16d348d7a2a6d063be0e1fe978ce8168cdf8fe81a0a6dfaf66350a3670e286a2

Analysis

max time kernel
5s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 10:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

48ac7b320558790d4729ea2afbec1178.html
Size

37KB
MD5

48ac7b320558790d4729ea2afbec1178
SHA1

2b790612e582d7c0ae5611c642c64b9625c9b743
SHA256

16d348d7a2a6d063be0e1fe978ce8168cdf8fe81a0a6dfaf66350a3670e286a2
SHA512

a7c9af4da4aeab3bc55a6619ed9cdef4cf0ae3c8ec0ea2830c54dba66296e86c0bae7fc38f83f0ed28510a34ec615d5f44b4ad31d21d1260679dd8122bc1e5b1
SSDEEP

768:Esq08fQO81KJ8HOsMxp8bWyzSbBFqpKTGWBE0Nm2S4Nvh:EB08b8QeOsMxp86yzSbBFqpKTGWBE0Nh

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{941020F0-AD43-11EE-A0B6-E2269387CB8A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4976	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4976	iexplore.exe
4976	iexplore.exe
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 2532	4976	iexplore.exe	16
PID 4976 wrote to memory of 2532	4976	iexplore.exe	16
PID 4976 wrote to memory of 2532	4976	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\48ac7b320558790d4729ea2afbec1178.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\blogin[1].htm

Filesize
138KB

MD5
5c35f9292840d91aac0731ee1b026b56

SHA1
e9869df0c293ce5b7c059bf0f4fd743c6800f602

SHA256
1ce1caca5db0a74fb78a691c5879a7ffcdc249110461522fdc039d9d46d90dcf

SHA512
f423237d082c8660f1016f9f036c275aa7f56f132b66cd1c2f6fa01a86ca47ef263e7ff952ab047f12855325cf0de85f709a3000ffb5e6893bc2aeb4af91bfc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\css[1].css

Filesize
1KB

MD5
13010d2424948e40cddab98767707f18

SHA1
41e5815d3f38a1191387824e9ae4e52990b5ea05

SHA256
e86a2523362bd2736beccba1aaaa53e9c5a92f57fa52344569e04ae1908bcefd

SHA512
12bc5e14b38255a66a165c40c0f8033457b48fa6ce3d5f4a8e9e42d1ff958635e7be059c99453cc7fa4fb3b36e75dcc1e9119c1be75032e67910872e6f516a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\css[2].css

Filesize
243B

MD5
0604e55a2a74c5bc3652a4142bf436c4

SHA1
7dcc3f6b737eabbd106090cd5244bef47053fb69

SHA256
7b055126e7b0f565c32f1ea9c96a450c6de0d038787aaebe4682c3825950e922

SHA512
1e59f9dcdece28cf3f488c4b1a8aafabbb28e38416d8e08d6adff4a1d9ad9d9c790f64cfe743497d14549147938ffa6c4e3f2485363c73d9a08bf5a3caf1dcd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\jquery-migrate.min[1].js

Filesize
9KB

MD5
7121994eec5320fbe6586463bf9651c2

SHA1
90532aff6d4121954254cdf04994d834f7ec169b

SHA256
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

SHA512
b74a2f03c64e883b9a34de43690429327dfb4aa230a7a6afca8150a16e3d84e98461245ff264c26368d9904562cc34fe219f71f951d364fa5c68c039b76776cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\jquery[1].js

Filesize
94KB

MD5
dc5ba5044fccc0297be7b262ce669a7c

SHA1
f137ff98ae379e35b0702967d3b6866a0a40e3be

SHA256
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3

SHA512
bab5eb2c4acc0cb1c65e8dedbd6b422480fc20076d6c1b12879cbf1e5b352969e1553a0e878401c2f2b9507b64b02e8abd4c6d1ab7e3d2c06272a491ee712e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVQ[1].woff

Filesize
22KB

MD5
9c845091c3e04d05faba9fa0a7dd3f87

SHA1
87588c9a58a0e2069439e138fb09427a208baf64

SHA256
d4964864e91e640a2b1008f4eca62cb388db555a4b1e86fac028ba01d139db97

SHA512
8d7804b5b4105fb671a5e5fd27543faa297ef62a690feafeb8807878684daa77324b189940445afaf507ee1c16ac4503023e6cef3ade21f47b81fcc3eb38a0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\0QI6MX1D_JOuGQbT0gvTJPa787weuxJPkqs[1].woff

