17e7c53050f7ea111b2f4d71b553625679eb185e574c3ef92b690927e5258e0b

Analysis

max time kernel
149s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2023 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

100.html
Size

1KB
MD5

2139d60bb5101eecc3404c7fdead1055
SHA1

3d0ef03e8890f8826a39e1ac124c82377034d9fa
SHA256

cd570a0eb442fd3f9745c977b80f5d202d05731906616b2d9a863f08fe6261e4
SHA512

d2beada8787324d19f83c9bd5aec239c828d0643957fd99e908c740560e4b2b9cb4291cd1bb289d841c868bd697453625f351a473fdaf38b416c10a173eb69ed

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31054934"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0322f83b3add901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4061400731"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D85CBDBE-4849-11EE-A3FC-D2D73DF841E5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4062025308"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4061400731"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4062025308"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054934"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31054934"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000b733aff82f4c455705840fe1ec26e8694f664b070638665aa2ba81b9b672a8d0000000000e80000000020000200000001ed5ca045a943f181e4513cc2f8372afe6a51c1aa886db65c2c198d13dba5eb3200000002dfa0fb4dfe0abbe642e614af8de137021c77467f3a4d83ca5bfe5384378da57400000002ea1c27ec6d1901d9106d9e30b3ae400fd5d118cc651d18fcc6609706448298231dd6821d6ac064c4becf8505d2f3453eec74b2139c25e681aaef9134353d58c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "394553282"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0691e83b3add901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f000000000200000000001066000000010000200000004af77607c9bb7e22ca629ce7257e4b3cdbd1b6473e35e6e94f1f4ad5dd4a1c9d000000000e80000000020000200000000469c08582d24b1508d7b3f746dd45c189fbcb26a40c074f2d1dcc38407389f3200000005fc69b2de87ec2ebe3e54a8e7194affbb1309378c72f59aadcbbab525b163d2040000000263833ef4b4ccec2dc13a05d2d3061325a92396067d25648e2eb7040f731914c3718cc65c9f7cc2d8ae56534ddcb2566bb0d9eaca0e96208d3b3cd91c0b0d3a3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054934"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4844	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4844	iexplore.exe
4844	iexplore.exe
5052	IEXPLORE.EXE
5052	IEXPLORE.EXE
5052	IEXPLORE.EXE
5052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 5052	4844	iexplore.exe	79
PID 4844 wrote to memory of 5052	4844	iexplore.exe	79
PID 4844 wrote to memory of 5052	4844	iexplore.exe	79

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\100.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4844 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
24be8a92460b5b7a555b1da559296958

SHA1
94147054e8a04e82fea1c185af30c7c90b194064

SHA256
77a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3

SHA512
ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
c890b903fcec9cf731ff05696767d3b4

SHA1
02173ab9596c44d68deb2376ebdd18681fd35088

SHA256
7af23c976085389fd7e24692412ae2f38b6ce66b5494baf6c05465ac336f0811

SHA512
cb509b719fad2cbe879a19cfc606cef0a6fb5f61c6bd9baf230c8e124fa755225c50ef7d58eb0889a083fc859015f469a92f09c0bd9eaa5ceab3e8fca85bf01a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
342B

MD5
87f0304813f2e551454db69f398ebf87

SHA1
fcd7985018b6acf6733517a68f2527f0ad5906de

SHA256
a07abab1e8fbd2f698f1dae68c489a8d8d74323728a60d2223ab7d49adc6e95d

SHA512
ec5225a1cdc1f6bb2cc0295fe00e354536267f19ecbad61c15dc6afcfc4d30e1ab2bd7c5909cb4c82167b6bbb62c013e507dd821ef0fcbff92b9b0e0deb37afe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
4922146e1fab860096bbbebd0b288fc8

SHA1
1089b93abfa3301814de8bbb29dc62c6c1d73f88

SHA256
0d841664038c8043f3e23738c5f874ded67f0ff1cb06572b960539fbbcfd25fd

SHA512
1b3cd473e41f9b97bd685a45ff1159f7b8ee86dc06d5dc929a80d08469534b03e6b48f697d984068ceec68695abe3936ceac445ceebfab6b91ce8b6bec7a9c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verB731.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit