hxxps://r20[.]rs6[.]net/tn[.]jsp?f=001wtuywrsax2ySVBVPKvGt2FLO9gRVIiD_ZSDAMrCM6zApnejK4XEeO3fwqJ4Q3a2sPzHYesNqhtUIRv4fFkjoHcmp-64RfDl5rGN26TrCGeu3T0f4ViVGUV3l5DOK3vzNAtILNIMlSftLCXe9MkvHOeEDM5N6d4eKa9Wnz4DY2NQ=&c=&ch===&__=/qwery/cm9oaXRla2hhbmRhdmVAZWF0b24uY29t

Analysis

max time kernel
0s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://r20.rs6.net/tn.jsp?f=001wtuywrsax2ySVBVPKvGt2FLO9gRVIiD_ZSDAMrCM6zApnejK4XEeO3fwqJ4Q3a2sPzHYesNqhtUIRv4fFkjoHcmp-64RfDl5rGN26TrCGeu3T0f4ViVGUV3l5DOK3vzNAtILNIMlSftLCXe9MkvHOeEDM5N6d4eKa9Wnz4DY2NQ=&c=&ch===&__=/qwery/cm9oaXRla2hhbmRhdmVAZWF0b24uY29t

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E2CB341-B25F-11EE-851B-E6629DF8543F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2016 iexplore.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2016 iexplore.exe
2016 iexplore.exe
2656 IEXPLORE.EXE
2656 IEXPLORE.EXE

pid	process
2016	iexplore.exe

pid	process
2016	iexplore.exe
2016	iexplore.exe
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2016 wrote to memory of 2656	2016	iexplore.exe	IEXPLORE.EXE
PID 2016 wrote to memory of 2656	2016	iexplore.exe	IEXPLORE.EXE
PID 2016 wrote to memory of 2656	2016	iexplore.exe	IEXPLORE.EXE
PID 2016 wrote to memory of 2656	2016	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://r20.rs6.net/tn.jsp?f=001wtuywrsax2ySVBVPKvGt2FLO9gRVIiD_ZSDAMrCM6zApnejK4XEeO3fwqJ4Q3a2sPzHYesNqhtUIRv4fFkjoHcmp-64RfDl5rGN26TrCGeu3T0f4ViVGUV3l5DOK3vzNAtILNIMlSftLCXe9MkvHOeEDM5N6d4eKa9Wnz4DY2NQ=&c=&ch===&__=/qwery/cm9oaXRla2hhbmRhdmVAZWF0b24uY29t
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2656

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2d9c3044281a976b2e7b744b455016d4

SHA1
c9e19db1dce070cbffd3b339d403b86cde728824

SHA256
95a097e77104dab4a38eba2d2542cfade6f7c87d5fb8ef57c20d2f8ae689874d

SHA512
67b9419b7b560e7d8b5fa22b7c2f80306682b65595644604911ae9e7229a859390c4956ffe549d97fa35e38af80be6abdb2a1d13e3d6a58e78326f2a87a1b089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d02ea09f9e394d7f4a4043a96c3925fa

SHA1
fe9dd81e6c0838c09f642bbdd3ba40a34b2f803a

SHA256
b2234639be59220bf1fe5ae3d94f18ecaea07d2511e6c978e2f6747bb1a43a94

SHA512
589d31c1651277daf40d98a38332e44ed022b15faf356ae988544072241cde432ca994fb7002e965a185da49593ca94d932a03fea563a793be78fa64be910548

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cdd8eab54ffb9915b2dd970e7e2b30c6

SHA1
1d4e2d0996a19bb1206d3a7b8fb293712562bc9f

SHA256
63e6adf3f967b7802cc97c6bb204dd774783326128ed80c890e8075920181073

SHA512
2d49a3cdf001e184cf3969ff6d8d0fa68d74343e60f1128e50e66d743c7d19d92137a264af0702f234cc59c515adc0c234340b121010a8233f3281e7d480be75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ae748c58ef2c03931ae1ca5fcb1554b1

SHA1
17199dd2877979657d547d3f06eda1368082638c

SHA256
32bbf3c809f620f76db6813059d50df6113fc0fe31bc2655cbcee86db5d4d43a

SHA512
73736918a89a4a56e1813bc5928756dd5ada06f318d3b8a46c630260f8b20e3760a4c281e7e078edb27f65300bedf363fe01781925d69f382d8eab118fcf04e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7d6bfa7238984e2293e91932537983ce

SHA1
b1ef0240aec6b4258a6af87bd3baece4f3a5b50b

SHA256
f46f0d112b134896bd30e8a4c0be460d04639bd9343b34b75c178c7759f9e4a3

SHA512
dba59f80477620497f19418da8b6bf0646f1c351f674a43e56cfabef275cc719eed109a94354a6164dc797737087795d8b1c91ee80d2cbc8c232b14154e54a4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
20107dad9059102cff747eff7563757d

SHA1
f08388e03fe7710470dc657596930539f5deffd2

SHA256
464007bda50fbfe2870a811279a900c70b83e46919c678a4f1ecc5063400bf71

SHA512
4035bfcd8005f6d960fa37058f93a814633d00e404db8dd255fb0e3e65233041f79310e8989b9dfc54ce7a28835a6ecb42be4818af2e58168eec69255a03150f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3a2628cd9f4a9add454958279b9b8c40

