15117f020539043ad3a0326db72b40a965541ec913d5acc91b1e48c2a2c39a64

Analysis

max time kernel
130s
max time network
295s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
24/12/2023, 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15117f020539043ad3a0326db72b40a965541ec913d5acc91b1e48c2a2c39a64.html
Size

395KB
MD5

03ad69897c4c2b8e07903c1460fcd20c
SHA1

2fce7ac0a7783300003f904bdbbd949960bcde1f
SHA256

15117f020539043ad3a0326db72b40a965541ec913d5acc91b1e48c2a2c39a64
SHA512

831fd7169465a927cc28147b0c7fbc0deccfc40f748bbee27653c9055d119a51a66f70816eed3a7638e74d67434a6c5fa306fe384e1c2923b249d7ebbc4d485a
SSDEEP

6144:Nn1TgcXpwXnkZi7Gyhkyr5hWxoOOQG5cxr+D:V1TgcXpwXnkZi7Gyhkyr5hWxoOOQG0+D

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 59 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000021097fc79ccb0e46b7acd080b74ee93e00000000020000000000106600000001000020000000d76bb37f83c0cf18c2e6382674f68fc946ebc241fa7c3c2a3b711321d681db16000000000e80000000020000200000008997ff51086f5837f42ed9f9719438cdadeec7051b3ab4609946d0d5ae00c5f9200000005e40c2e9678e1586c1c2996ff30227c1a04cb96445ff3bd8aa2e1dcce4517505400000003149ec62a8e33f7283fb989138c94a24bf218f19925efca34cc59a2bcb017bb71356d6e774cff7cbf36b42d639fcea54f6913710f58dfc8f731ae6a16e6f281c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000021097fc79ccb0e46b7acd080b74ee93e00000000020000000000106600000001000020000000327dfd211aec82fa64cfeec9970fd2a160e4ffad3fd7e1913ee9abfec946014e000000000e8000000002000020000000f19d413638a0ffffd327f11ef660dfa8c3d48974f1f074b87f1ede62b4424a722000000044bdf10f326d4a18a50a9a8deff54f8679b40aad4fe3f4949ab569c7e79de282400000006fed5178985df2c3aa5eb18a1aee74867d8a84added9db049b9c622f1a294ac2c9b89f1fe8c6262b95977b8a80e15c8b8ea6197f5d936fad83b469f675e4e0e6	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "410269947"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88FAB445-A2AA-11EE-945A-4E2C1743BD6E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1576873802"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1586248546"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078071"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "410237958"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1586248546"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410221359"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078071"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078071"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1576873802"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10d9885fb736da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 104a8b5fb736da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078071"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4104	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4104	iexplore.exe
4104	iexplore.exe
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 2536	4104	iexplore.exe	15
PID 4104 wrote to memory of 2536	4104	iexplore.exe	15
PID 4104 wrote to memory of 2536	4104	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\15117f020539043ad3a0326db72b40a965541ec913d5acc91b1e48c2a2c39a64.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4104 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verFD4C.tmp

Filesize
1KB

MD5
eb67baf06a1d94f22035da0b59a13d1d

SHA1
68948612d15d7eea6fbdb80371d9c7f78ff9b189

SHA256
428769b8aa88bd8024d80218948cd9af21332cc919bced628a7d8261aaffd800

SHA512
cc0f8e6fc3bb6765993e1074b4e34e8de49acb9c771635c02f3471249eaddd6c5a549cf492ebddf1af2e90d82cdb3f7a603fc0443334b9d4131ca78c50a085a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4KQ1REI0\docs.43d06ff5[1].css

Filesize
422B

MD5
cfecb8ef6e9c75e4a39397dd3bec8438

SHA1
d6be820385c161cad93de0b73d37528dd1c960dc

SHA256
b81eb89bd6746d7dd93586ea983ac075bd6d7e2dde632a7c722d5f9eb5301233

SHA512
a726490a3765408166e183c62c0eff587478a94ea00ff72bc959ff9ed37a1cbdb5d0f7fae53b7c894e3e402cbc889cdd1f4b07aa5b4c9c8320922d7ec07d6f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HA7Z9KWY\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\S3DL7PPS.cookie

Filesize
541B

MD5
3272859769b62d2cfc3a7439f36cc18d

SHA1
2f40c112d0b7b54774585369bf784d86ace8fbe2

SHA256
ef78863948e9dba80aadba0dc67a64e09080413aad77ce413e6a57744715a9fb

SHA512
948ed65107a4952aee27cd3c02c508df788010f37c008549e9d1f847b4c1b8123097fcad2cd20ef5c5e698a8c453eb53a14d8c7f73676a2af13da227c53d3a71

Download Submit