1b95947ffd4c0f091e956c4a2d8211e07390784779da2af9a48c6f8b647fa56d

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

17KB
MD5

c494ec48e89c6356348ab288e710d55d
SHA1

0562acb6b156bc22ab366dbf0e6b3164c6a24867
SHA256

cfb9524d4eb426f26354bd9a07ed4471f000a5b496beff3157c8226653f4473f
SHA512

a68f6005db9a704721dd08f2fbc858218a86f2fa90b1b46131fb94a864903e55c14bec7844215e9d68a99c5f9c870e11d6a92e081c0970f5dc6e0dbb41b60d1a
SSDEEP

192:FzifcYu6vOLBiifEzg4BZPcNipvyg6vyoQp5xIoW41vBbSw4NruvGvkoi+f:Yv5vWYpZW6vBKuvgf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 49 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000b0c66b54a56fbdc73f4027b60119fbdd679ddad08272081ff1d3120021d44890000000000e8000000002000020000000e584d51ccbac73a729b18ab705615e3ef78599b260d26a7333355cd130290879200000004b31a1f84d14620cdc4bc9643931162ed4a273d4a01d057b0e2d1023e3dd368d4000000028b452d9e8791ca3571a265210c1d98639eb4f7f41ab07865ec9aaf937d040b6b0b31470868b400395147eff048da948e34338d48cf461200ef8f990ea85fa20	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "415254819"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000d0731ab517c8690f1cb69e9bd9f33258766f4e333ad93d4aff3c1f5319e4607b000000000e8000000002000020000000de564b3f75caabdc5d1242dde0a7cf3543fd29e11138fcef3d675cea1e0e53c3200000000969da6e4238de694be10bc3aa500f2a0cf7e6e243ab6e9287f1e7958265d86b40000000c5fd821e6379c1b06c61a6ed64cc3e534c731ee6d122df0ee060340a3435fda9fa7b47ce30a12031781a88629e9ca8751b68b65b1466dd301788e4d33839c761	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10b3961910bad901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "396515571"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{439F2339-2603-11EE-B699-42E031024C9A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31046160"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31046160"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31046160"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1060352810bad901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "405409536"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "405409536"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5056811910bad901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a80000000002000000000010660000000100002000000088c6dee7b4ad33f144043262c169e33c37f5285be761e203e90c4a24aa66c0e6000000000e80000000020000200000007c568e52941c260e846a34a7cb53c51fe2c4def146051e09a5579ef388dcdf3b2000000071b84b6eed5edf3bfc7e735a106f858b3040dcab652cf1ba3598a4ff929ffa6b400000004d8699071636bd8c1c82be7cc020aff1793d2a44f31eaa8962956ad2a6e2e6cf557b4392f268fec2a2d989e19c3c9816b91bc35780840ccc566d26d20639f599	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1120	iexplore.exe
1120	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1120	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1120	iexplore.exe
1120	iexplore.exe
1832	IEXPLORE.EXE
1832	IEXPLORE.EXE
1832	IEXPLORE.EXE
1832	IEXPLORE.EXE
1832	IEXPLORE.EXE
1832	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 1832	1120	iexplore.exe	85
PID 1120 wrote to memory of 1832	1120	iexplore.exe	85
PID 1120 wrote to memory of 1832	1120	iexplore.exe	85
PID 1120 wrote to memory of 3524	1120	iexplore.exe	101
PID 1120 wrote to memory of 3524	1120	iexplore.exe	101
PID 1120 wrote to memory of 3524	1120	iexplore.exe	101

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1120 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1120 CREDAT:17414 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3524

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
60fe01df86be2e5331b0cdbe86165686

SHA1
2a79f9713c3f192862ff80508062e64e8e0b29bd

SHA256
c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

SHA512
ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82287E58F13F4D2947B5C55D42C12231

Filesize
503B

MD5
bd2a7641de6d979ecf1cf615d396fbc9

SHA1
210aa34f44de3ba3c85bfb3ca3ca4ce540354356

SHA256
84edb9d31ce958fe0d5e4e40d9e29bc8d2ff5b8c3b40289ad4fab987b67a600d

SHA512
cf9bfedea85e289aba6662fe8e55917b2c263cde7d737f441cfaa969230c2881824c3082c30ae9f94aa503177b1fb9829c8c6beeed3b82454214b59d97b9bdc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
913cc8d3b5510d65c079bd92c0d17980

SHA1
4a8e588805e1ee5189f46de78cdbcbf0ac145992

SHA256
35a2c8ceca960f395adab26423ab9a8b19371ada82d091bafc93c71d314a2151

SHA512
f61f46b007852ae64ec0fb913eafec885ba109e34a328a5aea33e768b58590117f4162ff26101f2a4481a3a3c4472b0f7a13c90c1fa5151a0a968fab2f0f88d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82287E58F13F4D2947B5C55D42C12231

Filesize
548B

MD5
94e5bc89ff6e3663f5cdc88caa17e3a9

SHA1
d5947fc07dc4d6589b88f224dd1a5d8ca7c2811b

SHA256
664e83caa6cdb19183d7f3ae70e591474a590a7d542fc124f3cb72cebfcd4c86

SHA512
33a1457b8e501511a9dd5adaabd9bb6af49f65e9d2a5c35f95ee16f0f6ab2a6c7ec0e97b5c543f5a47ad49317a7fb5590746cd3094a0b98cb96b100ccbbf5662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7T5CRMPS\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit