e8b080b972c1b52f2c2fb8cb4e4728a8808a16204b948d3a5fde94c1c8aa11ce

Analysis

max time kernel
103s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c80eb5d347d28d82c94584169a50414.html
Size

8KB
MD5

5c80eb5d347d28d82c94584169a50414
SHA1

5de8dfbe9180bcaa523866dd3c11ab5a3b481670
SHA256

e8b080b972c1b52f2c2fb8cb4e4728a8808a16204b948d3a5fde94c1c8aa11ce
SHA512

c0b2ecbbd132af7d14df7b91e48281dfd7f451c365e5aee658fe31b0acabb19972bfb72a65d00d58487795ff1bb4ac2dda614a17d242da15d61e7a634d3ac2ca
SSDEEP

192:duKmfG3mEHEpVENrLOrmA9W4N2rL1a4B9g59YNHB0Tt0dX:Dx5NOKMWdrB5B9g507X

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f044e3cabc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60059ae3bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000c0c3db3c0b07a6fafe87870a8568dfd6d2ecf406570042997d4ac916d41189f2000000000e80000000020000200000003e6eab1fe239066f87684671ca2e66d236ac75e5c14df49eda6ed84117270c182000000092617494023c4e0ed4bc2014226ab95f30b739084f55efb3f4d71451cdd1a4564000000072cf60dddf7ceff3d0fbc3295f831110be0dff665cae9dc36db5d3f4621c152a8d1d7c944e0e64e2e14bb49a30d18a19925e31a59c2e5ecf2e317e971d2bc461	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f000000000200000000001066000000010000200000008c296731d16ff2482b38443dcfdfff85c906326c3407968875a74a19a04c1780000000000e800000000200002000000039be6f744e376d48c5038ecda6386f46c93eac23477db30760a9a00b2e37f20d2000000052387a82b61b22e93921f506d73a5a91d59dc22ed1be18fc15915171969554a040000000240215409d148a68166f4d75051b72939705e6d69dbf9a0155a6a1cc36a2e18f6d9ed3588a726ee93ec3d5ab3c132939cb8075894a17d00943579ec3e612ba2f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7001a5d1bc38da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f05aa2f0bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000f6bf828c294060b9f8c3871e47caa01a391bab006e21a22cfd39775e65a0f1b3000000000e800000000200002000000092f01b7d3a8fda786f3d73cca4e5f0baacc5b2b03b60e80cd3c4a2086cddbb1d20000000c62558f9d740225c18775be5789443a3a46fdc278c9c5ab7c011a49aa9cf330140000000cbccf7a3de9eb6ba6af9cb5737807bd685353946a866af73beaafd396b0872a9191b336372b3be97e24f940683765a69115bce399644c8e164e46662ad40b945	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000abb771e80737ac7c0c1474e706ddde72ce8c59f23b12cfd8781f025c8c438ba9000000000e80000000020000200000003b3c57eb2d491787ae07eabd01ef663899fd84a83a9203668cac662259616c3f20000000b119e11d3a9ae7b3f0bdeea6c1188de7d6fc3423f772f578bcb41828959114aa4000000075c5b10dc5d558b11f4122d8b84f11d7131eddd23b6ef86fe8a7efbbd414dcdd16d5acfa234a856d8e77f5d7d009dcc06c9a729205850dada6193d0ecf3db279	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ffb7f3bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f000000000200000000001066000000010000200000008cb7673f28581aa1e318340722ded9b4920c0c434740960815838685780b73be000000000e800000000200002000000024e97a46cc7a48eca467c66cfe9cf40ff218ec9a3c3cb69b0921fa43ec18e3382000000019fd76609d13ee4adb140dda51c50b6020e6eb2fe2883b8c84cd68a1d499cecb4000000058a6b962737ff671d1fa125dfe125f99c3175a8ef2400f4b7d52a2167b70ef735bce7bf4e6f456a1a9273987213a00d7747bbef3adf7a757a21f2024a39a61a2	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0760df8bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 105ef5c5bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000c46c551e01798f4b3433e481fbccb0f264ff745a64b7931b3ed93cd97552fe14000000000e80000000020000200000005220fc15ef15219e5a47e1bcc05730945260724fa7dee9ccb9b0841582adf9fa200000001cef6b59979e6242c2e1fb5fff71ea262885e5407bf9714fda5abe701f3cd07e400000004ba54f31498f1c2bcc5236880e79187e6c65bb4c9fcf36f6db33dbec6262f1999d087b1a3e48e5f7dea218230b265119d63128a5b7e8778a22ca5901e7a35541	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078588"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078588"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078588"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c7e1d2bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8047c6dcbc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10eb7ae0bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000502f24d530226a15b444eaa767200d1858f682a6172d8b1ac10b4c57207c879e000000000e800000000200002000000039d204b0ca3bf317030a1711661023a3c62b43a488bb57b3b022a7c20ba4ed2d20000000bc752e674fd2aff72616c7ea30e9910b8e13a5e0c444b2c05e68470e1ab7510e4000000010f138d50c59665b82a7f59fd496a6f51e8cceaeb6643e82713310e35dea6703932421074f0c1830e1c89242485694ed83f9501067e11f231c89ac86b292ba24	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f0000000002000000000010660000000100002000000054b820e57a48e1590dd44c6f14de408b888aa8481cdcaf057553bea55dfee461000000000e8000000002000020000000db9215e5bbe567824aad4ac7844c4e961fb73fa0e202f697443ee5e91f7bcdbe20000000345e8b49c59604734df2dcb80ab77558d88091b1b8295bc2c1ddd58baa17b1c74000000000816b1eea6586bf20b5b037d9230d49684885e782ba6a413a284ecda4c29532b8c84ebfdc6f806ba349a86667692dc19a7ee6d7359a49f88616a3feba58ac90	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70e230bfbc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f000000000200000000001066000000010000200000000429c122267b636ab2b41327a2488a0b4d9d12f864641a10963df9b8b927c8c3000000000e800000000200002000000005d61900dbc87271ee237660718ba15e0de6156598f48c5c534a51e4cfaff5052000000030d12d823faac8c880e1162ef16298cee643142b59fdca625cfc1ddce71e9ede40000000554d3385ceebe78a078e21126b7471254b7a2ea66b8c0f9b090d34906484864339dead7d95fc9ab5d4befa5b2f30f08e6de0caf02b952a00a920ec8e4397ba52	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000d328008e3b54499fe9317e8c019833de97fe6b4ff29d622fa18ce98708a2abf7000000000e80000000020000200000009efd120a7b8520e8e8865ce46b1b500a43bee8660641bd894b2b832da58828fb200000004d8b54696ff6eb7ccb39c3e3f9a31362efe8a1cd783de2e48e5b7cb70c540c3b400000004294ae44766c8e16e9364da13b07e110b82bac42332cb96c6dcb2a2d1a3235bebed6cab4c8ae9e4f812b91846d46427057dfe264ea1cad4ee22baf37f213c2f1	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000ae51b3cdee1fc0635fcce67f1131c0b95532a1c97af9b935c299d470de857fb4000000000e800000000200002000000096eabfb85b0436b590fafd692b42a0b2ff8f5ce7d0b033f8b3971412c0acfc5420000000069d77cc45292003b1a8465de89863acb763533937b5c45533aeff9f87ca456840000000c2d8ec60e256975f7ac1166f9964e8c56d68ca8ee11fbc09251d153e95f0a7b45bd40c20751c59ba68d746400ba14afaffbdc66c2c124bc330daf1bd886ffd89	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0b498d6bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f000000000200000000001066000000010000200000009b2fc8f6e7c5bbf9a42435943dccd339a5928a746ce2244ad46afd6d76ae560e000000000e80000000020000200000007bb85683a45ded9a44076d1940b769251885bc8bcb5deb11a7ba95deada57c88200000001dc40e3654b44993432ab32eadd2aef8886dab46e47e6309b66e8ae68e5e36ba40000000f877fa5219a2df2baca3677c069b25d3b03ffbe75d81ba287d325d96b28a44ec16b04e17c4f2d01e6c8a1590e2e14811984ee096b370fb3031d3a0847ba9567e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f000000000200000000001066000000010000200000002d855f67b5c3be9566c095d161a8da26783a7514c8ac5d74318e85906e60ac9b000000000e800000000200002000000097b0449e98c16930684c12ab02090f27d6c6b72a8e823e036c56c90076e3cd3d200000004645e1e2f0c335447bdecb9d222fa52123bc78335a8bea37d997eeea04d373bb4000000033265b03a0ceb01fb149deb77d40eb8cac4e6c055396d8a4cc336a8443503a68a09abe653e468c2ed558f795776d97bdb84b64e1777b486bb44664270adf927e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0381af3bc38da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f000000000200000000001066000000010000200000002c10318d38320274c62f586d33819d154f6ea00cbbb7dd0943de47543e389d2d000000000e8000000002000020000000a9d9a8d912f84daca583cabd375e5d1c6033dbbed67bcd8af58cbdaf2eac080e20000000b3ff4a06d4f8a3c14958afec971928d0fdd96d44d3547bbe9709e36d980db611400000000ecec385e0a56c98239d5bb0dd0e3a260be8c917a648574525e571895bfe50b29b46b92f00aa9ba600ee122bb0a6be589bcab40dc8a78751e99b1ed1532ea128	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100457cdbc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02ef8d5bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000c60a63dcdda3f54f77189ec2d362ad0bf29cc0243a8d8c229ff0f156e6eb25e7000000000e800000000200002000000056f705b97848955becc4903deeed02a113409392d87e0ce73d58f2cde5f8cab920000000947ebe5df6c6cbc15c602e52967bb5a13885e877459e4ddd7ff893f0d8a606614000000082b71903347b7c1c9f8dd96684baff5588bafe3f6739320c7413f5aca0df488e88fc55944ff96f1948b45c9ccdd98fa66359430d997fe45b924c9401011fa106	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000b07c9d6f55b69bdc40009d85e04f51cc5a6c5108e5c6f0006605333e333958a7000000000e800000000200002000000072093b12da475a11695271dcea6ffc7bd14c0927c9b8c495985fc44367f35d8620000000e4689ecdd7576922677258a9e718ef578359ce08e79f9d051f3deaa1101743a040000000ef9a7e8140af6ce4d108300ad73bab2a4120c2b1b2172b57a4df028b3a8c126327c23ff01e9f3f358e2145bb15365c36f01c0c27136f1cafc154d35b60b01dd4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c8d5d7bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6042d4e9bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f0000000002000000000010660000000100002000000016c4a18596974a24c0d5f6b7417e0baa4f622f8ed01306b5a3635e21f179c497000000000e80000000020000200000008775c3e61be2b6476b1b040d4d5882e3c50c77a5378d9e9e6d20756b2dfc836520000000dbcc0db1bfbbfb45120475b8ac75ed14c9dd94614c1f14ece75d7189614c9a6340000000562b7dd32ef57e39df1defa01bb8e5cc33ed4f10fcf758fe93c18727d98f478091ebb0fb8b815e154e5417333f3cedf091a927a7f8fb02012452c89aae442a9a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 807ebbc4bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02d3adfbc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000a5172e648f430f56b8273931de25ded9c5b24c88eb85fca557ef31fe51b53b9c000000000e80000000020000200000005d644f999a324579790b7bcb8e6155ec10d7fd38d7cb2cfdbb935885946c248920000000b62a6ec7467bbf77a5f853de693b916537f598611bfa7d32473111d5723fb65d400000006c87979790a8fa306cad479eaa3bb5e2fe277ef57cdaa03d6ada8fd88a111b47bc3fb2e0892976eb6500dcc23f908e7e05d5e4874fa8e3df166d4ee94b183beb	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0c50bc9bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0fb33f6bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6066b1d9bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70b12deebc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f0000000002000000000010660000000100002000000042514ca87d4a5ded8001fb22936301eb5798b195ce88b01655bd018523d6eec7000000000e8000000002000020000000e48bd25e7fd26c66dcc6fb7e55eac394f9d197677542def0dba5d4352b130beb200000005624ee5734703a632ccca2256cf7aa3131b1e51f6b756aa9dff3a518660a03d8400000009e5d120a7e226d7742421441855aa2476a799b51e6e00521a90d7ef2ca426a05a8ef5fe3a62ebbf444b7eca0dfc98ca040a0cab62bcafcb5516dfc7bddc4c931	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5011cbcfbc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2042bbd4bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 901b4edabc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000b530f82d04d0bf5952e41326575520e58eb5221d1d2092bbdd2f5b569940b460000000000e8000000002000020000000354a47cfc572d871b9585c90976a25e8ad46c2a0ee97fa038c24d3f360f02a33200000005c98530e22891a1996053c7290d833e1e250a0380418b965aba34b7e100427dd400000001bfe68aa4253fafb8726d4772562e06b1ee0b37fad9c931d149331f9860496f036ab2b8dff22308ce9ec3bc64cbebd3d637f4e8e8c6a5eeae6293a07aa4bbded	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80be57c5bc38da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3504738360"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f000000000200000000001066000000010000200000001d7f5882863e0412d67315d9b0c6c78dcf971271a3234044f80c5245711a4ec6000000000e8000000002000020000000ebcfb5e8b271c885659c61e16aaceb8c15621f90c50f394be4ae318b90fbd0c120000000d673e9987d2465276a0f0b28549a136053ce7a66702b892003af5a16c0fc77ab4000000086fa4a23316e66736a4bb5d1d753d69840bd5f83fda046b8eb74eaa8832f7d80556d7082313c6a275fafea74095cc548d438f0dbc043c8c797b14088499555f4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10352ecfbc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 307500debc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f000000000200000000001066000000010000200000001fb1066f320f807a8ca7ca9eedccedd05d507e024f744e86e5dff78af04430f5000000000e8000000002000020000000fc17421a06e2c698cf39209814d27fae045fe18d8fadafc64d3e2d4d8bfef2102000000053425b7c3695387d64bc7048ef3b803ea46c10e0c7acfd01a810d00284d74d8c400000006a07483c5aaa39409c2a515d979748638216bda84effaf39e31802eb0fd2d514029b29a182b3783b29d5414604e36928f4328ddaf9935df700a25dfc35c336d9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f00000000020000000000106600000001000020000000c23786a870615625cd199e6505fbe11bea5aec36d414756603bedf2b07bca2b9000000000e8000000002000020000000593271346a8b909752f315d13e341cb58a1e65b888986e19232d3e97760fb0fc2000000024f562edfbe5a9dc2df92d2a87f7fca799b4927afeaaa281b8e7d90715ceb0ed40000000a922c0916adce152478b31db4ace3ca0ecb22b4b0321f9f71fd7977796591bc81ff5b818bd492c50c5f5750dcda4a54cee45d696160b8a94a6229bf628970cad	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90cfedf9bc38da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f000000000200000000001066000000010000200000004e52415d740c57e1fe0e40a49babb9ca5cef0bf8b0eba392c5bd6aafb501fe81000000000e800000000200002000000053ea2820f943b4e35375405a9a805ff9ddc98424ae78abe648e3b9a547f5de2f20000000406fbeab0fdaf0b29dd88d6d4852354d13e14a59fa549b338e63606f8402fb8240000000a26e56b86da0ae1b8cbfce57919f6511c37224c609b5ea99e5f7e08ece3ccfb505294889c96a6f8bf29fe1e0900545873002f3d1e6ece254c38fc28efb3d1fec	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3744	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3744	iexplore.exe
3744	iexplore.exe
3160	IEXPLORE.EXE
3160	IEXPLORE.EXE
3160	IEXPLORE.EXE
3160	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3744 wrote to memory of 3160	3744	iexplore.exe	88
PID 3744 wrote to memory of 3160	3744	iexplore.exe	88
PID 3744 wrote to memory of 3160	3744	iexplore.exe	88

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5c80eb5d347d28d82c94584169a50414.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3744
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3744 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBDF1.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

Filesize
3KB

MD5
a6c529c73075cc4f53c475154591cefc

SHA1
bbf17c8b182746e0ddb54fb2c058dc422a820d39

SHA256
d743c7af67ea6842aa98bfd8fd0dac5a33755cd965d70f60d53a0dddf89c1f42

SHA512
8c5eaf59a0471deb57f328844887b85071248a473d3d9f64677778b9da6fc7e54b96dc817a5612d3d7d251495b442baf36c6686ed405d5b2cb8e3891452422b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

Filesize
3KB

MD5
1912903746f31c565472d3f85e76ca29

SHA1
18345d241802a4f8c3683874cd7f3989a836561f

SHA256
98d06cf47b327b88b971fd2f0259b3bee316ab9fd1f9f94d9b7ab7159f362c1f

SHA512
387649d36bef01f916022696e599ff6d42ebec61020a7e651596c1d6ef9c41413003f7fbf0af646f5642380aff5906540ce39e3cf49b15697e933d65f9cc6cd9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

Filesize
3KB

MD5
4eea467cf9efa77c69c6022f6381c8c1

SHA1
1a8aa5f898a51fd7e75074232a22575b07da74b1

SHA256
4fdb184f9f588b4fde7055595bfecf737bbfacf8bfdd8a36986a71aeb8ee473c

SHA512
86461e411a8c4db5b0e37093d4ce1caea14250cd4c50f78edd449a481985ef5f5a902fe85828faa7c46503e4c30651d21d2a2c9103f51f0455c7c645685c0e43

Download Submit