f58cc7e5d1844295202768bcff0a4174f5c1225efe5e9dead56c39b6b084b8af

Analysis

max time kernel
140s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2023, 08:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

home.html
Size

138KB
MD5

17b7b390819e7648e920040e48a1525a
SHA1

5fb723823f0d81bf8eb57542e03ee521eab198ef
SHA256

f58cc7e5d1844295202768bcff0a4174f5c1225efe5e9dead56c39b6b084b8af
SHA512

491af4ad3143e771e35b99c033fa389fbb6a2ac3a356f76b94b031c1fd88d6f96d6e35925a398cade6679216a6256911d22eb45ff5152a0402d2dd54ac1c4071
SSDEEP

3072:WaNDND9DIWDv0V4huO4he74hTo+7trfa1leL7n:h4V4huO4he74hTM3Sn

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a38821470000000002000000000010660000000100002000000059f26b65669b8d7c9df339d405c67b255ed63c842e7586225b27f08961764fc0000000000e800000000200002000000099c664cfa247d9f8d6829e68f7842189af554911c4ddfa4018b8f2779125a3ed200000006b3da29fefc332fb6e84b76d2a5b40dcc9b23c2ea78f9d927e32fdb9d1e3586240000000cc081ccbaae0208ebb32eb69978cf63e1aa77dd2fb5688567cb9a642af7b4f26e461f4f1cc7fc485bfde4ecac1f1b79bdf8b30636ad2b0055caea25b42fd2312	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{AC97513B-22EC-11EE-A61E-F6B35234CE3D} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90716a8ff9b6d901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2165496708"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c9788ff9b6d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000677d103b0c7eba3b604d5b41b41c0d3be827f74a1184fd30964747d60397e814000000000e8000000002000020000000d0e72dd4ba477557f33e0008e256eca8b32baca025f62da4839b7f6178c16e8b200000002121cb473bcfc11952fc3aff6a7dd81c8805cd40eedc107cc7ac79cc43c9128840000000fce7faa529bb48ec98a50dfbd136191b243707641757a3e9a562a47c1b8566fa5a261e583bc8bd8296ad3253e820e7032781b643dafae753009d77ee0836edbb	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2165496708"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31045369"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31045369"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31045369"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2174715825"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "396176015"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{092C3A98-E93E-47E0-A53C-D7C2925EDBD6}	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
964	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
964	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
964	iexplore.exe
964	iexplore.exe
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 3524	964	iexplore.exe	84
PID 964 wrote to memory of 3524	964	iexplore.exe	84
PID 964 wrote to memory of 3524	964	iexplore.exe	84

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:964
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:964 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3524

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
7ec5a17f59ba198477742fc2faff5cb2

SHA1
4a4562acbded4e19af6284fb7f41fe69e468005a

SHA256
3ae4db458a05ec44221d226746ff77acf3dbfb2f0b27f79810fdc2da8900404f

SHA512
9e1c38b9f5adf34c7cb88b39cfbf972a759effbb0d466ab158ef5f3ba91deca7546fce11ef8851be932ead6c684f12da2b3789930c5216719b5bc57cc1de8c62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
c114a09cafe37e1d9ca9dd5a39196117

SHA1
a69139e87c2f1f2a4067aa77021da37235c50664

SHA256
088da7c8b7f4efa9d00cf7b2e10431e85e6c066fdd1469421ea8e55ef825b4fe

SHA512
eaea3b0f54768c34324bec090fd57ced69c2e378341b6c204595d5dfd5f50d19e0c73f0b4538fdf661a2afcbcc6bf080f8a36ee2b21e98d1eb6c9c05103bf643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NKPTYI9X\SBBWeb-Roman[1].woff

Filesize
18KB

MD5
8fea79fc6774090a2ce4cad5c6506af9

SHA1
e7a1e72d232f005639a254c36174e0d38489d5be

SHA256
7219ddf84e03613a98e58c50767ff2371cb5bcfee5c4769e1e8bfc843e350d9c

SHA512
bfccb9d56c29e9f51547b99f958cfc6385782e75cff6094d53fc113db0a9032c431a4bcec611156098e1e9e34a010b8fabdcb0830308b6880e3713c192e4cc03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NKPTYI9X\SBBWeb-Thin[1].woff

Filesize
18KB

MD5
fb0bcbe0ff11f9f8ec287f1d7bde15a9

SHA1
61efd27392d8195d98b508f3e7e0919af1ef16e3

SHA256
94f65b96797f7e24156d894b4aa5e9de7430843c92510ecdf19894cc703a6c27

SHA512
b1b68c9e44757e4ff0a0d55478f11028377fd82bd8c73bffcc3e01ca41c5b26385bd1bc5e74bbaee9b50c6d8a84d1094500b7a843dee0008045da5663d89368f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NKPTYI9X\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SUUB7YB2\SBBWeb-Light[1].woff

Filesize
18KB

MD5
d32542bb1d95e5d55cd24d6f3d042b5e

SHA1
341b9547ef432236b7c560142b365d85937863c6

SHA256
9bdf00f749af3b92a65178975ebf27dfebe2aa3429efacdffc5ef847e28a5990

SHA512
6c685774681f79876b723cbea75aeec4abfd8da5fa719d21a2fd7db9208d986b98f4fa50472e559196fe589daa64e7f3e38c2b15deb599662e8f0c2b7ca95241

Download Submit