e8e0762486ecb0e5d7ab858c829f4af7b7c71dc701c7c6175f747076900ebb9b

Analysis

max time kernel
163s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2024 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4bd7104389106861a6db0261e46903cc.html
Size

53KB
MD5

4bd7104389106861a6db0261e46903cc
SHA1

efefddf4aeb84fa3a2a5d4e5ec988ddf07dcc799
SHA256

e8e0762486ecb0e5d7ab858c829f4af7b7c71dc701c7c6175f747076900ebb9b
SHA512

cd193ede63d1f4ba97d140d51eec8f38100eb3c7c9da7e363f0d9ea38a46555c9be8b0677fa70c0b76791dab26ddc4058eda1ab1816a3fd8a99357697a719fc7
SSDEEP

1536:gQZBCCOdj0IxCOFQVshlokfGRf1e2zSrG9PNJhNq7RURVQhOKV5jVRzxLRvp/lGF:gk2N0IxUVshlokfGRf1e2zSrG9PNJhNt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3617699284"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\website.ws\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0A855F57-AE3E-11EE-B6AD-C6E29C351F1E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3617855523"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31081034"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\DOMStorage\website.ws	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31081034"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411494216"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\website.ws	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3032	iexplore.exe
3032	iexplore.exe
1944	IEXPLORE.EXE
1944	IEXPLORE.EXE
1944	IEXPLORE.EXE
1944	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 1944	3032	iexplore.exe	91
PID 3032 wrote to memory of 1944	3032	iexplore.exe	91
PID 3032 wrote to memory of 1944	3032	iexplore.exe	91

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4bd7104389106861a6db0261e46903cc.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3T8W3B4\iepngfix_tilebg[1].js

Filesize
4KB

MD5
f784a2dfd0ed53c79fbd8fa1b659c148

SHA1
208dbaddda3ad773a79c37190be7271534cd5632

SHA256
06b38ee5447491fe18209a2daf425004d6ba4155821bd4873ca31ba7b1145544

SHA512
53414e72f3c1645fe4ab558f750302273356f73d245a0447ad709757674c182efa5dbabb0e7d690bc2c169291088d700d506a6a6cd2d6f36ab6e942b618e2d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3T8W3B4\jquery-migrate-3.0.0[1].js

Filesize
16KB

MD5
7bc46cd787fd2b6d3336e056301d4b84

SHA1
60062992ac61926ac3e1604b7f89cc373639c66a

SHA256
7fe32e1f272b3c300aca9d573ab228d87c605b4a705369d3c459523c52c9428d

SHA512
37ae02c8da88d3ff585d85035162f4e927cf1ed4d77d6b83264abc12a94af5b484095f2f46e9f3a6ef80436593ab482646b80479bebb8e782667eb86e98d3397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3T8W3B4\jquery.emojipicker[1].css

Filesize
18KB

MD5
13df51261863c362f5069d24f9d3cbab

SHA1
3a6a8948514aac9ae6528e22955ec047d9c2eb32

SHA256
fd7e31503e9caff128415b2745022938ba6ccb929e1f494fd1b8d7777793cb7e

SHA512
d48f2f33e6ac4801614049f7d9009ad18d58134b3fb8974c4cf6fe109ea82949407e2b0a4ed488426aa117a501f71ac1c6ed19941e5cc098a9058fe2e965c267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3T8W3B4\js-loader[2].js

Filesize
650B

MD5
ea5a5798612df63ab0532174aaf62634

SHA1
0f4713eef39ab07510d3703ef201885475ef0b42

SHA256
ee44a690e6d7ba27656d9a013b7803d69461a19444d834c918d16c1c56598a31

SHA512
8cfd3dc5eb7f2ab4f27abf80bea6955a00112b84ba074cfb8a1bce0207c36f6f12e2f3e90b8ebb8fedd56a5520a4a0d09397af9e6f4885addd890df7bf3b8907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\Rockwell_400.font[1].js

Filesize
17KB

MD5
55a0d8277a94894a8b40f72717adf869

SHA1
84ec2afd66e38aeaab8988fb18787e32ac6e3bb0

SHA256
f8bf624dd3d3247c58ddf95b43c5bbce5c12404158d466ff8235af41e595f29c

SHA512
152d99198ebf5e5ab18de1bd1ffb804912934a8fede44826a08c4b7b30e17be222acdb406e8e005819f1e40a4e2d63c91a01a19e672c309c74f2ce19b09efb3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\cookie-alert[1].js

Filesize
691B

MD5
6b25a652eeb29ad487753cd1c96dbf44

SHA1
513219db4b4fa00ce5d242b82c0ac552a1816d04

SHA256
0f2ba354ae263b13bbe671e8e8cfa994b154ec12a088d0005eda0abe307d8a04

SHA512
13484c9a40486509e3c70387e83041fa9a609b3f053a2b0776e929373268ccb388c0da73dcc70e26fe9e00ffdf0dc88a77e14b28c4798b1523c75ec8aec9a405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\jquery-3.5.0.min[1].js

Filesize
87KB

MD5
12108007906290015100837a6a61e9f4

SHA1
1d6ae46f2ffa213dede37a521b011ec1cd8d1ad3

SHA256
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

SHA512
93658f3eb4a044523a7136871e125d73c9005da44ce09045103a35a4f18695888ecafe2f9c0d0fa741b95cc618c6000f9ad9affc821a400ea7e5f2c0c8968530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\jquery.emojis[1].js

Filesize
289KB

MD5
f2d51c2a4beb43201876449bc2ecb764

SHA1
41dd3b479f1f77504d58c2a4d1a5053d6cd529ed

SHA256
83df4bca0fe9f4b0a18302b6b0194186077f04c352659f244b406d957af70cda

SHA512
097bad43d11055bc3e441d4df0e5183d91e35d8306dc92e4c4e2acf73130fc9a515a69b833194e820116b7f688b190d57bd91fa98f693d7bb112c672e6323084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\layout[1].css

Filesize
42KB

MD5
e57c81f3a17073a78a7c3c865f74f89a

SHA1
587d7c955432f1e5a87460ecbf9086ae2589346f

SHA256
e36f1f796e538f826beb42510edc0354133c61c7f711b827def7f91d3f7c8bda

SHA512
630aa9dba2aee1125103954b093af8b24907d98761e1a9b93fb6f6c43abfec3afdf53825e3f12fc3cf87fa14855daadfdbc90b1e49b503fb2917599dd77daf52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\menu[1].js

Filesize
2KB

MD5
2856c298fdbfae3fe0b2da07c6a6d408

SHA1
8e0c11e12995b54c96eaefca4c0cfa23d568161d

SHA256
e2db2f5f3145f0ca152fe10b95e173d34dce603778d86e136fa58562ab1f556f

SHA512
049ab495fca3c3dbd8290f50baac10ed21dd8d0cd11d07f0c132e569b1b187ac141a051b4a9e67c6abd591b77524efbfeae71d75d20e6a2cc8bd492a60b6dbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WHUIQOC9\emoji[1].css

Filesize
841B

MD5
e7afdc59ac3db2e735bca0105b3fcd6d

SHA1
15b9055b555854c519549aa4c01dca887191d945

SHA256
8376faa9ea3b31a84f476ab14bdcd9110051f2e74f99d8a5459658d48a5e8cda

SHA512
6f4dfbec2348bf4bfcce6f9282b227d92d905448aacfdce547a8bcd952eae2de820ce61a0b4fef85f8590512d455cfc20e315bb88b6528f28d618b9558643405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WHUIQOC9\emoji[1].js

Filesize
3KB

MD5
61e2a760dc00df1902b71fb2c476f080

SHA1
8b8be8ee045c78a8309089e4ed72c46b635d5852

SHA256
5ab20bf6ee7f7ba9688e7e5e4aef4804ec97734e2345df45dae48490e7dd0a58

SHA512
fa3e17d56957df605b492ebf33b175de40f9caddb46acfd205af9caed0984eb455d89fe39667dda3f8364e43f2d9b9405f5c0d76173f5ae286a9185f92c52389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WHUIQOC9\jquery.md5[1].js

Filesize
9KB

MD5
8177a4f468b58a79687e752ef4cb8c67

SHA1
3b3edb565f76e55e6185fa7f45a9cd4a00b50b13

SHA256
50d474e9a0f04527cc54d2e81cf176de5023e14482805f59e1ede1713dd2e224

SHA512
3891387742c5fc261345da42feebccdaf4c078aa288bfffa5f2a369852ecf315d689897326d9c7e08c166bbf64c60f634472ff462d5d336297bc6e43598cc07d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WHUIQOC9\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WHUIQOC9\thickbox[1].js

Filesize
11KB

MD5
431e020ed3f165c36b9c455c1abdfe03

SHA1
8ce16c47d4ff3bf17e1440701e001ccae77c6013

SHA256
20b74f32cbe2437ec79c1607092220b9c050fc28daa6d70875e0c926c56dfa6a

SHA512
749824d25ca49b010a4f42837cb9f9a4157163b76aa30d67a47457e271a3936e300420d0478ead894b1af4ef166edc6ea65d137da88f1291ea73a5efd6938fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z0UNWU5J\cufon-yui[1].js

Filesize
17KB

MD5
461958e1e515e8e0f372e73b4c819d53

SHA1
3745471542e7992dd2f5d85b2948da66845ade37

SHA256
186707c7ae0d45cba1490a5556f59fc371f6ab88cc16c452fef8b70072cb5e54

SHA512
734f8cde6780c2deeb1f23b21097fc381193ef0c3492d16b411984bacaf807b2799e340d254e8371ecbb73b104d29ee8a46448e26e0ef14b26460ebdde100d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z0UNWU5J\emoji.min[1].js

Filesize
108KB

MD5
0fea00b1cb51b87b11031522b2c72439

SHA1
4ec519434855399874a25ed9ea72a06627315275

SHA256
be2795756f0406335dea295c4259ca16dbdbacd449b424e2e19c66f070b55b34

SHA512
401ac7e5da5e7c86f0374373a2ce390fcf02ba232a5d0fbd0a8c02e9113a82d6f276ab7c2af921b216c33528f70e4f33df10a55d203d6d151993dc7377927ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z0UNWU5J\jquery.emojipicker.a[1].css

Filesize
113KB

MD5
11af30548d129f207d171711eca973b6

SHA1
54e9ce151fccba2ab2bae5aae06e694f05382631

SHA256
c457764ac4f7ae60acf301cf441b93fc3ee07c22a5409b26818b79e57648f842

SHA512
9c787860e8cebc27e906506c24895f0658c486b30c5b4ae43992064b3acc932594cf307a472aa4de7ef4a166d2ba489fca27da6ea130c98f8ec18d04a34dbfa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z0UNWU5J\jquery.emojipicker[1].js

Filesize
21KB

MD5
2525208de98ed6592e2543220cb7ef3a

SHA1
900aa82c233ba55ad082783ca50fdf8d6132e5b9

SHA256
168939f6e774b8e271eda5913b17d5452f1267b141fa3cb30f64836e2c314656

SHA512
6d92d245ab561f3d9575d4aaa873643675ae6b9d78e0599e9b3e43cc80f1d4608fdd7f062a0ac050ef0af653e2eb2537d913a25857c496ed63d734d9cff35ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z0UNWU5J\roboto.cufonfonts[1].js

Filesize
20KB

MD5
301d51da906e6cd41dea529d764dc504

SHA1
15dc16d366325aea102fa46c11edf04ea83a0283

SHA256
d49065ed2e4f7cb5eafab0fb03611563146102e514a5946bfcf08de6db58b85b

SHA512
6d50fea1d52b5bf19d1c758465d054dd3b0f03dbd754c29177e7f7248c275dfea2f61368857b54da914187966539f2eb5dead4308dcc331980fc26ca42255ca1

Download Submit