cfa6e0155ea5a40fbfa3f02ce02eb01ddf10b38044bcd99662c1f1d8dac61153

Analysis

max time kernel
138s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2023 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

classroom.html
Size

517B
MD5

ff28760867f416f792f570022ac87974
SHA1

01b2dd0349eb737ea3d43be36e0f610ddb7eb70a
SHA256

cc055d1486aa3f323ee3a22ee16e343619b98e538b5cf7ff960bc53e0deb72e0
SHA512

829f8cd106f8532cc7c5a477d68c9aeb440af3937ced4d82d49289fce786f64233dbff9d722f8d47d5b8eb0714e49832f53053041ec3e27345ff1ac345fcd0c3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062332"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2252060976"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f00000000020000000000106600000001000020000000de4fd4f38d8bdf79a5b78cebe054f2b97677e4747194c485477a5eb487e1ee2b000000000e800000000200002000000014176d3e6280b4187ac8051e03e68fc03cf23ffbcd7fafe9c0f736a8f976927a200000003615f90f6064eb1ac6190542b79237df83f269fc66365a2ae240d9f2a94376d6400000001da7d3b4fefb35dc6a63fdb13fb500d61d494246b922eab685ea2523802be674599bf92ac8e231b2ce0f90178585117f6fc42d92278108a07a0de37949518556	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f00000000020000000000106600000001000020000000f52cb89bd1bb717a9d32e1b08c01787c66d3085d072f692a4aa4371ec4e10a6c000000000e80000000020000200000007030c1c7051b59e23a6997924dc01dd7f5b09f44ea5173a4ff775226130c3e352000000069240b92fa31c11165509e1f015d774dbeb8015b0ae0e58aafa38f06bf46ae67400000006e164d3e6d306b9e40cc8d93d6556ce0f02827d3fa8ba02056e0b07a5aaf5eefe6b931f0453c89a8bbc9d533d38d10bdc5c87c49b3beb031abeb257806e75af0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{AEF2D211-652F-11EE-9D98-56CCDC1D69F6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60c6f4873cf9d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2238624476"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 403cfe873cf9d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403461575"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2238624476"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062332"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31062332"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5100	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5100	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5100	iexplore.exe
5100	iexplore.exe
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 2268	5100	iexplore.exe	84
PID 5100 wrote to memory of 2268	5100	iexplore.exe	84
PID 5100 wrote to memory of 2268	5100	iexplore.exe	84

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\classroom.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5100 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
da61e8f8577c9e3bb060a9e3221725bb

SHA1
241b8c2f8bd7ccf2eae4dd69be631c87523c2228

SHA256
d45aabee5d430413bf1327defd1343b9473fb2b400087572165af6d63bc23580

SHA512
3554a737c573c68a9abdc5794ad297acb9d399537f813ad87da975d2ae86e4ce51b806453b6fcbbbcc927ead952c990b476f373c241c94c571ef20dc17d1449a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
f285afd7c720e8c05b07ee95290c247c

SHA1
33fbb97b50dc01d0e5140012b124ce2ce80326e5

SHA256
ee17112008d8cea8bb597e4962eefbb2cdb600227b8c19e8327b274279aa6bd0

SHA512
83945d4009d28e9686045541b793a62a8c8bdc93a28ac8aa6d2354153420a9f4b0372b3aec4d4a9a91454497070fd17b9f3af53d693a7c0ce4c523c90f0ce309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\19QTJWOB\cb=gapi[1].js

Filesize
64KB

MD5
d8f7db9247244c51bf840de37db47dbe

SHA1
242635c0501ed48e4560201e82b0177058b8e4d8

SHA256
07a3a3613cee2564580705ee973949da575fb7c68e213c47afa5574fd02ed573

SHA512
a864591e84c9e77195ac64ec488ee51cedf4f40b3d188e4d6a14880cde62c99597e30f579697e9a0d15b5856b7d7ce5a9c249ef354aea8aa16a4909760aa2b36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FXXN8G02\rpc_shindig_random[1].js

Filesize
17KB

MD5
485cb0eecd71f0ea61a51c4e28748d1e

SHA1
d16a22aee31487496a2859d1f3d469e3c7bbe9a2

SHA256
408103c7206ee65957a241be6482e6c41ced6026d58ceb6be57b67d655af8409

SHA512
e60b097db9e047d89eddc0687d147229bb64ebded2a2b56636491f6e90864675d9ae9258819263771482acf7acdc3bdf9628efdd714c76f467330bf8ece076cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YF4PBZEL\478691279-postmessagerelay[1].js

Filesize
12KB

MD5
92169c8a0fbf6e404267d0705cdbdf42

SHA1
a5cd88b74ca5ced239cdbfb458fe25540d671f46

SHA256
dba668b49a111527aac8f616b9053ea57c944e01a84ebdcd02a13da921223384

SHA512
8c5d35ea512fa7be367cd9a9ded2f23822dcce730e5502a355ed0d48949ef763eab13be0d50a66de6b0f8419d6a002c12c4ddbf20d97f5393ba922e48a4f02e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YF4PBZEL\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit