f4adf01aaa44fab80fb1642c2b0bd2103de12faa70da7c19a2805f2e5964a3e2

Analysis

max time kernel
161s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66d98649bc5eeed182f2319be025abdd.html
Size

12KB
MD5

66d98649bc5eeed182f2319be025abdd
SHA1

c422663499459f9b20f338d9f979398a6b44e412
SHA256

f4adf01aaa44fab80fb1642c2b0bd2103de12faa70da7c19a2805f2e5964a3e2
SHA512

ae1fb737ce91fce4e5af0160fff2f75f326af4ac90cb42fc427d38f2ae5b634d7ee3811514650253394363aa03bf61ee156f2737aa623fa9afc7df2636832b6e
SSDEEP

192:mrTvgo1UDgQavB2zdL1nnaNS8OpL+hn+L65m7N6LqzkiBlTzYUBl5tZBlaBljkME:mfgoEgQs6BTBpL+hn+n7Nj1Bv5oVkME

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "13585"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "13669"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\regbu.com\Total = "13585"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078637"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078637"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\regbu.com\ = "29"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\regbu.com\Total = "13549"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\regbu.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\regbu.com\ = "13669"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5A864147-A4E0-11EE-8024-4643CEF3E9DE} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "29"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\regbu.com\Total = "61"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\regbu.com\Total = "13669"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "13549"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f00000000020000000000106600000001000020000000e5cc7baa532e6063477e0719f7936197aa3a5fbd37db9fa6549bf49651e2e561000000000e80000000020000200000000b5df05b1af2dfd30f2f8b6cee12f3a592c7f25bbaaf8599bbc394e91e9052d62000000059031b3623269d956c27b03d26d8be132046742a92e314a299f4f2b46049f99340000000c25b3f3ad1eb4fa5c72db77c95636055ffe7d6c8c6beaeaa1ca9f713ee91ef0914ae7b679a1d9db689a01d79d9c6c90729aeeae9bf806cb13abe76c51366c11e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\regbu.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078637"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "876213491"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "789027929"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\regbu.com\ = "61"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "61"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "13687"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DOMStorage\regbu.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\regbu.com\Total = "29"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410464383"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09f144eed38da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "789027929"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3700	iexplore.exe
3700	iexplore.exe
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 1808	3700	iexplore.exe	89
PID 3700 wrote to memory of 1808	3700	iexplore.exe	89
PID 3700 wrote to memory of 1808	3700	iexplore.exe	89

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\66d98649bc5eeed182f2319be025abdd.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3700 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FNDA01FE\regbu[1].xml

Filesize
141B

MD5
6ff54ec851f0e2944add5962d5b20b2b

SHA1
febcdb6c85b021bc9f56020b9676aae9f8377390

SHA256
7775f3af750bbfdd85b0ff7140cab28a70106916040d23cda81b5609d6fd3646

SHA512
9978eb02f8d4b7dbfd2ddbfa433d0e62fbfa265919bb2a415448f181ce3ed3d55d908c73c77be63e2a3ee84b071600af8dbecb9e5c1d4b93fa3503d0593af372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FNDA01FE\regbu[1].xml

Filesize
14KB

MD5
66cd68949f598715c7ad2eb214965b7a

SHA1
4b57066d43ad6a0ee72f244a15d8270e89bcc021

SHA256
5385b4b70d89c6e3438f116162f22fc71fe0ea1e61a1fbf6d684967f4f7d89e9

SHA512
16fee5d0e9abff5e3723cf28361fc51ec489f2dc50dc70c479e429c9b0b9ee824e197eae5ea9b5435d95cbd622c4327d6baebb0178cf2b5e2e27d804975b4908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\8xk9vta\imagestore.dat

Filesize
4KB

MD5
ab4b46afe1097b8362a88dc934620f3a

SHA1
7abda6029f67fa41ea24ca5eca039a0764d69d1f

SHA256
79328382cda8642a96625adf0d268176117f239cea8663d4940058bacaf5669a

SHA512
904c14fc82fa6186779c3c7f3754d130f96b86a4a9dd9394096580915d1164eb9e283b94ca41886967b82225604d8b5a3fd0a98b1a5d0bc9de515669b4304ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\08N5I3QV\f[1].txt

Filesize
174KB

MD5
76d8235d310835a87e1649c10f8e30a3

SHA1
237e5aa9cfbf80bec27f5114950a66f31c5d7ce2

SHA256
1435c6202d94eabd980f73ff31de7896dcc045c458350f4778d1ab173642fba1

SHA512
afce34493a3fb25d0cd26f549012db48c52a14b891894724520a25b10fb50bed6ecc209a82184168969e19fc2764b571cd20c9952c41a3336bb090d2c740e862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\w-logo-blue-white-bg[1].png

Filesize
4KB

MD5
000bf649cc8f6bf27cfb04d1bcdcd3c7

SHA1
d73d2f6d74ec6cdcbae07955592962e77d8ae814

SHA256
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

SHA512
73d2ea5ffc572c1ae73f37f8f0ff25e945afee8e077b6ee42ce969e575cdc2d8444f90848ea1cb4d1c9ee4bd725aee2b4576afc25f17d7295a90e1cbfe6edfd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M4T5ISGA\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit