e71174859ef25766a41db7a4dba67b6b63ab017f95887e09e22c6bfc6e32ab92

Analysis

max time kernel
119s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05964b4f10f9c5e5000b6ee5a1cb26d2.html
Size

10KB
MD5

05964b4f10f9c5e5000b6ee5a1cb26d2
SHA1

21a1adf70dc2045c30729c76883fa13aad274251
SHA256

e71174859ef25766a41db7a4dba67b6b63ab017f95887e09e22c6bfc6e32ab92
SHA512

df468d49cdce7bd7e06af168eddb612b8c36d5171801f2b0fbbb1e419623082b9b8adbf42a1190cbc324c058b6d49d160d492a8e26315f84997c5504af691dd9
SSDEEP

192:aM6+eEu32WMpC+dd6XuBpLfDRP17V9F+zOsuYslBDTpAZG12K+dyKNqfTzSeu:56+Lu3FMpC+jLBpLfDRP17V9FwO7iZGe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000003023d8b18f461a8ea74101b9296e0b23b73d7b716c2c31f5f8ca3dc2d773b502000000000e80000000020000200000009e4d8485b86cc9860ca8d9e7200b9440b99b4f4c8331bbc2ff53daffbec5ec9d2000000084726041b015ff1aecfb27c467235ef806ce01d9829e6db76866b1b04fc7286440000000e3cac0cb13f72a91a33b2e1f992ad2ab6c3a3ff485fdaa70a29ab507bbfd8d5844566aa5f62c5f2ee911791dd404a06abe648dfe2e3e2aac3b880d487efa1bb7	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70cc8e44c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000ba11670f5f2ae8f9ed88300d0da609332aeb2fc3422796b3749b7a45241b43d9000000000e8000000002000020000000998c234b44ca622b07b1903b970e11032bf062676b1b8af03e00009ce0501c74200000005a7c84374636b7c8b9dfaa1854bb5d0db03d577bd7bbfa1036ad5c7e99c5298f4000000040a2f9385fd71d512cb013bf02783eca0ab3784f7ddc69ec6427699abf72ecd252a06389936f3b77bf445b066c4466d7e090a550e4b4112c2a8dbf8ade9a4a69	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c6652fc436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000adce2381981b9d4c2ac45acc8bb65f8217919ccc895ee16c75fe7fbf3c5f7353000000000e80000000020000200000000de7ff67ecb99ab242822491e34de1c6a936cbab72f170ba352a3ba2ba5cf95c2000000000b42e5a613bda56b2b17c0d179e1e254e0dbece20bdbc0d010819fc032ce39240000000a7d93bdf14618439b85338031159dc88e636de7af00df647a048b50ad58f846b2f90e15a44672d82d2c54287c1c2c9c704555a2bdcf730c77514845596b02fa9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000ee8c61b0b51528b20b4945fd81b18391eb96f6aaae2e9aa8c4f5b7ab1eaeaf27000000000e800000000200002000000072ad22f602d17c21ba750fa818a3e0f1141c3b6ecdaae45e4a25acecb2da9a5320000000e2039af3a978cc9384f7eb4f08629512998319ca267757a7f4cbb398ab6232be400000003b6234bd9dce4e49b0197eaf406da1265060e0f0b297a6c940164a7ce2b6e23329913673d5bc91a54a3e47d3c8cdb8aa8f48862103910caa23cd3028f6224150	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70e20f21c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3059eb22c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000004d37b825374f28821ce0e9ab442d41044b1dad8089fb19523efdb72456b45d4c000000000e8000000002000020000000376579a3d8c73c638f2924cdd883204e3d4fe2e72e1a1a6a4ad9603cff013c4720000000a5f7f58c70a8add56867f903692f85eda1f78ad6a6624163cdf5105906e2d3c7400000008d4c53cbbd97e00332f1a0a4c988dee6afbc4d15d4d16720dc30d0b77f8c2f18cae46f283576b59521803247b4c2685c9ff323609790d09f5bef48fe34a49e0b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000327fa831d62672bc4b4bd987532dbdc96c218ae1112b0d3f5428b30b0da3f87c000000000e8000000002000020000000597465e4926b866eb04aef26745fd61524cc0b10ab3846b0320d4dd905df858920000000ebfe3e52f000e4be972564218f17b8f27ff7a30b4f9c10426f417b42abd0ee5e40000000b1996e1f3903fab7ca6911c1480a48bc5bea1d3df55618dea282128f7aec496207264e563f1dd9b40907b41224b58f0696798b49f16289bd0ecc4a13c563afbf	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de62210000000002000000000010660000000100002000000040d865252ba578a5abfe2c41e08612986cbaf3bb133d4c451d4b1cb3bb27f8eb000000000e8000000002000020000000bdc825034f4f60134caccb14e864611b28522b8dbd9745062819867c2fd4da6a2000000005232daf1a4f28ee367d6aab04ff9c2ef361cbc5ddb124979db9a2613d3f363940000000290286e753f23c6dc16e88f4c3e3395d3dbd8519da937c4286b4345775ccf1fb8ae3cdb6719ce2dd87025fde0046b8b995c421f6497b6f255c936effc3ca5884	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20eb6b0cc436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000ba15719dba0563662e96fe8982fefb9f20e74add843d7dd55e2a52c5909d7b2e000000000e8000000002000020000000b1b50fd9c6a1b2b457ccc50858da16cc8a38dfbc59ffece91b5d2cd36b3a19dd20000000600137cd4661609868f76c56852a6b1870b3d32a8183a2bec045820ce91f9ea340000000894e52b1506d72cd14c0929c526966481600fb392647146e5011de1525b9b84d24d3629f6124dc2652ce3ef186d38d2fbafe77c3f128e5759049126284bd575a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000007f106764882352b9a2f24cad8c52a4109b9a428218164534c892264d994b7701000000000e8000000002000020000000a072f3953a1936d15766539fc8bb516284aea4523e914e7859616c54500e9a9b200000001a1a6d377d972bb5bba2ad5c9a7c6a9514d93a333ac75f268f5ee35c92156e4540000000af003981c58699e0813ac909933f9a1df2b849c12601e21c5d7ca7e7d66d6addfa5a6653b44f2ce29591ddbd0cd54600e02481c1c7a05937fef70efe68d6ed23	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000008845e233b788627bf4823327d4b3b305f86da81579c0bb4cb4c39fec1bf673d6000000000e8000000002000020000000a30cf6f864039a15b7c1e2da5718640edf8e3fbba7ff4379661abf62b32c8d522000000007a3f93c20eebdfa58653af7d5c02ba23b42f98b017c19f09741e4ec39514a9c4000000063fbb172dd724936d02eae6d6da2791cc4971c25ab5fa2f60880e01a99e79ad7b6764f4e0278666244e4ed57c3aad2a795b33f42358a7d7c102b8d22c6676cd6	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de62210000000002000000000010660000000100002000000033f11135570ad0f0e759e1c4a07984a315331005c000ba1a79f51218fb6823c1000000000e8000000002000020000000c870dc60e30a58aa6da6dd5726749e1d7afce142537bb7a15a2f446874231ced200000008034b40a8623e2120893cc8c6b951d1f8d6887237b9939a20f39a7d40a1e8781400000006ef56b1aa4446589897a2b2c2ead087b04a4aec8032d37aac2395a558f883f3a2555aedcae833f122ac1e0fa3c96bbeb48ec581632149da0d17e3f5a8cde4e5c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 903edd36c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70b2aa47c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 402ee548c436da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000babea29e40597fa14744c14ae1adb858f4dd86273546e018b078d901732ec726000000000e8000000002000020000000ee17efcb8fa55bfe20c8f1376124f78cddfb347aed1c03c18c18f89cb6abcddb20000000cc44fdf93416d828ccf735bfec76867334ac6e17f1290a69a152192bdde6b81c400000005cba905eb431aadc2f8ef58f0cc093fd5fdc9d85cf5a3d137e1fd016a9331aa169c4810f9213cc0a6335f039018cdf4563e91fb229fa5e3870ff6456cf3470b6	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90be5818c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a00ba019c436da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "403330106"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000009098ab72e29715a90ffef404ca80fe984bc006127470811ea61e04821f8b01a9000000000e800000000200002000000016d68d699870bdc67815ad1faae11969ec317918603fdd83a27e85ba601cf2f22000000044f429d2daf4ca8174690f18a261f15a615da672ae2e74667b52ddb72f211b7f400000002d62e29975a28bd5580fe73b26d4f20df538da8f71b33e39a1dc8a1848800658f7a2e791a084c24a894663de43cf27285a137fd1780d3931ff2361db4ac2faa2	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0fc7e37c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02a4848c436da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{43A677B9-A2B7-11EE-9ECD-F68B0B0A1028} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e082a408c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50707511c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000fdd9f30c045f86cb77e63dceb613a519f7848de35ba96eb4f1c0652cf8cab4a4000000000e8000000002000020000000e8356af4e424c81817fa137f4e6876c5dd747ddd9d68041d8e61c2ea2d3c006e20000000e40f75a904ae96350daa0e1c66a4fbbb9b8f24d1a4294d2f9128141f7411f129400000004a47dfa20f72813383746252878f60698b977d2733df0ec264890efdfce25508bf0d7e5c6bb6201eef008ffc115b04e4be340fc462fd1ab1d9dd489f00851c35	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 303ca52bc436da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de62210000000002000000000010660000000100002000000088652ece4ce120e5462f23d4fa0c21a59db5acbcc5b7807570e91befcac0002d000000000e8000000002000020000000068dc18fbdbd6ba0f8b3125eb67b3ce81af2bcce30ae0ac63024f1cc31586a7f200000008d30cd3f698c148e73a91b0ee366afb721a67d459aca4b1fa1f0196634325143400000001b13181be6dbc2150f2dcc5bfb42af056f74832f37312a8bb88cce26b5a65dc7b8e3152b4f12b2b65c6478b7e4c781feca4dc230c9d191640ac09e5f945a1bb1	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30660330c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000008b6b7205194a7bcf50d57189f755ac42300274f28d54692a609fc47a22be5568000000000e8000000002000020000000680b3cdface3df709300bf4a9a858c3d35996075c72e10f56c65218f6d116d9a20000000fb486fd99b07ad308cc4458bae2416c9dc72c07b7b6e405663c6523062ee82f640000000b948d9597a7e6156f47f17e1051e0b6d96337b816a43d4994f10f628909d65db6321b137478f872eac6d1d9926d9ea04a0ae1a9776fff4fea33e1a66303d472b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 102a4f0ec436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707b7716c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000003324cf4faed2e128ba04c00bbb29ed7e5705417e85a236243b8eb8b98ba05249000000000e800000000200002000000025d0bdee9cb12e156159309f9982e1ca3f853073823bf2248facbfbfcfc0a5c120000000f03570e6edf9244c796097bf71b772a5cb6652c5d0a7422e727b1cc7ac0fd1ce40000000d6337999758e24c3647beaf0fe553de7b0ba979592a3901b341902aa591ee73aa12110ad68b0204d2c76309105d0b1b8933d243b066afba2e5b0fe822e64c535	