Filesize
30KB

MD5
aaa4bcf06ea65d88f8d93c47e8a4b779

SHA1
da1614c3698f529c9fd9eef73d3c98f1805ee0b9

SHA256
3ab5968b6c3a3d67e78ad9d62a428dc4943a1631ad126e973c6732b83835e168

SHA512
e0fe9ddc1095c0a90640ae369d0b66581dc2ebb7eb3b993cd82db8168cfd7d9de90455b0adf6b0dfd3a5b7beb9f5f6da938fcf00a54bf64c3330493743856cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\5LS54BM1.htm

Filesize
68KB

MD5
4983651eaf82fb84bb4244d2a7b4af6a

SHA1
a704afdba1ae3ecb6156821c5cf88efa758a3c21

SHA256
b88ee7ca8a6ba51ee9a85dcbb6972e5bff31dcd68e48abeefc9ff7d4843ac313

SHA512
b993e1a26cc22f0109d971f6e5c286d99ebce11f58ec9f6cf762a066b721a547f93b42d7dafb8c0ca90a2d6a4a8d6cef88586047a2243acb0c3cddb0bcac3669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\css[1].css

Filesize
1KB

MD5
794dc6b8f4b41647a5d656a60690bddc

SHA1
b6ea94e1d9f90d4ad1688fdb1977ed115262cf11

SHA256
2a251ca6d7597af284204416c795c4c980fdcdc5af613036cc7ea0782829bc1d

SHA512
13d4243642520e0e91f7ae4c3fa6a9de3353c2808879db4af39e9f82e0757344695a285c90ba65f09626a3a6de874ef835f514c01dc746374537c1a7c138a662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\jquery-2.1.1[1].js

Filesize
241KB

MD5
7403060950f4a13be3b3dfde0490ee05

SHA1
8d55aabf2b76486cc311fdc553a3613cad46aa3f

SHA256
140ff438eaaede046f1ceba27579d16dc980595709391873fa9bf74d7dbe53ac

SHA512
ee8d83b5a07a12e0308ceca7f3abf84041d014d0572748ec967e64af79af6f123b6c2335cf5a68b5551cc28042b7828d010870ed54a69c80e9e843a1c4d233cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\maia[1].css

Filesize
42KB

MD5
9e914fd11c5238c50eba741a873f0896

SHA1
950316ffef900ceecca4cf847c9a8c14231271da

SHA256
8684a32d1a10d050a26fc33192edf427a5f0c6874c590a68d77ae6e0d186bd8a

SHA512
362b96b27d3286396f53ece74b1685fa915fc9a73e83f28e782b3f6a2b9f851ba9e37d79d93bd97ab7b3dc3c2d9b66b5e8f81151c8b65a17f4483e1484428e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\style[1].css

Filesize
14KB

MD5
9d590ffe88e3d1b86969947303ad6f03

SHA1
655b74b341cbeabbc0ea4cf0e3dcee7ef6960808

SHA256
bcdb1a6623c6fb65b3359581d3aec78ee2cee3ede3b190e4b11a9f9999a7a1fa

SHA512
4605dbf61d824bcef63a156e9df4274b4c3dd433185606dec896371791d62335066068935c7e5dff930c06d67aee0dc782c7d1508153b464da54d371144ebc71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\wp-emoji-release.min[1].js

Filesize
11KB

MD5
fe0575b66568074463f12485d90f6d4c

SHA1
aeedd9ab3b7874e63f647042963cb1301a38b391

SHA256
647a6b36f3fd1f21bae171270111096b4613c23a47e6621628a51bae9c82b0b7

SHA512
0d209cbc9550cfcf49ca7ca5a1243e1578c0a42f9fb28c1fa8d353cea26f24eed282547f47fe858126e1ba9a4aa4d8ddbd2cbdef9db5a45f24cfbfd6383bff9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\204402360-widget_css_bundle[1].css

Filesize
30KB

MD5
123e73e213c43b44b9b248dbfe063dcd

SHA1
766a241b6502e19de002c08ca1fefb413d3fc28f

SHA256
eac64365f691073d4103638d8087cf35fd9e91fb0f5b2f7a219ea2bc39f782b5

SHA512
829a32e2312bcd9edd4d58720a12a9017b005e95ead1e0ba245ce92fc5f9619226dfd986e1aaa6f047b5c4e2cc2c639a02ee7bdde7a85062e02141d217e05dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\addthis_widget[1].js

Filesize
16B

MD5
87a056f7e9d8198822d301162d77babf

SHA1
2fd14cfe7b85d17b442508494b5fb8a272dd1790

SHA256
8666bf77c97fd69218900eb3db6cb9c2196246c7e9d247bb5a20cc5799b090e1

SHA512
90fac6c440877f3d282a37a90e51f0a8bf08cd7f657cde83b3159eea929d3221393bc0cf04037ffe9bb3e3aa7d455022f509b3c0a24dbe54871ea0e4b10efa93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\blocks[1].css

Filesize
9KB

MD5
0f29a5723851b59ad7cd1cef561202cd

SHA1
f372ee084de9d97b8fd294bf1e8407da5229dce3

SHA256
9f6fff9ac78d670c9201c67f7e5af51fc8fff167f1dadc059226c9a1c79d9a10

SHA512
4a7637f319e7a009e7c2f52803bc97ddedc8897d17888a2ce232dd280f1f81e81da6eebf8ef422890c6a7c57ec91f91a08f17de31dced1ad5fc451323e9b7c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\isotope.pkgd[1].js

Filesize
89KB

MD5
8896e082b3fa1738e2e2f558a7fc1fa4

SHA1
310a231a18550385297e140282428a06feb675a6

SHA256
699713f69dbd2387b7c3b57204bcdc3d86d3ac350718a7ad65a5293e0d2c53eb

SHA512
13fc8fe5488f5dbe957a55fe7452ee503fb5219c3f2b3eed3277054d86eda0d48275164f16818dde3676a76ed55311c49216cf88bb99859a55117c64f7000709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\navigation[1].js

Filesize
3KB

MD5
3ff648d4ef19fd437cd9673c16100ff2

SHA1
b4033461c69e6c54242d7e3b8a928a21532548da

SHA256
d4a773157d632307b4e553759ca24f625ea8a788b6588647d79b3a3bfc083cb4

SHA512
b92aa6bb4bb7a1ad31e6963b301b9bdf93cd16ec6b5bbc55d2a6e6692b390cc6ed0ac31efd29bc84ad9f8791cbb7e0cb481dba70803721327b02b474af049650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\packery.pkgd[1].js

Filesize
30KB

MD5
8e23aac6b3739ad320a4135b21a8e5bd

SHA1
15856a09010af7d3cfb80542cfd304ef0219b624

SHA256
0b8bbc3accbfae7ce08858ffdb58b2efe4f7d4c7e99593b694272661406c8f47

SHA512
500482ea27153e1a9bfc7ce593dbff1a5610c69b8b0d9841e587f83cc9d188a1671165c6e6747f8748a569d41a5ba9493530a418ff81e257e629cc2946e075dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\style[1].css

Filesize
113KB

MD5
0a0e9795625eccf6bfde71b899b1d1d2

SHA1
beaf88d9eb5205b3f100dcd6e879fa15243d881a

SHA256
fb6c7392a72919f79a970373cca6a4e79ad700b895dc812f4e3badb759c7096c

SHA512
9356a96337315d7f022e001f0793a94167d9555442e8ff6b8bb5c3357071f116c8c4c7a691a2068208899c96bdbd5242bade86246f462f5b6f2576548ef5c457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\2223071481-static_pages[1].css

Filesize
3KB

MD5
abd7446453ccdc733ba0a08169aff6c9

SHA1
5c6954a63f01d55721edaa6236c5815087635333

SHA256
bc75b808f349e4fcec454de341b7f80ff44fccd902b0e1109e18d5b3a35b7de3

SHA512
767d651af1adb1a6db1b0d4cbd808c939b24cfbf316d48bdeff08b78e8fdf964520b203cccf3090045e55408e61d6163bddd299506bf9536671ea92dd1bb6053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\css[1].css

Filesize
613B

MD5
3d60d304656b4a4cf3ea3d8772e88695

SHA1
9b2cab621e9662825cea7a5f99eca59bbac05663

SHA256
e099396211b95c522e01012bb18e823f990d3615c46aaac4a57f7baf5408942d

SHA512
a016cb8a35c2666be722531f658c84223d0a062bbd88f99cf403d6f635f28d4d04b08ad42777c88132271e7c22727bde89ea72fc881aaae43c288906d0b879bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\imagesloaded.pkgd[1].js

Filesize
12KB

MD5
3733facb755ad84fd65019259886cf9e

SHA1
d6972b1fca4fcec2499b72b45b67ebf688229658

SHA256
c432a76619a95094c6100191ea25ff6a3dd5d783c56d1d7b20ee22ad34af2614

SHA512
de88eec468d5decff5b50327759dcf4d25164eef32f3150c809b11a1a6676e85486cf4027c83df5f999e251022ee8991a7421013469f8a6042cae66a90df6ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\jquery-ui.min[1].js

Filesize
232KB

MD5
e436a692a06f26c45eca6061e44095ea

SHA1
f9a30c981cb03c5bfa2ecad82bd2e450e8b9491b

SHA256
7846b5904b602bd64bea1eb4557c03b09dabc580b07f18b8d1567d1345f0a040

SHA512
1b09a98336cbc0c8ff0f535a457a3db3cd3902e4a724bb2e56563648ed1a36201dd84e63f45dcea80bb6edfe80a17db388379417386dec76341fb9eadbafa88c

Download Submit