e2c3308ddcd36c4da62c2e83586b93b87bfb254dbc780be46fb87d82195dcbf0

Analysis

max time kernel
74s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

101KB
MD5

578cba7113bbf64d57092636b80ca88d
SHA1

e013536a3eb7fae9aff0702a3c3804cad6f91459
SHA256

8ea57d40f9a187af2ff0b35fdb3d10523f8f6f1c4d7bfc69c60fb9b3d9457649
SHA512

1181b538f8bb9e88bd36674cf8ae7ec17b84a963e83733e51e3a2abaddec5f8a19863ff3e27f0d7a2b773fdee6e6d8414c8d6032192901072d5259e0eccfa173
SSDEEP

1536:34WTTUS6aGofKSMuhkDzmLGzdQ1g8jdmPW2lIXJC:3N/8baldmuO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "81390568"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "92484087"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078090"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "81390568"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{30663536-A2BD-11EE-8024-527BFEDB591A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078090"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078090"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
852	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
852	iexplore.exe
852	iexplore.exe
4356	IEXPLORE.EXE
4356	IEXPLORE.EXE
4356	IEXPLORE.EXE
4356	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 4356	852	iexplore.exe	24
PID 852 wrote to memory of 4356	852	iexplore.exe	24
PID 852 wrote to memory of 4356	852	iexplore.exe	24

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:852
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:852 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x460 0x47c
1⤵
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\08N5I3QV\css[1].css

Filesize
354B

MD5
d8e776ae9aa296da6fb180337ace78bb

SHA1
ce24ed5b51977df74f1544c1d1011e30befb2c46

SHA256
5c717f907ef22bfb30dd8b03ab3d6859e6b93ba083a42ea1e1b4d340de3c4a93

SHA512
8e0f3ac804fb6bfd7ff0868237730439e90245a1a21aa5252e41306534465cb7d7afc0eb5a16faf8e3befdd7fdedfc7a421ea0e3272dddd847cc343685ad72b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\08N5I3QV\freepyocobanner[1].js

Filesize
7KB

MD5
6c1350d93f3956406cadd2bc87be3a70

SHA1
4376969e1ce430bd8894829cba352e982c2ffd04

SHA256
7ecc63c6d23cf0a712a702e3a6527bc86b56d6ea2edd08811a190b91806054e1

SHA512
f2a9888a25d3d4dd883907ddf1be69e24bdedeeb778d48eeeade2e8aebcac6e6835a1ec901f7b16ffd3fc57627073adf8115838132904d70b0c648a25575b4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\08N5I3QV\index1[1].htm

Filesize
4KB

MD5
3e9f03f374f21f35f76adf73f9459d1d

SHA1
2c8c88d92475278c832935c9b773217fe9c18421

SHA256
6fd495957874cc8633db292d9b9d1ace1d06c104e715e2c3837fdc2cac1c36d0

SHA512
6190ec6b6af35f162b3fbd6f6f787313f324af5e78e963cd0c93ea1ed33ab67820f50f62a2fb2e75fde98e8cff5708a71b04606813bebd54d758e6af8be2bdf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\08N5I3QV\jquery.min[1].js

Filesize
84KB

MD5
c9f5aeeca3ad37bf2aa006139b935f0a

SHA1
1055018c28ab41087ef9ccefe411606893dabea2

SHA256
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

SHA512
dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\08N5I3QV\js[1].js

Filesize
186KB

MD5
4d0112c5a9158a6a4f3b38bbf9b9d31c

SHA1
1523e520303fdad022d5a488d123c66ecfbe836d

SHA256
0338de39a54f9da33fab1b2c294f2f6069e70828f9dee1d6724be3aad483f7c1

SHA512
64711bd1ae1ef5ac381382c5c6719c0505aff765f521f696212d5c6738fd26d2a61e7a37ae5f3d1df0589a050938621ab497b786b9a702dc9090f69782220af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\08N5I3QV\mplus1p[1].css

Filesize
1KB

MD5
9de87ddde62f00464f569803754a209f

SHA1
e54cc927efdc8417d3a4d662edc26aeede096a73

SHA256
50ac8e4de5e5df0a06e1bac557fd6e137d70cedd820a782bbb201c1908501744

SHA512
d514a9b417c7224ae2972586315825202c3ea2733b8057a3ebac24df24424d8ca332cc718b28eca7559f6f99377114d99f3795b09b1062daf1c296febfcdae47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\08N5I3QV\shooter_notice[1].js

Filesize
4KB

MD5
4ebe535287605ed95acfb12f9ff7b803

SHA1
bd2977e3fcbef17c2c98edc08618d0811e1a5ac0

SHA256
3d990375bbdca76d1ce7c942f047ebdd86847fabddb3b594f6696057c5440260

SHA512
428545405c95a60c2ca91aca7cc2335b91cacd09e4c79513d1b6f3a8ab9a47b006794f44e5ac4cbdd6cf1b2570a11b6aea25f91276d2e121f04658e741325703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BPK32G26\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BPK32G26\js[2].js

Filesize
76KB

MD5
30170d8c12372130cb156ab2041a6db0

SHA1
c7b5c4158b4aa5f055394820b295dd9586d2cbe1

SHA256
aea0d08cb694b4e95bdc665521b03f938af6b6e53507c156ed6fb362bd1f2ad4

SHA512
e55c184c8a92c2add25118c079dfbd050c5b510f18df68db203e6cc8865461a65c06068d8d814a94b75e8a95cc89ce7102b017a8c4149971de0136efea737272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BPK32G26\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\index12b[2].htm

