e0918a90936b69c65249b6218603159e07aca43efe25c6153ddea48b51c19905

Analysis

max time kernel
190s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69c3b64283c317fec681963f8edc823b.html
Size

19KB
MD5

69c3b64283c317fec681963f8edc823b
SHA1

78782195fa5b7347a642c1fb73ee29f35f4ca9b7
SHA256

e0918a90936b69c65249b6218603159e07aca43efe25c6153ddea48b51c19905
SHA512

041e555c3ce77f02e57cd0537574000ee5113b7f04cb07ea1a6445a81169448f1701668fff02cae0172c155b18bf13526c9a3310925cd6ffc18ea0ca0c5a981f
SSDEEP

384:4+QfPFd9QZBC7mOdMY6tKfpC5IgSnbmFe7AcOb6lGLDPd:Zcd9QZBC7mOdMYvpC5I9nC4kPd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078650"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2272946441"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A8D24843-A4ED-11EE-B7F4-524326B4BB5C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2272946441"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2268416650"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078650"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410470128"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078650"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078650"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2268416650"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1564	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1564	iexplore.exe
1564	iexplore.exe
4856	IEXPLORE.EXE
4856	IEXPLORE.EXE
4856	IEXPLORE.EXE
4856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 4856	1564	iexplore.exe	91
PID 1564 wrote to memory of 4856	1564	iexplore.exe	91
PID 1564 wrote to memory of 4856	1564	iexplore.exe	91

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69c3b64283c317fec681963f8edc823b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1564 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE886.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G8X408WQ\jquery.emojis[1].js

Filesize
289KB

MD5
f2d51c2a4beb43201876449bc2ecb764

SHA1
41dd3b479f1f77504d58c2a4d1a5053d6cd529ed

SHA256
83df4bca0fe9f4b0a18302b6b0194186077f04c352659f244b406d957af70cda

SHA512
097bad43d11055bc3e441d4df0e5183d91e35d8306dc92e4c4e2acf73130fc9a515a69b833194e820116b7f688b190d57bd91fa98f693d7bb112c672e6323084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G8X408WQ\js-loader[1].js

Filesize
650B

MD5
ea5a5798612df63ab0532174aaf62634

SHA1
0f4713eef39ab07510d3703ef201885475ef0b42

SHA256
ee44a690e6d7ba27656d9a013b7803d69461a19444d834c918d16c1c56598a31

SHA512
8cfd3dc5eb7f2ab4f27abf80bea6955a00112b84ba074cfb8a1bce0207c36f6f12e2f3e90b8ebb8fedd56a5520a4a0d09397af9e6f4885addd890df7bf3b8907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G8X408WQ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO8BH966\Rockwell_400.font[1].js

Filesize
17KB

MD5
55a0d8277a94894a8b40f72717adf869

SHA1
84ec2afd66e38aeaab8988fb18787e32ac6e3bb0

SHA256
f8bf624dd3d3247c58ddf95b43c5bbce5c12404158d466ff8235af41e595f29c

SHA512
152d99198ebf5e5ab18de1bd1ffb804912934a8fede44826a08c4b7b30e17be222acdb406e8e005819f1e40a4e2d63c91a01a19e672c309c74f2ce19b09efb3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO8BH966\cufon-yui[1].js

Filesize
17KB

MD5
461958e1e515e8e0f372e73b4c819d53

SHA1
3745471542e7992dd2f5d85b2948da66845ade37

SHA256
186707c7ae0d45cba1490a5556f59fc371f6ab88cc16c452fef8b70072cb5e54

SHA512
734f8cde6780c2deeb1f23b21097fc381193ef0c3492d16b411984bacaf807b2799e340d254e8371ecbb73b104d29ee8a46448e26e0ef14b26460ebdde100d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO8BH966\iepngfix_tilebg[1].js

Filesize
4KB

MD5
f784a2dfd0ed53c79fbd8fa1b659c148

SHA1
208dbaddda3ad773a79c37190be7271534cd5632

SHA256
06b38ee5447491fe18209a2daf425004d6ba4155821bd4873ca31ba7b1145544

SHA512
53414e72f3c1645fe4ab558f750302273356f73d245a0447ad709757674c182efa5dbabb0e7d690bc2c169291088d700d506a6a6cd2d6f36ab6e942b618e2d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO8BH966\jquery-migrate-3.0.0[1].js

Filesize
16KB

MD5
7bc46cd787fd2b6d3336e056301d4b84

SHA1
60062992ac61926ac3e1604b7f89cc373639c66a

SHA256
7fe32e1f272b3c300aca9d573ab228d87c605b4a705369d3c459523c52c9428d

SHA512
37ae02c8da88d3ff585d85035162f4e927cf1ed4d77d6b83264abc12a94af5b484095f2f46e9f3a6ef80436593ab482646b80479bebb8e782667eb86e98d3397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO8BH966\layout[1].css

Filesize
42KB

MD5
e57c81f3a17073a78a7c3c865f74f89a

SHA1
587d7c955432f1e5a87460ecbf9086ae2589346f

SHA256
e36f1f796e538f826beb42510edc0354133c61c7f711b827def7f91d3f7c8bda

SHA512
630aa9dba2aee1125103954b093af8b24907d98761e1a9b93fb6f6c43abfec3afdf53825e3f12fc3cf87fa14855daadfdbc90b1e49b503fb2917599dd77daf52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH4I14XV\emoji[1].js

Filesize
3KB

MD5
61e2a760dc00df1902b71fb2c476f080

SHA1
8b8be8ee045c78a8309089e4ed72c46b635d5852

SHA256
5ab20bf6ee7f7ba9688e7e5e4aef4804ec97734e2345df45dae48490e7dd0a58

SHA512
fa3e17d56957df605b492ebf33b175de40f9caddb46acfd205af9caed0984eb455d89fe39667dda3f8364e43f2d9b9405f5c0d76173f5ae286a9185f92c52389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH4I14XV\jquery.md5[1].js

Filesize
9KB

MD5
8177a4f468b58a79687e752ef4cb8c67

SHA1
3b3edb565f76e55e6185fa7f45a9cd4a00b50b13

SHA256
50d474e9a0f04527cc54d2e81cf176de5023e14482805f59e1ede1713dd2e224

SHA512
3891387742c5fc261345da42feebccdaf4c078aa288bfffa5f2a369852ecf315d689897326d9c7e08c166bbf64c60f634472ff462d5d336297bc6e43598cc07d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH4I14XV\roboto.cufonfonts[1].js

Filesize
20KB

MD5
301d51da906e6cd41dea529d764dc504

SHA1
15dc16d366325aea102fa46c11edf04ea83a0283

SHA256
d49065ed2e4f7cb5eafab0fb03611563146102e514a5946bfcf08de6db58b85b

SHA512
6d50fea1d52b5bf19d1c758465d054dd3b0f03dbd754c29177e7f7248c275dfea2f61368857b54da914187966539f2eb5dead4308dcc331980fc26ca42255ca1

Download Submit