02de3c1e7a4ca759a1fd874562b3045180befe7b56c28767282db025f2a0fcf3

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e45898984c8af68bc26ff679a005afb.html
Size

432B
MD5

0e45898984c8af68bc26ff679a005afb
SHA1

d4485b864d42c395562d72cf209b6ba9af09b054
SHA256

02de3c1e7a4ca759a1fd874562b3045180befe7b56c28767282db025f2a0fcf3
SHA512

c53ff3d508a95522d4f32fe5e84ddb30736abcd5a537521a777cf53a042acaec02f30b2bdb8bd0ca8f48f162f1d65249f0ee1599259405854bc285f24bead18c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078248"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078248"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 001682506837da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1471955850"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1473048545"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de6000000000200000000001066000000010000200000007961a2730ae09d8a23563e2c4b7d1cf938ce58317f4b1e61e8b0d60d24b2db15000000000e8000000002000020000000acfbed894d4b3cdcfa7f0d9c46f13fa47f22a064babd3db99974fc29019de9642000000053b0d342eb96191a1f979ed4b3d8a19fa63889b462bffa7959a18415d3747bac40000000db317cf010dc44fa6c88c44c8df8465869094968746c1cc3423f03fc7d803121e42cc30f02fe1038a74ade47b0d534b47df8e20b542f2a844b62a2ae935a73fd	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 103645496837da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00d8e5486837da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{828EDC0D-A35B-11EE-BD28-72AE6231743A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de600000000020000000000106600000001000020000000540b567745779f92f906b30070ca51c827fa986622c4b6a68c0ca2426d90c267000000000e8000000002000020000000d51cdfc948459c7ddd2107688ed4b29a02f41bc3e007f934f57031fb28e13dd220000000c7340d25c040cc99390a303e0743216523e911eca24b3feabab0dad97283b267400000002a88f5bab4bee17066c9560c0eba5a732f95a2fbf44884fe669064943461b3163079645936b37d52779e5f7c0b629aad651748c6c852a3cb3dbc29aa25736a1a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078248"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de60000000002000000000010660000000100002000000013a2bb5af2ce03a7faa3086d5fd4ccd187c9a766f741513465417a96482399e7000000000e80000000020000200000006f722ec9f36cf73f4a15a519379a3f5c836a24b6bb4976e0e880026f587a3d71200000002def189354efd2fc6c77947599c1c183e8d8f383b038faab66962c37334847f140000000010fdbbf557d200f2c2c930c79f5c2d1ca238b24fd9cd5cfcfe2651b6b697b0f73763b2913104b8ba00be9d07e3af7506879f13a4284758b8d87e6e63874181b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1471955850"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078248"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1473048545"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410297367"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1368	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1368	iexplore.exe
1368	iexplore.exe
5012	IEXPLORE.EXE
5012	IEXPLORE.EXE
5012	IEXPLORE.EXE
5012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 5012	1368	iexplore.exe	29
PID 1368 wrote to memory of 5012	1368	iexplore.exe	29
PID 1368 wrote to memory of 5012	1368	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0e45898984c8af68bc26ff679a005afb.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
a614a6dbfe03cc86cd76ba2707f017ba

SHA1
d960d028449edc7f4198cee92c050d10db3e1d6a

SHA256
9c19a09c7d1012c3b06c35650cdcf319a7613a03c8844c15e795c185fddb6596

SHA512
bf1c2fe6b542b57c1e376b58ed8e01d0eedc23bb8b0dda297cdd59e7a1f2ea8fe8953462b1e51a56130a748d548041c4f562bd32d4c288d569dcb2320b51c58d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
560d37d1c4ef2ae21c8a7e76f7665588

SHA1
323f55b0c40fa5caabe6df6f5fda5f63cc9487ed

SHA256
c033423298a5eb16a2a3461c65d9ab1a9f02165d0565e6b15ef2cbb222c7091e

SHA512
35519d25bf6b7a5681cff6b8ef78ea4e00c040b2bdd7494664f50f73a6a24f13b2c0958430faf68d997688421f889c1239d1f67cf4206da641391095a0582aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC728.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9owjsyb\imagestore.dat

Filesize
2KB

MD5
40aeb26872b19a57a6a6c60f7271dcea

SHA1
73ed5ba545af07bdc9366e684139903cd73d25ce

SHA256
949a34e37686a501bb5b5563b96e1182e1eb2dc84f504703d0ee71bb72062815

SHA512
2af6dd531eca1a626dbe0957e688583f27a1b6a88a6a2a48a6b69716bac3a8dcedcbf785b130e6c71f01940c00ac144296a476a830ac599dfd8bbe757a1cfc7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9owjsyb\imagestore.dat

Filesize
6KB

MD5
73c1f034c5e831350a662920814c27e5

SHA1
4d6b8fabe41258b3c28d0b8c6a73710a69bf8894

SHA256
9b682b253f112a7e998a9a9806620611426e6b195d4a21b39e81947e60aec687

SHA512
5963add7de0a06fe584efaa55470cf12eef8cc7f248d87c352ac4fb79d0c6e40b477222a28823ba5f4df4cd3e743af0589238ec2ee5c06117df360cb4c5963c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\favicon[1].png

Filesize
3KB

MD5
a75c230f34b9296e6fdd8b0b855df5d8

SHA1
e0b9e32053d44532fb4e8bb55b54c3211965517b

SHA256
8adba20b1dd9747ec8ac6ed5a26a8dfbfc7ab82213d8051b76ac771c76b87920

SHA512
950b94afc397ac760f38f4c68691bda6b541832e1d23f496e36568def2b9f9dcb6984c6a42ff6b5abef0e19b76c37e40baab22e9dcc9360091b609333029b24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W8BIYKF7\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit