1].js

Filesize
140KB

MD5
8bd8f48b3e09e7e11b31f44c54a3767b

SHA1
b79b15912f8e31bcdd1eb4d91a84ec1225ea34ce

SHA256
b08cc9bd79f873cbf3a9468010074bd1c2ede4524d993a1f42edb1778fa3657a

SHA512
c1d50cd01c4cc8c0bf61e9b54560e22225c0eacb17328c72a62855130c4373e7edce719e46ee2cf459b197c3ed869c4e879090d1eaa3ab0d50f12720340d66a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\custom[2].css

Filesize
74KB

MD5
7fe4920cb6f3508c1f569ec00134a1f7

SHA1
ef0dea2d6ae9d13fb2f86dcdb2c0926a127d3c2f

SHA256
ab985007676b57b85a1f381380dfb84ed777a9a4f20b818b4b08c1795b864cc5

SHA512
7a3e90718abc9d6ea15b0a01f98993d77efadd63cfc70dada679ac21889f237c1c14576fe2324d913c51f8630734001451f62de8b7ca43b6406fea1f972fdd35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\favicon[1].png

Filesize
7KB

MD5
e4e22756a1d3d5a92e1f99105485ea31

SHA1
a5884574225ce2c666324fe4b5372075ba26e418

SHA256
31748287a609411880d44ca6a612b7de950304a8ea2f767d6538c5e86a02f15d

SHA512
f67d4b4bd1b87cfd05552d593e5de418cb33a0258b6b69bf5951dfbab0d8974a4e6effdf1e3bd67f86a0f43446912da3267a0b61de14180bf31414af2058707c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\jquery-3.0.0.min[1].js

Filesize
84KB

MD5
d0212568ce69457081dacf84e327fa5c

SHA1
d6702a1af0378b2342f6a0692e77c169f580aed7

SHA256
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d

SHA512
9738a50be24577a615f3ebd044d46d53b0ceaafe526bd124e77957b7f93dd47653269cad1d2d4bea5d6630a47d2ba555a03b782e211769ae9706b624d588464d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\js[1].js

Filesize
254KB

MD5
17d3f874e59facaafa3a4a6b8a3f7c24

SHA1
f52ac46a827ccb684c28a0ffa3755bf498249fda

SHA256
67d4ec9c64852f64e43f898e65e74dd88310f56a9f0b28d8e9b4187caaafb460

SHA512
370d46e35808580f94438344367a3bb9489867cd7253d3cf4ad04edf75bc44318d2e52074879744802a5383ebe553565893ebdf1383891401447ef4ecac04d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\lights[1].js

Filesize
5KB

MD5
3c0668bf818160d6c0d8cf81703f2daa

SHA1
2890f10417ebce711ed58ee8aa5cbc8b5df2f1d3

SHA256
d3ee876cbd3740b000bd768cdf6aa1b3f4a9e40bee461c97f8d01ed90e5304e1

SHA512
63b8e867e679ba6e4c02b5a81605f35dfd98662e4d0389f3edadeebe3cac8e2dc087b7bc5cde4a7638cfa51e1e2ae1183ce411b2296c5c344c5f9c38f88c38dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\custom[1].js

Filesize
13KB

MD5
394055e151abbabd36a6a3214523e7f8

SHA1
7e33957bbc20ada8bbb34c99e74d54b1fa9b4ad1

SHA256
7a582a5fd05ddf9544071d17adf37adde37ecbe50dba89657e96522eb68625ae

SHA512
c31837221470cde1139997d7ac9a8c263daa95e49fd8e4fcae70e44b0be9236e26d8336543f939b32aa9e6a0ffdd18466de027dbf0b5c4a42a729293e6ff1a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\fa-regular-400[1].ttf

Filesize
62KB

MD5
20206738b2bffb741b00200d5d3d6d20

SHA1
67afa6237670ab99125056f2899129f22912dcf3

SHA256
528d022dce6725f8a0811fd91d8e6513445c81ef33353a5c3234eab932551abf

SHA512
3d10af99d69b8e5a7bd63c9c033cd61c9aeffe8f83c903914e2435b8a1f25745053cabca497b1340be58fa6c22b566e411eb2fb3414abdfa09ce16fd49c332c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\fa-solid-900[1].ttf

Filesize
385KB

MD5
e2ceb83946c9e5fc7eab24453a03bffb

SHA1
20bd663830188cbadd2264e1daf9497c3ffc3621

SHA256
67a65763c7f80903d81603bbeb9049fc2bf28508479b83ed011fe24c71fa950a

SHA512
68eb5d3b18294f6fd3a5ef98eb5e79f02ff0ea01f3c99ff4072e357ea01ca7877a075fc721a095339640e37b28e1de207c58d40d545e109bd7d5bc38d03d2435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\jquery.easing.min[1].js

Filesize
4KB

MD5
7ebb5e58e81ee2d8d265decff175442b

SHA1
0fab627aaa968448b90e5855a046895c3969ad09

SHA256
e39cb8bd115a92149fca8f878d44416f879e4af375b4e9f806bc00c6bee7f3ef

SHA512
571785212c8cc85edc8b16a749d3b67c6f94ca6220fb20985aedfe9f51d286f0e3dbdef78974faba7ca82d30422d077ff9caa2956360b1614c8f98c352302fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\sly.min[1].js

Filesize
18KB

MD5
eee5eb11d993113cda826cc7aa1c9131

SHA1
11e621f9e8fc9611d4fa4e72fdca04f256537359

SHA256
f3c73a4da49a7421c24c5264bb9c3fe9a80fd3e58eb9c33ee67ab244b29943f1

SHA512
2727769d92fa11f24c437986921b19dd8f38f8e33e081eb3bfda46ee61cad516f060f04072545582bcc4ede8e362bdb84a34bb71ecacf25df0d14ddb007e89e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\sweetalert[1].css

Filesize
14KB

MD5
8c8a9a2a618582e621499ae884a3d7c4

SHA1
71aa7d1105318554f11033e004888cd1943fcf51

SHA256
ebd7eef3117c94ff9a0244240540d26596cc4940e8d29f703595dca12d40c9c6

SHA512
7b6d00693f053ef5a6c1efbd6c16e0f83b05c110ac541f6a989815a5a3afa67307addbf484e06817b27e712afe0d7028f7a2d544488abfcbf3c928ae626c2ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\sweetalert[1].js

Filesize
16KB

MD5
0068f44b0aa1b83fa7679860ceb26590

SHA1
20d5cdb9d2002442843baab241f2e883563d1de5

SHA256
7a056fc64aba501090c8acd106b0c7bbc9a267914e695ae34aa42a6ae2a094a7

SHA512
ed54e2cbd021a5acc178a40096168b45493e9003006fca1cce58eec891cfb153d6a31fd02170c53a74fd0d4935502f046e71ca45d428c13eec3817bb2c08da8d

Download Submit