77c36c047f25f1825bbc3d324da5a729a8305621c7b9dc3d2b028172866b454d

Analysis

max time kernel
31s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

-ho6dhd10.html
Size

5KB
MD5

048cd0a42ae2c9af1ce24e791f82e32a
SHA1

efb480844a6b0303d9502a98605981b2d8c2bd53
SHA256

77c36c047f25f1825bbc3d324da5a729a8305621c7b9dc3d2b028172866b454d
SHA512

fd59be4d0412b561d3d97441daf235a45d71110c93b409f6198b85bbce64e01aca31ba9376588e2c89034bfdabb826f0ca43b67de8b4c1a4db0117232df05405
SSDEEP

96:z2fduncqENYWp6+hlpTEkViXXKdpVH7/RkZp4:iQg5TTEksqdpl2Z6

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "115"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000eee38893c773afb83a12c08d2262674b25e2ad9ba9f3795930f678ef0f958f0a000000000e8000000002000020000000fcc95e765ac8b1fa314567117bd0a1cae00c8c7ae9e793a6073f14897363d43a20000000920abe5f55ffa86080c42c959dedf4a5490a138f7f86cd80d116f32c43312ad0400000007259efd9fee196130ff398dc8bb87c138d8012cf45a41faaf3d949af363dc3474f00feb687ea63ecc84f478a9868d50b2c201d4aa229f3725a57204a8842da57	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31061555"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1249"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "10398"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\instantrickroll.com\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\instantrickroll.com\Total = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "10398"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1235"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "954521113"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "1217"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\instantrickroll.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1217"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "197"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31061555"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "10398"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "1217"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6450CA75-6226-11EE-9784-DA422A6BCB39} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\instantrickroll.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "954521113"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DOMStorage\instantrickroll.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "197"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027552071-446050021-1254071215-1000\{A289A636-9057-4C11-BA40-8505A0F2948D}	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4572	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4128	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4128	iexplore.exe
4128	iexplore.exe
4572	IEXPLORE.EXE
4572	IEXPLORE.EXE
4572	IEXPLORE.EXE
4572	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 4572	4128	iexplore.exe	82
PID 4128 wrote to memory of 4572	4128	iexplore.exe	82
PID 4128 wrote to memory of 4572	4128	iexplore.exe	82

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\-ho6dhd10.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4128 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DUGEXQ9Y\www.youtube-nocookie[1].xml

Filesize
1KB

MD5
3431144e9877a799d36bfba10667583b

SHA1
17e3835d270f22af9ccefab285a45cc31bd9c472

SHA256
2746f6331ca4e3f8fce329de789d6418ba7cee47672a5154241b9b6253607e48

SHA512
88b4f19247e9316a30e6a6da6e18eb6565f97bfc5b6e53c0c3aeaa15013e573573e27421b3b55d4c62f9620702ab9eebe84097609a83015948fee2d0f51ce866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DUGEXQ9Y\www.youtube-nocookie[1].xml

Filesize
1KB

MD5
50d5efe03c3a0133e2502658b12a6767

SHA1
b9f6ce47d404f7e8e3bb2f98e9645ae0cfcda309

SHA256
7d3b2cb01fc534c852d9c97669aaf0b09bbd1d0189cd80e952b24535bc0a5890

SHA512
af7fcbc0b0feb1c098fac22f86e75b8520bdfb33d3387113fe5069472803c7d18b8c7da421c7afe74693f64629ba5d22de2f9fe29f21ca3af4ace56825f36725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DUGEXQ9Y\www.youtube-nocookie[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DUGEXQ9Y\www.youtube-nocookie[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DUGEXQ9Y\www.youtube-nocookie[1].xml

Filesize
15KB

MD5
d3548159961e521bbb7762f5aa9bc6c0

SHA1
de4fb0cf7766a1324b30e9c17a28ed8a10a6b3cb

SHA256
9940b680bc5540107682fe486c9c2382bbe4e8264435222b6e86c9041e84af7b

SHA512
be07a7cd66f6d464108b885ea82520bc0847152a957007919139dc4e25d1d212998e8e4bd1479df94d9251d14e2ea041b17abaf828fcf7b43f8a092dd5f502b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DUGEXQ9Y\www.youtube-nocookie[1].xml

Filesize
575B

MD5
8067ddc39a6c3586d9148b02664857b6

SHA1
6b953f5c50b4d4404b9d7afd94ef7cde0c23ba0c

SHA256
8846bb4450eb820d9e5734f6d2f534f1c5df408303d3c54b302061504837ae73

SHA512
80100f48622490c94a35005d45aa41719aa5caa95d22acad7254b616766cd88ebae5a5767ebd02dba2189b257861375d7fe8d95b9fe36cea44158020329fa4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBSMWSRL\script.outbound-links[1].js

Filesize
2KB

MD5
e7fc46925fc6fb0d950966bb2b46ab49

SHA1
5f554ad227e83e421e5408ea3388c2cf559c7305

SHA256
48c4ab7d72987fc9b4eaf82611cafbb403730ae0a4334375bbccd2b229509d08

SHA512
8cf0ef66a0a4f9141229cd980deb2ec9ce84254f33ae29e63e44af56bfb52dc46a83a9457b98d0ece942ce8ae4d6754cce64edbcff602317c894ba42aa8359c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QHTO49S3\js[1].js

Filesize
258KB

MD5
801acb2399290a87a585147d5ef4ac99

SHA1
3f3222cebbc980795cea91bd1fbbd9fd0ecbd092

SHA256
fab60f876d3dec931ea2fd01d37d938a18c1bbca0eaac53ed2cfbc446ce37f26

SHA512
4a2a81542a29bb7c37e466d3294e18e993fc58603dcab7cff3d6a9c8f0b6ac572df9bebfd11342dfe7f2a17bcc7afe1edb38b8894ed2fe2c20a6b53b910dcb35

Download Submit