e3b992c62b5950d5ae976eac7c5081a96be882b8298b99fe00c036d09fe29811

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58e8b881e7231e93ab653d5946b6afe5.html
Size

57KB
MD5

58e8b881e7231e93ab653d5946b6afe5
SHA1

9a87bd3646c4dac5803668a1331d5bd31fc498ac
SHA256

e3b992c62b5950d5ae976eac7c5081a96be882b8298b99fe00c036d09fe29811
SHA512

d6f8a96f40b575371652f0e543d970b833281744ae3a46e6acc545ab54f1f2bd26add1e817e789fe4f6afd13995d465e3157bfecbf992d98e90e4be6baff827f
SSDEEP

1536:gQZBCCOdJR0IxCqi+o1Cf5fyfJfHfVfrfLfyfHftfwf3fmfmfMfNfefKfVfafwfB:gk2t0Ix9xqR/9DDKfVYfOu0lmSNiIY8b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 52 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\website.ws\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0c121c83940da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080505"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D7E5C309-AC2C-11EE-9A4E-C6E29C351F1E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\website.ws	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080505"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\DOMStorage\website.ws	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c47f1af20644814589e7a32def35942f00000000020000000000106600000001000020000000908bf775b60b47294801cc1677fd2cefee208ff54b66ead643db305027a70c95000000000e8000000002000020000000c8e0169a5d7d57c1e3447784b01740952848be25c9f842a708959a2c8a194e4220000000d5cb4c332e31661af89e5bf671c120b1c8d8001ab31e41f56d53a811946c0dad400000006a5f13b2fc2eb5740874dff26dd0c97060c7f3fb3ff43b6dca4bec331ae1104b7cc0bbf3ae6d7f073197435a9ea040bb52a6bcbb82ec8ea46ee611cf92793394	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2994639759"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080505"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c47f1af20644814589e7a32def35942f00000000020000000000106600000001000020000000d7091dfdd4a207256b09f6477bccbee7b8be58e5543ca33cb8b07167913b9381000000000e8000000002000020000000946bf5105a296214092d6354c8249d33ebcb0294f0a705e812f5e65284e23cff20000000e71996b69f22e7362c7f176383198df78ddb36d7dc7cb439907a98013862bd2540000000922b9ab0c2ba003d9240e9d550bcfa273e4364a9abc24c3733648013c66ad3e64dde17ca8e293b0070f479d0407d06d4248fd79f68d9f81442df5a9924916e69	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2922285877"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411266895"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2922285877"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f910c83940da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1832	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1832	iexplore.exe
1832	iexplore.exe
4412	IEXPLORE.EXE
4412	IEXPLORE.EXE
4412	IEXPLORE.EXE
4412	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 4412	1832	iexplore.exe	88
PID 1832 wrote to memory of 4412	1832	iexplore.exe	88
PID 1832 wrote to memory of 4412	1832	iexplore.exe	88

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\58e8b881e7231e93ab653d5946b6afe5.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z99pgii\imagestore.dat

Filesize
1KB

MD5
4f2cd1b4a663808c6506371d5d3a12f3

SHA1
229522f5ceefd40117633462568144b324b94305

SHA256
7b3c31277dac0d48ecc5f572acd91d8dee18610ff80a8866a9277ff33ebb6efc

SHA512
aeef765a9302cb61e8c3a250bbd4e3a5bf17dfe08dca44897311e22c0f161ff3f00b98acc72cff5cfe3f057874ad9c97b695332d1d53b096046bd46790ede3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6AXLYU2E\favicon[1].ico

Filesize
2KB

MD5
cb546f0ce2ca2505cbc9088d8a4592e5

SHA1
d87b70b1a34f4313d085de80da3aa4e8845af904

SHA256
0c3851f8f6d7b9dc63645a68b0db991edc9162620b9d757684a4a20206c458fb

SHA512
b6fcd078f43082daf299a49646280ac3a30b91d10dcfaf8e9fb9e8317af417e34d45ae7397af9507d4101b7bcc58169c2f64adcaa253fc08204b98020b20b551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\jquery-migrate-3.0.0[1].js

Filesize
16KB

MD5
7bc46cd787fd2b6d3336e056301d4b84

SHA1
60062992ac61926ac3e1604b7f89cc373639c66a

SHA256
7fe32e1f272b3c300aca9d573ab228d87c605b4a705369d3c459523c52c9428d

SHA512
37ae02c8da88d3ff585d85035162f4e927cf1ed4d77d6b83264abc12a94af5b484095f2f46e9f3a6ef80436593ab482646b80479bebb8e782667eb86e98d3397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\js-loader[1].js

Filesize
650B

MD5
ea5a5798612df63ab0532174aaf62634

SHA1
0f4713eef39ab07510d3703ef201885475ef0b42

SHA256
ee44a690e6d7ba27656d9a013b7803d69461a19444d834c918d16c1c56598a31

SHA512
8cfd3dc5eb7f2ab4f27abf80bea6955a00112b84ba074cfb8a1bce0207c36f6f12e2f3e90b8ebb8fedd56a5520a4a0d09397af9e6f4885addd890df7bf3b8907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\recaptcha__en[1].js

Filesize
502KB

MD5
37c6af40dd48a63fcc1be84eaaf44f05

SHA1
1d708ace806d9e78a21f2a5f89424372e249f718

SHA256
daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

SHA512
a159bf35fc7f6efdbe911b2f24019dca5907db8cf9ba516bf18e3a228009055bcd9b26a3486823d56eacc391a3e0cc4ae917607bd95a3ad2f02676430de03e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q9YQXK50\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH9W14NQ\jquery-3.5.0.min[1].js

Filesize
87KB

MD5
12108007906290015100837a6a61e9f4

SHA1
1d6ae46f2ffa213dede37a521b011ec1cd8d1ad3

SHA256
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

SHA512
93658f3eb4a044523a7136871e125d73c9005da44ce09045103a35a4f18695888ecafe2f9c0d0fa741b95cc618c6000f9ad9affc821a400ea7e5f2c0c8968530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH9W14NQ\layout[1].css

Filesize
42KB

MD5
e57c81f3a17073a78a7c3c865f74f89a

SHA1
587d7c955432f1e5a87460ecbf9086ae2589346f

SHA256
e36f1f796e538f826beb42510edc0354133c61c7f711b827def7f91d3f7c8bda

SHA512
630aa9dba2aee1125103954b093af8b24907d98761e1a9b93fb6f6c43abfec3afdf53825e3f12fc3cf87fa14855daadfdbc90b1e49b503fb2917599dd77daf52

Download Submit