Filesize
1KB

MD5
776baca8b1f8db1d203dc17572dcfe59

SHA1
63f65fa753e8676860b8e4548e22e4064cb2d32a

SHA256
285dd41ddf12f9c687384f726308805d4b07ec8fe6f508d6339c9221cb1b81bb

SHA512
7dda51a99999df373944b33dc1993433795935670b4f92456e052d1cfdd3837994dc685beb999bc5ac90fbc2704e7b627ce85cdcfed736d8489f1f6e9fd49bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\index2[2].htm

Filesize
4KB

MD5
07e728e89c3d5f39f59619d2a84ad7d8

SHA1
77ea466243b8e48e7552716bb6c2c0c136b716bc

SHA256
3a01351ae7d85dc063230f206d927fd5d3f03dc3f91eb99f8e9a8e2dc1c8e75b

SHA512
a78be393aeb9a64a2b7b2ad62dd4bdd7935c7bcecbfd3b35f2ed09c3f6ff95ddfe3dca2e94a29a006addc0895cc4f78424cda58c8b20800686747e11566f9022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\masonry.pkgd.min[1].js

Filesize
23KB

MD5
d94313c3ca257213d724ac82584b97e5

SHA1
f3af023348d872519df905d720a9b951663e5cd2

SHA256
605003a102486058fe8ac757b2c30652b9ac54d6d50df3799bc8cf81537ef66e

SHA512
59aaab964565251b3bffefcc71a353b31380f0b1a73caf69cdfcd34c7382ce8fd7720702f721bc249c49f881989f78fae71d833fdab4a3c7c15fc1ed049b9cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M4T5ISGA\12040201[1].htm

Filesize
138B

MD5
aff950cab4c0265e21d401db15f1026d

SHA1
f03e18461817f7a6546c8bf8fa8d686d7e30aca0

SHA256
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

SHA512
a1f0f6f3dd6788a1d7c922c6a8fc81d4709dbd0bf28433023fb8fbd151f645daa096c6e9dd670fb7f86c1699942514a11c183aa09f0018142f823668fb2a0aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M4T5ISGA\danbara[1].htm

Filesize
154B

MD5
cfbeaf604823f038b8b46f0ac862b98c

SHA1
7b9eb1dac48e74fa5f418bc456cb410f88b81d98

SHA256
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

SHA512
c99bf4f1351efb28a74fa2504429875d9a63eb2d6a145a060ed487f83ff3a42b6c85d94165b960edca90aceec58d16a6ed37b25f44452bbacd7f5204c15c23cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M4T5ISGA\index13[3].htm

Filesize
2KB

MD5
959d97efaa48ec243892a45a3dde90eb

SHA1
8e39d1840d1c05cdc98ae1670b60f2bb5d361bcd

SHA256
73bbd2f8bd536e276dac80ead69f805967dfe82858e2f7a6fa59702fc6782fdb

SHA512
401f1d108ff734af24efb760f2be175f8d6a9e6b76941d6af8b6f005d7e6080c9ff78bbb4acaef6896daaf42edeb97def5e192dec09450ec60e432f6c752722e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M4T5ISGA\index[2].htm

Filesize
1KB

MD5
8b1daa020874fd31de12c74ed52e69f5

SHA1
a5e5891ad078381e5daeba085a23f501e158f0ff

SHA256
980609eb738d1f21a67ee61acd8cd88a999fc41c1c3026d5c2193e31a441af8f

SHA512
01177d0b855d75cc520ec75c3f4681e1de7308e67ce4ab0c428b10ea3b7cffe8eeb3bdc5d691de9c67069a6dd7609bf44aa32c466c572dfb17b52cfea6776a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M4T5ISGA\jquery-2.1.4.min[1].js

Filesize
82KB

MD5
f9c7afd05729f10f55b689f36bb20172

SHA1
43dc554608df885a59ddeece1598c6ace434d747

SHA256
f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c

SHA512
3dcae1ff6e98c64e3586be3eb14dd486c51f7d4e9fa1b8f9a628be4fbb6a9ab562f31f9b50e16d2e0c72b942bdbe84eee8e0ef87fa730db1428b199a59d88232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M4T5ISGA\js[1].js

Filesize
65KB

MD5
8ad409e0b15c83bd29769e85ae2144b0

SHA1
29fc956ea881c8ec0b44944ffa564edd7ce62c12

SHA256
1ed49650425aaafc831441bf82b86330559b76cd3531d772a2e7042ebc2f9de6

SHA512
370dea3c10781951fa5907c1b0202325a491edd366991129e1ac58d74c393fc758e19e319bca0dfbfc2e798caf0e4110fd240945e8b3f2711a1c9765292c86fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M4T5ISGA\s2s[1].js

Filesize
1KB

MD5
43d6f98d1e6f91b7fa55b8b5d8fc8ec9

SHA1
0a1c642c12142039d3cff59687a1b29b481e140e

SHA256
7e35c0748610e44efd4a2ac5ad07c7f419d112b925f2d69950d19a994f3ae241

SHA512
36d701f04a7b5d79fac3b1f417a6a7a386faffe9e79025db3871e97a58e45189ce5031f527389b5be65f17d28c868005ef919dad9601d88ed9a36272e492287f

Download Submit