392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

YTPlayerView-iframe-player.html
Size

2KB
MD5

20d599077968a461fa3213f01702f679
SHA1

da773a359a6255187c6dff5dddad0ecda7153347
SHA256

f29b93839eb1a6d2384d717b071b93f418f1612d3a55aa60df681b2839896154
SHA512

476ddf393afa973e7146d8dc9f3f83a51187695e1dd7015c65605c713f02990592aefba82e73137a3067c9f3c583209fd57bf6674c7923459ae012700966270b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2357787373"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204977"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B7E9CA45-3560-11EE-B651-CA9BD619D26F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "10023"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10023"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a060ce916dc9d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c4600000000020000000000106600000001000020000000b08fa83ef998137168012f9ff166fc7a6004b9301eabdc579da8e65bd01a1ab2000000000e8000000002000020000000f3d4f9b69c6c48435f90a35011913949cd524cca49614338d2017a01ba1f7a5b200000001918d6d2bf97e9f2dc26cd253088dbdeb4a09eb2a1ec3a9b416136b27d4bdbb440000000ea83dab99d2ba018e9035997e337125b6d23f3c8471d9c1c848d88558f7b61f32161896b41ec21935c2df5730c1a1705a54ade431e577b7e1f92f35f0ef3b12a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2357787373"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10023"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2370445272"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c46000000000200000000001066000000010000200000001f90e6aac591d209225a7778c58d0dd891c0dfa7bca4336820e44eeeda4a876f000000000e800000000200002000000001bceb1fffc1a38916f2dadf31f75eea29dc1a5904e4919880ec4f588ade4efb200000007c03465968b12c5eabc583220667cd09af2d9e5928456b18428ee6e9fdc4e0f3400000009bce7d84d00433c911ed3fab65f4c10fdb0c10ee24ac0be0db6dc7aed4f1045fae3589e03e06e6a0af636fc1323f5091eb5989373d6979c003f1aa7994e94322	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8047da916dc9d901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Modifies registry class 1 IoCs

Processes:

IEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{736EB1C5-8E41-40EA-A085-2A13A39ECC58}	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

4492 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

4492 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

4492 iexplore.exe
4492 iexplore.exe
3584 IEXPLORE.EXE
3584 IEXPLORE.EXE
3584 IEXPLORE.EXE
3584 IEXPLORE.EXE

pid	process
4492	iexplore.exe

pid	process
4492	iexplore.exe

pid	process
4492	iexplore.exe
4492	iexplore.exe
3584	IEXPLORE.EXE
3584	IEXPLORE.EXE
3584	IEXPLORE.EXE
3584	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 4492 wrote to memory of 3584	4492	iexplore.exe	IEXPLORE.EXE
PID 4492 wrote to memory of 3584	4492	iexplore.exe	IEXPLORE.EXE
PID 4492 wrote to memory of 3584	4492	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\YTPlayerView-iframe-player.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4492 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
2e36f3cef7a2ffe20695635dfa71228f

SHA1
0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f

SHA256
d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6

SHA512
418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
adb480d5b514ded0f564ea11a50b6394

SHA1
7bb1c212267b243fa1c3e8fe6d4f85f5cee02dfc

SHA256
0412658328d7e5c54fb4bf364f8d9fa109c60ae828122d6f4d29ec6379d11f0e

SHA512
34aebd235cb83340b2098f99c5daa97a877e1b95c8f578dfabd8b749a7b69498b4c5f16c35f45071c4f08964503c65a18c3c06508aa9a7556d2250ec0ad9c255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml

Filesize
15KB

MD5
a8756d1cb2e8cd97161924bc5a185cb8

SHA1
c3b2db99128133e85ffda8d25a1998b49b305872

SHA256
adebfc8075131a0cd55afa7fd8d36f562a050a105c1c1a5018e59f45a67f5a7b

SHA512
fc2e8e82dc695af27e2dfeacd92b30eecc1a4dd8aaa1958709a9644879814883258f658b343f5e23f850d333a168d7e9d1399d844ac314429ac1d5ce3196d716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml

Filesize
578B

MD5
2c902d228ccc45b7eb71ef7cd1015dd3

SHA1
9c2192f27f61f6a9dd63a33874c89233397298a3

SHA256
8378122ce8f0168cc9ed5f28b7233100b599d709ac8b612b815bd8cebf8229d6

SHA512
8a1eb12257a11f342c5e68c3cbb3bdf16a852d35f05876e13c66c998ec8b2c66ccbd339b23bb65bf179185b9902d347cda0938ae2fbc37c61bd4c38f0d6dcc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TTAFXRHP\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit