0025858c5e935f070f4a7bdbf41eafcb1c8fc171f6bdf6be7e3c329c64dbb15e

Analysis

max time kernel
139s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

106bd6c162fd48d9a00a94526c0cc29d.html
Size

44KB
MD5

106bd6c162fd48d9a00a94526c0cc29d
SHA1

88134cf4e733f6e9194681f00c5394d5c37bb420
SHA256

0025858c5e935f070f4a7bdbf41eafcb1c8fc171f6bdf6be7e3c329c64dbb15e
SHA512

17c63b71870f846e8960ddeebe291795e7be49ae5ac8f557d88f6deb46f781257aaeb023216ccc1f6122926a44b33dddef99db904478643b05efa1682ee53ad0
SSDEEP

768:hXlsoMjU4V2ANcIZ4CvuncR3Osxfj4LSfox7zi:hXlsoMjU4V2ANcIZ4Cv4cR3Osh4OQx7O

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 62 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079519"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "634"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079519"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\livesupporti.com\Total = "12"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{65288929-A852-11EE-BD28-524326B4BB5C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "968019382"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\livesupporti.com\Total = "634"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\app.livesupporti.com\ = "439"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\livesupporti.com\Total = "494"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 609f655a5f3cda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de6000000000200000000001066000000010000200000009afdc0067aee1bcd245c805845d1017961afc1419c4e9f09d74f0658a14f31ea000000000e8000000002000020000000eae3f72ac7d90a35317343ac02e658b426f9f8ff2684fa84be0666387f4dc76d20000000f913e70224e0d9d4c04b70ff238220e139edd8e2dd5e93ef0d6f3348b9f4c0bc40000000f5351f7662e6f03bce7ef8c49e65bddc9ff9db99b234a1578243e07d8446d22c13a5510f4a98c54e2d65ef916f7f230536429bdd2722f65326185a87e8b5f2b3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de600000000020000000000106600000001000020000000b2a7a95b16a660eb435d20b9848b17b09c82e6439f34966159b5ed17aad68018000000000e800000000200002000000029ac0b9825f9118a1855bb0a5f02c2db08758e3812ec7887844cabc42877d8ec2000000057f826b1e3dafd779c3ad5598d3cc70f2bf08558c25e7f52e2ea28c172c28b1740000000baf2eb2c79fd2330eece5de6e8a14ac4e29c2f10c572d8002b55399e6a8cfa0662864b6fbf5565ab18edc958cc5e0096cbcd20ea790ba71f23b0b30144d34527	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a46c5a5f3cda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\app.livesupporti.com\ = "634"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DOMStorage\app.livesupporti.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079519"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\livesupporti.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\app.livesupporti.com\ = "12"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "439"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\livesupporti.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "12"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DOMStorage\livesupporti.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "494"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "970519746"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\livesupporti.com\Total = "439"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410843208"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\app.livesupporti.com\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "968019382"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\livesupporti.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\app.livesupporti.com\ = "494"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3904	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3904	iexplore.exe
3904	iexplore.exe
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 2228	3904	iexplore.exe	90
PID 3904 wrote to memory of 2228	3904	iexplore.exe	90
PID 3904 wrote to memory of 2228	3904	iexplore.exe	90

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\106bd6c162fd48d9a00a94526c0cc29d.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3904 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\IDQ5TVMH\app.livesupporti[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\IDQ5TVMH\app.livesupporti[1].xml

Filesize
989B

MD5
3b556d75c7bbb4931d69f35b00d00593

SHA1
0bd61f41d18767e3c45e4cba41f8a27ba5751fa3

SHA256
d5d8bb5bdd5927f1ed81801c2446a51f7ccd60fbbc1bc94be6dc765a54a769ef

SHA512
4c4a2b5f83ea25110404487ed8f984730cc13186dabc0ec66aa20b9990945e00431fd2d28cf59f2cc434b979e9b076867b6fa1348cf03c98e6616f2838f83eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\jquery-1.6.2.min[1].js

Filesize
89KB

MD5
57d176fb2b06011da4eb772219a3b657

SHA1
1847504e9d34717520fc9e73dc55adb429bd1003

SHA256
6a77b38ba7dceb629966ea920ac591c656447acd8bce66ea26ba6b371fcd3c5c

SHA512
25f05768ada6afb78816970c664c0d942ffa8a9f185dc3fe350fa425f3bcb273455c473d258d64e0b6d86290f479efa87374725a4683bd919fc360aef49d77a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\styles[1].css

Filesize
136KB

MD5
810175fb0b526e244f44d3f7392c818b

SHA1
47feef991b7d007c29928a0cff7863dd5cd3006c

SHA256
a9a62369f9eff1225d4d7740fd92db39a37fd18c414f3344e8908d76a37cbd4d

SHA512
f10d80cdab5edf63e7c65c40a7ac429fcafcd9c7dd3287c8f3160378e2420782bd5d0b8081d9410e9c3d749ae555ce3e16fe57c5228ad4f2a44a9f0a4f1e44f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\widgets[1].css

Filesize
4KB

MD5
6315c2679f7e722617dfb3866ec3c974

SHA1
fa9e216f0b3beaf025d83a9ec7dbc131f974e834

SHA256
c6378a194cddb5bb5892ce0ea3f428a40b9decf1f9f6ecb04683d495801f04c5

SHA512
2c231552053e49c86e9ec279e1bcdab2036044a0eb7143a03a3abf0bc3a3e6db49636e26cdcffd33c57220c178f0bce301b1d20af1914e096985e3dcf3d49b77

Download Submit