Analysis
-
max time kernel
68s -
max time network
75s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
11-07-2023 00:39
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shorturl.asia/UtWSA/#[email protected]
Resource
win10v2004-20230703-en
General
-
Target
https://shorturl.asia/UtWSA/#[email protected]
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000dc71af06d735f42709da4627c2eaefbc9ced1d70db78c46a3c669781d977b068000000000e80000000020000200000005c0a0d2a63135ecfc9e2dfe0f71e85880e07d1a25bcb5eabe3df7bd9796630a72000000024240b0376b6b227989a7fd12cca4714708854bb3561a04823d0c85de18ac0944000000098d61a58d610366493e3fbdba90ab73e97fb74098c6e6226bd7b7496c1102b376774897fd5f9b546fcba4b5c6e69fc730eed91e84e66cb72afe7597d669af67c iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\NumberOfSubdomains = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{63BA1F95-1F83-11EE-A3FC-EA31DB5664A1} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DOMStorage\domain.sg IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "32" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.domain.sg\ = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.domain.sg IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00aec2d2b5add901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000d6187aece40d0ca976691756026914a645c715e463593c057030f72126d996c5000000000e800000000200002000000029fcf1a15bbe303dbfab04c335d548963dae95f8f652d9fde28701f556c8e08720000000aa0988e7fa327252d35924b187a25c651cc839b79359a154faedb40f58a24822400000006051b94c118f2d7eefbee76260aecb98e9645e4132461759427e2a1e06d4b55db6973171708089f3e1973156189e9daf14286a1fedddc3d8626945d53bcab8a5 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08b5bc4b5add901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.domain.sg\ = "32" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395157356" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00746c4b5add901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "32" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f000000000200000000001066000000010000200000000554ccc5d08365201a5ae15fd5b47317adf44de1249fb9badf7ef59225bf723a000000000e80000000020000200000009900ec1df230cf392212976cc445308a35ac3f9d456edd22bcc55522ea89e4fc20000000cd2c66e6e898b732aabae2589c1acd6254dbf2432b114eddc6db222b62cc5e1340000000a49e7738330004366235efa8e1a9cfd04677e99f2e1ea079ab6598dce4534e3b24d2ba3d6d92feffa69a7845ad4c37bd783af236a5ea84a671091d213bbead30 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 632 iexplore.exe -
Suspicious use of SetWindowsHookEx 14 IoCs
pid Process 632 iexplore.exe 632 iexplore.exe 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE 4500 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 632 wrote to memory of 4500 632 iexplore.exe 86 PID 632 wrote to memory of 4500 632 iexplore.exe 86 PID 632 wrote to memory of 4500 632 iexplore.exe 86
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://shorturl.asia/UtWSA/#[email protected]1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:632 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4500
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
955B
MD54c94201b930023f1c688a69910f48ca7
SHA1c4ab858929b24365488a0c5ebecbec18f4184d16
SHA256a167f8d8fad7dc0919a369d12a6374ac11745c923feb5cd0404492f42bfcc258
SHA512a0cb1c0edf7d979b7c1b5d0cd7e0ac5fbb946bdc9109652ffb7dcf18dc6cc699ec6c1e44cd3e546dec0f5275c7869911394b5a055ad32173553541695acb786f
-
Filesize
5KB
MD5e52f124b5dc258bbd588785d6238ef71
SHA16128becc95530348a85ba62c64f3977e892e8da8
SHA2569aa15b4eefb202ebd3af6156f359cd7bf74f5ee7cdd336c18270af9233604a40
SHA5125a1046652267c9f6489f4dee36bc485ba8ccb94305b71c7c17b1fddf809dfc7aa68d3973aa4ebaa6c80d8d3f024f87bc688a6acf645ebaa619d7e383fbd30ed6
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
4KB
MD500ca0e6805048e5ea2b54c92278e241c
SHA13c52bbded14d9964c2a2bc6d9e338048a5036ccd
SHA2569af0d4aa13acfe1a06f9122a56718b7c7f35a4463d4b3a6450201e8a46547980
SHA512524c82638c32b34782a2a15c852e78d3d7d40180bbdc66a946bc32cc8f7b8ddc16d0ef5ad4e3471f74db9833bb468cebfce5e6949473b3bae45f79ced8b61da5
-
Filesize
783B
MD52b211699e540f9966c9607c0cf9610dd
SHA150d05731149e616eb4df5cf93d2a92609af9c019
SHA2568302965543614a1f45aca4bea921c737531578a7508fdfd32a1e20087b090bef
SHA512f157f87dfb87d1159117e000b0b17e8fbd0c20fe98bba81416fb2c531056a1a34e3efa872b2856dcf7fff2aeb02d575aed18de0b8700f4d12b956e49857d4128
-
Filesize
38KB
MD5734ccd20a8a561473b318ec318a493df
SHA188dbcedba13cf94243487beed80f88cb1de33359
SHA256adbd08ebbb6f155c27347ad474c97513c2da084bfc0649ce662750de30adb584
SHA512118e2ea4150ed9fed739eab65fa43ebea6a1d0748380c8b9331ecd5ddb4404dfd9ea45614ae24fced551692bbff5b0832ec0902035529f68268df4dd6027878d
-
Filesize
8KB
MD5bb81ccc45e940f9272c2119fb2763c3a
SHA11f932862b8fa91b64eb49c22f1ed0db4304542cc
SHA256f286c0cb12aaf6efcfc2392df2bdb0d805358c5cd29635a12874af88e79e78de
SHA5129550e08a8bd02a082bcd9fe3dc517ff5662dfa674bc0384f124ba768283a65adfec262fd5f74a38ae99bfd300011a3e582a7ce41f0ace04b15cf297e33691b1b