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5033ac0dc436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000b5804ebf9133b554ac64f86910e1419b276dc5306bc09e54809057fc7ebf5e94000000000e80000000020000200000004eee60e362b1227f0c82f8ed4287ba983f5d40cc8879d9f4b5e9cc02b1d18b4220000000153bb3c725b755a488f5e4033976c81e2f93835dc3fab5349a350ed31c3616d140000000f9a43e772f6d36317f99b5216897c5a1b1733147a32047404125fcf721e427c0795f0a877c6a03bc085bdaa30f3f9faaaec9f2f19951d2935caa0fdde9d17649	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000ab983fda5994b4126bd7beed7498d1e393e34039561e47dade3b9ef7404b1e66000000000e8000000002000020000000bb8edfb3eb969d902e17302137ebbcd3e199846afdb33edc56e75c51fc3d237b20000000db14165563c9b6509ee220f778f378fb6631c6be8206c5b1dd983947fbe286a140000000e48b5aab89b3fe4186b3ad31df88b1f288081f1a81106cf01058a1b5126d34082557af36fa8c9b9f4699c998e24b2565a8c25ed0345ddc9f3606e1fbd2834505	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000bc65196620bc30f8bc6e80fd5dba11bca55243a6a30251aaf5fe136b6f9dff3a000000000e800000000200002000000080d8c5a71eb9489fc9b3147e5c8c5e9087d1607c16a490fe22220129072d3c07200000001b9710a55ddf6ed00035efe8799fb6c77fc96e9401993c83843f53f4ec42fad04000000064e4c4a10339b530439bdaa548cdb9614f7180260b6a754e8b5e5ec6cfb8a6e8f8cf7311ce6c7a0937a26c265cbab5e79fbd60d3f2ed24bbe2efbed6e65982c9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40b76134c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000f22c7bc8b6760038d1072d0eafff3ab7fc28c83bc6b0798dd38568cc44eba8ae000000000e800000000200002000000009a067cc710cd4304905b4d4e21a644c2353431d8ad0133a23a25d5cb588b5bf20000000aab3c80975aeba4338100a36d41a9c3ad81f89228746339835aebdc71106b59a4000000018e66976eaf49f3712b918aee12d0aa1e9a4a76dd675b93dd58b52cccd4c781ffcc968a6e44eb1c817dfc6107f916cfd2722619639e50b34600702c4c4fa1abb	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 007a7f1bc436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de62210000000002000000000010660000000100002000000031ad61b162377ee754ae44232bdce3a861a60d928b04e7b18e6001188b1748d5000000000e8000000002000020000000c4e2898dac00b600f4c41c804674715186c2317292a7a0c14c56243cba92eba9200000000032ab9e6bf5488d4300210e05af6a7d36362a7f861413764bc33a1ae75c1a5140000000aec1115b4898d524d29d2054c25e3fbe5b245ad825d5ab48541d6fec42f35ee7dc510d253c5edd0f4ac274e2819a7766e1802a0dd7ba93eb4a29f11131fa2cde	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000007c7e0219275d82a06cf8d643bddec358aa1c9db9a2b1a891b38514092610cc37000000000e80000000020000200000009ebe1f90f8326de1f88fd34b102a011c47e01c073e91499c2bbea4c9e5bac17420000000eb1a5b1c0f1597b2085175ba203d3192b35525e75407d168f4e7b5d25c4fc2774000000002fc4bc86811088fe6da99ed2aa80f125a425124fa171f7fbba9b0e145914236abec2776e53ba67d575188900288189bf3c939efcc838dcc1f03736b89d6c25f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b001f739c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de62210000000002000000000010660000000100002000000050b1bd4959b66356d6828c5ed0e9fc2873258f3205f0cbf3dc5b9bb9faee7722000000000e8000000002000020000000524078a141577f1afd83fae83ab7fdb21ca8a7ea75ca30feb9a6f9cfe1d7ac5b2000000047d6a83ba7f7cd51dbfbe1df7ca89ba7f2e08080c86148618ecda817ea6085cd40000000f5d0f720199cf7b792fe4c8407e2bbb6df7dc04f0b3ae1c94307481f8d5377eb92d3dc9a49c48c192e6d2385e3749f04bd15c6b26f6025c3d199287592e62d15	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000000d9d0d60c88cdaa71622b64f818a5ccb4734b853c8cb42ccf2912140543cd890000000000e80000000020000200000007ee1284e9290f5274c8f40e98e6afe129b68e165b43f496bd35aa779a5ac6ab420000000c5a7e24e8bfef7d5547a0bdf7dfadbad26ee4c0cb87fe885ab49f7c3c630953640000000b2f7fd46b5db5e5711a634e0238871bafeda6d6576e4356457ee07f4e11cf5a6562fdaa740e0fea0628652e5a5b60ff0e604cb88fc3ba2d720b3a7bd6eebe323	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9003e609c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a097ac21c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d2270bc436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000002378781606eebf21ad321a7466d2e364caa5b173ea39c884cf1971acdcf02c1a000000000e800000000200002000000016a0694b66367f1561e206b3697815710ca91523071d71539b2357bbba97ce47200000007fd7d65b168bb7447bd1d96283e2f7583d9df557ce133162a609239c9487beb340000000ef228cc02575b215b47afa38d30a3782410839b0d6548bdcd4422a09d00aeffdb12bd9de2285094364f9b64d183ced3dff60a512e65cb1823dc5193502fe720d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 206a591dc436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10b58128c436da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9066422cc436da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3055d41fc436da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2420	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2420	iexplore.exe
2420	iexplore.exe
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2284	2420	iexplore.exe	90
PID 2420 wrote to memory of 2284	2420	iexplore.exe	90
PID 2420 wrote to memory of 2284	2420	iexplore.exe	90

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\05964b4f10f9c5e5000b6ee5a1cb26d2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0SGFK56Z\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

Filesize
3KB

MD5
b8c3079d1b04b53539db2c74423168a8

SHA1
b0f7e36a2030ce3b29c70b60397330da2dbd9c4d

SHA256
3c078fc702c28e4bd9b7f3d137828d33b518d9d78229c4884d70c9127fbb4165

SHA512
96fca4f133fe9fd4c235ee2e9761455636635b03f48f3f1a15ce7bd1e48f265be8be3ace6298487a8cdb0892f8ad67227f74f6a9ff33d86363e321867099a2da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

Filesize
3KB

MD5
6cbc1aae71106ad40c6eadd495b8597b

SHA1
bcff8cec218c11db6e2c11eecd739e6eb3f078b2

SHA256
1c5426e7c6a47d24a5a2b755d45d5e6aea8646f47bd70808a3d11ccd1234500d

SHA512
257888d7c313cba33c95bbf816eb5f05b6e4d7a06a9997028b3cb02c9f8e7a3e8a6b6808897d4a1d1d2a258f3b1efdd71e2565dfddcf17daf28b899ee1137ad8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

Filesize
3KB

MD5
a3a24356accbf2dd71055f8b537e1f91

SHA1
56e9c4bcddc458456575a7f9af261945b295081e

SHA256
161d6b26cf8a5294c99ad57287245933341554bb3d9b8dae8e27ae9a66e06fc0

SHA512
b84201a4ac54caf921c6f432f5e846beda6755c5307b7c13d7415047e1f8d33fd5514c465685ee1f08a892bf73777af3bbf89e8d0cb1b6af010fd300c7b0ceda

Download Submit