972aa9510a0827f2ac296f8704b41d80537c742e86c0a41ba70db6773ab9dcf3

Analysis

max time kernel
136s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2024 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67453d2ca9e6d0338e27bc05fc4d1409.html
Size

432B
MD5

67453d2ca9e6d0338e27bc05fc4d1409
SHA1

72eba0fa0776c32404f3ab21ef1f05a9cc79c1d4
SHA256

972aa9510a0827f2ac296f8704b41d80537c742e86c0a41ba70db6773ab9dcf3
SHA512

fb874678aadc648574862391e910d245286580672455a896ed82e619e8246896587ce838672e9c7ce4ea86142faf20d797d2fba37e52534e06f61daae53fa658

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 45 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3452085323"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412421427"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4d347bde384c849be64bb2f1c358fef000000000200000000001066000000010000200000000859cd289ccacfc7d029906d06a572abdd6bdb68704f953c14a7460c456aff9c000000000e8000000002000020000000e09c8979d0e2b53159b7ba1a217284d70e49aba0bba4f473b289fb1c8e3572a22000000083c2c3043ddb7368234c233c382d432e49ae4dfdf1c4d8cd07e9a21a6d3dd47c40000000f47e1a8103c3449927e6f31614e083320acd31387bbb3aff13ae14fb1eb05a144245f84019227fba48edf3086e73840d984eeca10d50e22a17f59373eea93e55	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3424428752"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31083193"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31083193"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4d347bde384c849be64bb2f1c358fef00000000020000000000106600000001000020000000b3c1f7213f41f2ade76b758633cbe3c51e51970646f58cae8437148c4e0e281e000000000e8000000002000020000000e658f6a63a53fb15c85b6a21659f2d7eb85b29563effa990517401c8cbfcc2f52000000056b1b0ce02c3943bd00c687614bf88b102cbb9da624dccde2f81e6a16601b94e40000000272ac8a3240c6a5a8cc4f66fab918a6459d14b2f67ae66434f1b1cba1408dbedf43373effb40435be81e621d74796b59add671a6b522b537f93ca7fd4b739156	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F763E763-B6AC-11EE-B6AD-DE9D3A49EF0E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0fe26bfb94ada01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4d347bde384c849be64bb2f1c358fef00000000020000000000106600000001000020000000b5055fecd3d5ac771823df691185da8b53f8caf27dcfd23f212f8caf5db5138f000000000e8000000002000020000000e224da493e705294f06f5290e931d670963c1fd51e0340abec122d162a7d95ee2000000017d32d46ea8dc3886bf70affb05d6bca914e6e29d95feaead397c2426d4d866740000000322b497fc68f8748c1abdcd98a9ffacae403c5f839be6fc28fd27f6452cd1db86882128b570fd152bf5c1a9e5642d74152bc3281e7c7428250c59f752de32a99	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c070fbc0b94ada01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3424428752"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80d489beb94ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4d347bde384c849be64bb2f1c358fef00000000020000000000106600000001000020000000bf098882ce2509acd13bcfb5fca8bc26e198d0f035110c3d27532f5384da6b78000000000e800000000200002000000074753587a171dd3a02f834d79e2f9fe43e1e1f6b4f2b624428c6b09d6500a906200000009e8a0a9fa58bfb6b14a62b7aebd9bcb955956b0ef454895d5d5770965908e8b540000000e5c8fa715787bfce67260170e9c3bbfa4e8e1d966957a45655199f51a96bfceede77095dd42745abb17a607d349b9cd9eee4369b6bff599ef8b1b85d32f9237b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31083193"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c820c0b94ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
816	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
816	iexplore.exe
816	iexplore.exe
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 3524	816	iexplore.exe	85
PID 816 wrote to memory of 3524	816	iexplore.exe	85
PID 816 wrote to memory of 3524	816	iexplore.exe	85

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\67453d2ca9e6d0338e27bc05fc4d1409.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:816
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:816 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
03dd565decfc1149cd138e00e990ef7e

SHA1
7cb72be9f9ffd6e470f54f4e615b66f50106810e

SHA256
7f6da74cb7284c990c17cb1f14eb3ff6bc45b7ef807bd220fc560cdafd1d8304

SHA512
914eeeacb3d4e36ddc6856241d7d9ac9ccbf62d774a76dcda9fbdc72014443c52e855337856fe213bd1f55a05f57874fabd02532de3cbedb12ccb98d7f6ef330

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
7856319d5f5f22540a2b132a9c966fb8

SHA1
348946745f2d74c6367ac0ca92f55a6f7f2323f7

SHA256
75435b9aeb9b67abc2044a3880a4f1efb98a34578b69bb2c4ea8d6c8bf60aee3

SHA512
d1607160ed1421d3e49ec31ea4a015870d7d940051e90df8a5605d7df5f1c90d90600fc6bc68d79005520d3b1040bf9a860c2aff01090406e3ca6ee7aecb9479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wx7tnv0\imagestore.dat

Filesize
1KB

MD5
e68a46e64f77551af3929e5bda0db751

SHA1
9d8680deda71bd6ae4f0177dbef8afc62d06d95a

SHA256
823806711a55f6f12d3549841dd3b281826bdabedd2cd4036ce329dda990013c

SHA512
66715a1ad87339686490c850eb28f1f71b44896652e8a42cbc5040443d456546eb3ce0df49ada2abb9574e314bedf8d4685bbe220e9151fa7b6ec5375bf2760d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wx7tnv0\imagestore.dat

Filesize
3KB

MD5
aff1a8aec8f0666d2337f796848b49ad

SHA1
4b7af062045022a59153e2e91655f7e5e795d71a

SHA256
082ead192903be3c23f832e5506d51a919dead6ba3d9b4e4927239a8ed4aa1e2

SHA512
b667b72c2b9c168f5f0f6eeedc883a63108ccdcbe2f48baaaace7ea3128b514991cf54c279fcefd8d794a043cc22c56d70128687691723d1674502090a49d4e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wx7tnv0\imagestore.dat

Filesize
7KB

MD5
d3cdc1c329fcdb2bc551fd7e4397c75b

SHA1
27bb4f524639b0ca9c234a4123f03e0d18d5377a

SHA256
4ae130a5d8394c787763fd226bac655d3322d6d5c565ef4d241a326bc278e708

SHA512
62b0771d956a86a7c534155886fc115158331e3bdb6afd174c43211c0d1a3fd9bc3cc1abfe76ae815f6542b867cf19da033081d34cb11f12d5cf6b15d0f7f40c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3T8W3B4\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z0UNWU5J\favicon[1].png

Filesize
3KB

MD5
a75c230f34b9296e6fdd8b0b855df5d8

SHA1
e0b9e32053d44532fb4e8bb55b54c3211965517b

SHA256
8adba20b1dd9747ec8ac6ed5a26a8dfbfc7ab82213d8051b76ac771c76b87920

SHA512
950b94afc397ac760f38f4c68691bda6b541832e1d23f496e36568def2b9f9dcb6984c6a42ff6b5abef0e19b76c37e40baab22e9dcc9360091b609333029b24c

Download Submit