a859555af15a83a862483fcda53b86c5e9a31e36381ee3070d450dedc90433eb

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c539df7d7cd9e1ab825ba294692999e.html
Size

893B
MD5

1c539df7d7cd9e1ab825ba294692999e
SHA1

6910d9993a42f613a557353dcea8752201ad62e8
SHA256

a859555af15a83a862483fcda53b86c5e9a31e36381ee3070d450dedc90433eb
SHA512

9ac6c26a1f069abda93f3c424b4dc411b7f8e75356aeffa9be949c35bee1b25a683f5026691eedb32be7d3b26902b531931f9cfdf6038fc3bcbcc6eded3a2c00

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ffb13baa37da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078314"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7017eb38aa37da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078314"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c000000000200000000001066000000010000200000004708aec0f2ab7bf30c19b175f02e31cb4987b44d100aab74a1c6e6fc64f3b89c000000000e80000000020000200000003262fcbb13f37ba3bd714cc5cbcf7b9ee21337e208197c637569aa7c32b2718420000000d0ef82244927330efd01d23870ea4176ec417ddd7a81575cb81330212eca66de40000000db5db5ba8342e32fca58130b7d58601da3006681283d4937655be956035be5fdd9eb303082d0ad21b2c06a2468eaf656b56aa9eb066432123b8ee7944bf7ff22	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "891560298"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "880466648"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c000000000200000000001066000000010000200000009d326588bf7a6bfb916fe3fdb3a3e63f9db9ade9ea7bcf3c40bf20a2809e6dca000000000e800000000200002000000088501d2a2b2cd6840baa20dbe9a722e4c2b2cac5bb806ee6aa6e3448792e5410200000003804d3e51a9e8400f310c50ce7534dca4cdfa3c0eae859cf1540cdac348dab77400000001edcf824c4b02d062a38a452254eafe8afd379befbb077a808641e00089eaca9dc2a4a8ef53207248ef41d3067923f5929a307d7b345f4af90614032d6bb4a8b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c00000000020000000000106600000001000020000000ef2735342ff915996f13e820ad2d5df03efc41d2fb9a7fe2bf4a568bb85cd16f000000000e8000000002000020000000e87d47ec7ad705983e69ba3db576307b0218ef7148e7ef6e20ff65ee1e40b28720000000e32d86ec96e0c8bff5a6cde28dca55ceff502930721f539129eb8ba8025d4351400000007b192aafbd4996332f03f2dc75ba5ad0499c56a168a5bb9f42fe0bd337f51bd0d620d72e2c1b2d5fad5d63bfdd2acda9e3f3b48dcdc855a3236c6d41efcfb230	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410325659"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{601AE4E7-A39D-11EE-A0B6-5A0B45D0E1CE} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "880466648"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078314"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20c14638aa37da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2372	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2372	iexplore.exe
2372	iexplore.exe
3988	IEXPLORE.EXE
3988	IEXPLORE.EXE
3988	IEXPLORE.EXE
3988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3988	2372	iexplore.exe	79
PID 2372 wrote to memory of 3988	2372	iexplore.exe	79
PID 2372 wrote to memory of 3988	2372	iexplore.exe	79

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1c539df7d7cd9e1ab825ba294692999e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\flj0k7l\imagestore.dat

Filesize
1KB

MD5
314684d85c672ce759af928566b578b8

SHA1
0dab0850a66913fc60292854d36a228a5982e860

SHA256
3a16818ebd7d02a3c7098b42e2f5377ef273380c3b79cd7664b7fa08895e5fd1

SHA512
009994c5c88839331f90f99ecbb7008f4e15089ca32b4e422cd5c4be3675ad8baf152f2f8756ebf3b635fc54ce77ed751fbac795704c389a0b93baecf6270aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\flj0k7l\imagestore.dat

Filesize
5KB

MD5
6015451919813a1fcb4c3a95b985e426

SHA1
8a92cea53f61393352c7aaacfac8872731526555

SHA256
92078962b28d6b2dc89b659073d74103f9e77741d416aa12edd6dfe9d3649c7a

SHA512
16daf2e229350d44456e4939bf228fc8542897ede1ac0654efd4798fa725da28d5b04788b0fc4dc7d8d90cf30c41014521f77d363b7ceb3c8efad0472221549c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\favicon[1].png

Filesize
3KB

MD5
a75c230f34b9296e6fdd8b0b855df5d8

SHA1
e0b9e32053d44532fb4e8bb55b54c3211965517b

SHA256
8adba20b1dd9747ec8ac6ed5a26a8dfbfc7ab82213d8051b76ac771c76b87920

SHA512
950b94afc397ac760f38f4c68691bda6b541832e1d23f496e36568def2b9f9dcb6984c6a42ff6b5abef0e19b76c37e40baab22e9dcc9360091b609333029b24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\suggestions[1].en-US

Filesize
5KB

MD5
6f628ac8882c8e86595545c2b4dec4f0

SHA1
c98bb39616f3838df03e908b169e17cf0ebc2bb5

SHA256
1cdb8e25bbb7e00a4e57743a0c3960e94c93af20248d14eed2deeab1b4f25275

SHA512
ccc88d494c14d1ccd7ff981bbce5ddd9b74f05cab61c5d47169ee49be51e038f531af0ea5f57a0ac353481b2295a65d2a8e08f47e1722878425080477924ebdb

Download Submit