2f8e534b2ae80c5f17044adb041901e107eb65aaafb8dc3150ee2783881a402d

Analysis

max time kernel
134s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cd1261bb8bf639e6dbce697e3041f02.html
Size

430B
MD5

2cd1261bb8bf639e6dbce697e3041f02
SHA1

f605f2738a4783e3d9ac272de84bd1eff1ab9d17
SHA256

2f8e534b2ae80c5f17044adb041901e107eb65aaafb8dc3150ee2783881a402d
SHA512

95df93d81ddfe3fc207dbf0c5f36d83b37ec917de836a188d500198afcfbd0c4ae4345e65cc639d603c657f2c25e7ce0bd49f7a79bfc8cd8a939323f0ffec56b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 42 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079798"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C127163A-A969-11EE-B6AD-4E55496B34AD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d023e0a0763dda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4d347bde384c849be64bb2f1c358fef00000000020000000000106600000001000020000000f84a817de00e126aa14a0e76e061fa8e8645e55136d6084b312d39f2ccd38d6b000000000e8000000002000020000000d6964801e61ea852610c84f37cdaa2db6554570a0e11be6f0596ea32e0ccab152000000050bdcf3f3f4602a5cdb66266eaf623367e981d3312b3b9e2918b826e33460aff40000000fad0530b6329da1c201af84b15c598f13e44f947d69ca12ce22a4ef218cdb87713eba67678adcc928d7a01e63f2393e2918f290ac557e723a83129d9d9e39bab	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603acca9763dda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410963208"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4d347bde384c849be64bb2f1c358fef000000000200000000001066000000010000200000002845e098d348b1d1b896305c7608bd48f1227128a06fa99015535fe47a927de3000000000e800000000200002000000017c8a1bf008b4c60e03cde3a7e45dfe1794b7b81594ac4a171eb2b0421732d2e20000000eb751f960344806007136b288ae598f2f38af77ae279357af9347366879475b0400000007c13771439fab4ea7ff2c36da329b0c3a7cdf15c18bf02d96f23250c941aaec62da141483aae548790072fe021f5bbaf3de15a23142237b1bab14f8d30d0f480	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80cd7796763dda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2534751130"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4d347bde384c849be64bb2f1c358fef00000000020000000000106600000001000020000000c4b500cfd6be4732cf4c5b048fe503c00de1959f39e5d690db587f71f6062a66000000000e80000000020000200000005641e054055140a4ea94ec0a4818b78c870d1d90104b08b87ba13f70009ec22920000000e594e7fb4d19f3f6cb52c2dbac5ec0ac147b152ee5286e0b7cc41ee876bf0a8a400000007ff44a68c03af04a989c6bd9520376791dee91f55e887f46bcd62f7a3c1b9eed9a48145f0922b6e6fc8992187886a23760c07c90e02243b13ccc3af1590e231a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079798"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8068d89a763dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2534751130"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4d347bde384c849be64bb2f1c358fef0000000002000000000010660000000100002000000000942ed0114de0ef9631164af717d5e3892235dcc9454c4317ad083204b0cf0d000000000e80000000020000200000001368eaf81e0ef59f28d1cf8cd8b7012c4d6aceaa7ce81d06f06c4f9c18d73cb820000000eb911ce4d491efef54739232a58db76bead2b52b95abb53e5ffc9c40b708099f4000000075a878749559d79befa7d84f961c6b77ef5eb6b99af35326bf182f3f8f0a04cca448ebe8b8590bd35e550ffd7dc44b566af97e4adbdf4c1983a044cae4409c89	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4700	iexplore.exe
4700	iexplore.exe
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 1276	4700	iexplore.exe	91
PID 4700 wrote to memory of 1276	4700	iexplore.exe	91
PID 4700 wrote to memory of 1276	4700	iexplore.exe	91

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2cd1261bb8bf639e6dbce697e3041f02.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4700 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wx7tnv0\imagestore.dat

Filesize
53KB

MD5
cea3d28167c1cce0238f94ea98aaaaaa

SHA1
236d94ae3771f6a8eef6dd7a17dcd788485eeb41

SHA256
d67830bbcd038cb37e80af36b08556d35f4bca43f8836d13550f168eb6d29d1c

SHA512
e99464ff705f20a040fb6fe7bd10136d256f8d76b92a54c949de31f9dba761cf7b5203daa0464bd2049d3ccb133dfdddc138c20c0a87e0e1528a78c42e151c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wx7tnv0\imagestore.dat

Filesize
1KB

MD5
678332f33a69738bf8284ca0ba517bf3

SHA1
e251c56009179de8f3fc6b1af66939c97ceebacc

SHA256
1fc765b9ccb1e1f0d72b4db5c5b2f33441c56ed21a3d6116e2e271fbd319f840

SHA512
cbed9e7cd82557b994cd5f851ee19a789057f14c7264670c62a3eab82b031333f8af0faaa08be846d67217ce08ac9671ee93f82744adc5ff62db25890e01f6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3T8W3B4\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WHUIQOC9\favicon[1].ico

Filesize
52KB

MD5
f0a8acc314cb0006dc9ea2335f856f14

SHA1
6e7155fc3014bb1287d09891d1fec3dbc5f24bd9

SHA256
c895c96c4ff471e8bfccc608a6a808babe6b041533fb529d4d48d1cf2348cb93

SHA512
2f4eb01c04dd86915c90f4505549ce24c66584dc63d6d001cd87ddefc1ee2cb14724c6d677944195974b8e3ed4db95f458f89cbe7c22976bfb85b96d69d420ca

Download Submit