SHA1
55998d0d7174ce6fc707fe218f95891ffa4c8460

SHA256
7827f4685dba461efbe2df812e4db9a5e458bab30ac1e3aedc1815302dd28d4e

SHA512
c6f20033bdecd1c2d6e08992a6e6c1957aaff7013833a5f478647aa0f9d5a07db09c845ed581ec0ea8dc01f22b4f1b5dcc063954e52a551922be0ea602c1ab9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c86151518722d2c7dc115d3bde27e79d

SHA1
250340b083a66ad0c92236a4cdf0fa26bea4e558

SHA256
59c99943865ac2692bdf8935facaa643a2ea663f4fae9b13d46b438f174a109e

SHA512
dda137f92b18980ce642df1464796c9d93760a8d99fb4873d57e5a16fc70ce75fa468430e67a9e2deee7fb1ec875c59c5ed100bb3c2a418f4b0d6b062411c537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4089c82a6ca52070bdd14dadfbeb9cbd

SHA1
3ae203930bee5d578c34ff01ffd94ebdb125671a

SHA256
236558f933f503c859cf929e9d8d140dcde3e388746940d0e72971f28f825a57

SHA512
8632039d00ca9b05e09ce85c49d2f862924c1b08831157af61568bdbe656a578b3403334310af4eb6ee7f8dd8d9b4df170ddd6c4e8e311378562508a61cd16bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d1e104c06ddb40fe1f3e5184ad2f2bdb

SHA1
525bb4e4f35e08a38159e28e2d7f29ede406cd11

SHA256
82d64579ab361be07a40d60cc7de5c0697713fdb2c9f1212bef75cd07be91b3a

SHA512
1b27a5c1900bdedf389731f05550fe8795adda7d0b86689bc8b4faed28f4036a5c967a74f2ecadc7165c9a5657bbf8f2218e01620e7c1d5a4346ff03948899eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
893d763e6b1e7f2005ffa65c7f95238a

SHA1
c30dfc67f65db7a1818788a9b64e72628794e136

SHA256
0b3ead8bc8433677c10311bcd5d2ee838af5370f293780df0966840dfc275f0f

SHA512
715654aa68f817f7e2c75b06ce708c31d2cd64ca2611a2ad1b05baf115861cdfada47a98b6a60e97cf9ee29ff06e0857d23ab3e8ca83cd9284f0bee5560ab8cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
29e7703677ba2726eaba2d1ac10be8f0

SHA1
4fde8ed353cb79f1b7df20af0739ea3ab6f76ae9

SHA256
818cd132592a2ed03e782db7a46ffcafa028e7603c2149332688ca1449894d72

SHA512
7873e24b3b0f508761706edd1cb60e624a88526ffc36516c622492c96c8fa737514326ce20f8ada0880bd2026c58dccc4033d8e2a96aa4fab5f1cfd635062431

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8ada8fc9a6456621aff5d885d32f9b0d

SHA1
6f9f0dd620c359da21c1cb4c20b0f02d4b94bf6a

SHA256
4d9ffa938fcc283728da552d00834ecb89aaf9fd3b819253993d3325c99eaac1

SHA512
ebb7de7fc8f86952c1d6730b8f7ce00ce7dfd652fcf5df06dbda01680146e86da82a0a5fa24f6754f2bdaa2f3b5e1d5b1191864e7d8ad0ae744775193cc02932

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e5c59336663c98bcbca454f2acba2bff

SHA1
3ff3d64d94e77e8f6c2546665ecbd425850dfdb4

SHA256
aacb5bea89eb4130dd5ba08de3e6b1991a2430f9ee5c4db203f01867356aaffd

SHA512
2820060ce08aebcee492955bfdf3b37a64c6969a5d79f5e3a175c88dacc734ae2e96b2b3726651e4b603d649835682496b36a70d3a90429c4246a80d9e2ad2db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1bb253625b718c8052f90bf265052e07

SHA1
92ca33a196b73dad0f69b8e8add59d5fea5a5f50

SHA256
8f95a1d66af4136fada81e6c3bb11b413cf95936328f89f4872ec22cd6f12735

SHA512
aac734eb92fd5fca3aae3d2ccf0c88c26604efc729c9291b1e46d6ef3e2613f8e5a48011b02d0a231829dcfb16639f3b28e843c62d67c2a6efa83663dc50cf31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3225de38944415127b4de2212dd097de

SHA1
ee71aeb07802fb9c9e7ac000f1303f42b5b237c1

SHA256
b00d89be78574a2acb028cad1d6b55534ca0ff127fe66d58e8c78216541a45a2

SHA512
6d83f7d0672fa8994ae4025d0003c4ae91ce92911b265ed96a2de6e0234db10876166b0355a9b26a6cb3245fb8e2600523ae7ac034639e51798a22332c299679

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
317f98ed0da0648386fa88be7d220980

SHA1
02063f88a69e3cf886a324f4a05bb6f61c77a5c1

SHA256
b4ab8986d0dac2bf891665e5fc34d1c9d06883621d5b8bd96919af276b25a4fe

SHA512
b25c1703eb31f7f7c105b5b7b5ad45e117630d2f1278765ed65112a067ec619125d221559708c2471562b57005ec952199a02eec7092f05fabebf02ed6c23ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3334.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3337.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit