39e6927e1d81e903f9eec2862064d91d3df74a08fbe5eaf5b3ef4fdd5e4bb87c

Analysis

max time kernel
132s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

735044d25e5674daa2c096d68723ff53.html
Size

50KB
MD5

735044d25e5674daa2c096d68723ff53
SHA1

c575109aa58e9c7d93f08ac17bb3708ad306dec8
SHA256

39e6927e1d81e903f9eec2862064d91d3df74a08fbe5eaf5b3ef4fdd5e4bb87c
SHA512

ab12a998fd0d595f38d16126514dc4f074d38d8334ab268ea5978070ea0001f8dec9ba5ddbf2797ad15556ac30bd0f8fc86dc0e35660d64be224b5d5f2a3eb8f
SSDEEP

768:/MgypiRjC3J1KGs/pDCGUbxGdfB32LIHa9gAYr7gsuZYDrEZxl:/Mg+q/pDCGUbxkp3qGa9gAi7gsuZjxl

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09634df294fda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412909315"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de600000000020000000000106600000001000020000000d1d5b2312bd0a29090f2a91c0e35e57d737f77a144ad8d1c869294fceaf10e63000000000e80000000020000200000000ed0dd684b74445d3e38395070c0401e421bf8a6ff2d89b358c6d49e72d2e1952000000070bef00fa9b2d0f1262ad213ef9e44d089d89d1e0c0adc080b78e5f5fd4f897040000000aba2be6e57a464ca03c108637f0b3879c75e5bd632c7119c1ef2d58c7455a40f259a2a5040eea56439caa82eba3ddc581758812a632e9ad7fd86cd41c6a9248d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084329"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084329"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c23bdf294fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3243097259"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3243097259"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3246577185"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{ECE0EB10-BB1C-11EE-BD28-C6E29C351F1E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31084329"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de600000000020000000000106600000001000020000000632c98a76d5309b4afec341e67099eb1383193162651d0a7dde0c7c5f083e41c000000000e80000000020000200000004f857e7c3106a3b8093a2df08616d83dd89dcfade1c2448e21af058e2a7b840c20000000a4c04b9176f51c06bef4b6de4288cd79e5dcf53ce123ed3c776dcf3438b59022400000003770e4293f7f2c27981e719650900052cadece93867f2bdefb1a5ffe3847bf9a40f753b09df78dbe91b3938f3d6ce1a475a030fcd714e0b178b621e881bd306d	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5088	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5088	iexplore.exe
5088	iexplore.exe
5116	IEXPLORE.EXE
5116	IEXPLORE.EXE
5116	IEXPLORE.EXE
5116	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 5116	5088	iexplore.exe	85
PID 5088 wrote to memory of 5116	5088	iexplore.exe	85
PID 5088 wrote to memory of 5116	5088	iexplore.exe	85

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\735044d25e5674daa2c096d68723ff53.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5088 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
6c9b222cd1e44e41ad93ba8d2fcb6512

SHA1
b00df12a3bb2efd842f545c288b4bc948fc0de8f

SHA256
4d9577e0b9cdb6fd342f66ed39177a482fa460da255f954dcd6a32b88385727d

SHA512
809faeef601ca22eba46491747fc7dbb4ce292aaff753ec0041cd85121fbf914f78a23bed0882ce89712a0ebdc52d3aaedad71e9e98e194c62289577c82f5507

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
38d60d0e9c8a8a2589bcb6d119d8082e

SHA1
8dbae1c5680b597ba9e0f921963c145b68ca5a95

SHA256
5f252c7e0096da8ee57c36faea752ab4328add742379ec4be389b8a54741e46a

SHA512
f0cdecfc6d42ecc462add9ef861283c35ad0c105e90451d3d2661fdbe7d57a416fe2c251ab426fb938a3357d7b2abe1ecdc94994a66f1a482ec0cd5ffe72190a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\55013136-widget_css_bundle[1].css

Filesize
29KB

MD5
e3f09df1bc175f411d1ec3dfb5afb17b

SHA1
3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9

SHA256
1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617

SHA512
16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\cb=gapi[3].js

Filesize
133KB

MD5
288c5ba5b7001fe841c32f690f62cc93

SHA1
29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

SHA256
c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

SHA512
e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\cookienotice[1].js

Filesize
6KB

MD5
a705132a2174f88e196ec3610d68faa8

SHA1
3bad57a48d973a678fec600d45933010f6edc659

SHA256
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

SHA512
e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\f[1].txt

Filesize
47B

MD5
7f5f2be159837d73b72a4b37616bce44

SHA1
c93d7f25b530b05c26440d3352213b683d03dcc3

SHA256
ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2

SHA512
a1002883ca1dd74080546c6d34a38144b867a8e8a22e4bad80eb1d221a86fe9edea81a5f12d3ca6b2bf29e686fc80cc32b06e37b83381750b6e773a62052a0a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\bottommain[1].htm

Filesize
167B

MD5
f5d40b7259645010f9a248858ad14178

SHA1
b3051d17a6ec8c9e166bf09a62b48261ab86957b

SHA256
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

SHA512
1e82bc2d067f726670b3e6054d73e57868f6e7c50eb979696bf927daeef699f2d8f8de201e8252b86b0e9f86dc69e5037fc9fa08ef6c271b033f29d4f0f4c1aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\2572602432-widgets[1].js

Filesize
160KB

MD5
82e282980bf429183617841c457a1b32

SHA1
9cfd0a97b44dc7c5956d9470692afc8e4e758dce

SHA256
9280547cd3ca5b942fa8e00de6dd0d3524b986f59aa0a0d3f1140c01cb255c25

SHA512
17e73257102028ada844f6561f87f169bb8b0fc64e6185495b8a3cdd962f03f8f30b2eefb540df2d3c08be56c15cc85faf6a8e13d4d5353018d34128184b9e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\authorization[1].css

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\csi[1].js

Filesize
46KB

MD5
efd2c79992baea036952b7b1f1765c46

SHA1
936e52da78f0de4d88b62566967fe1a786397c5c

SHA256
742f9f575bab24d9386fc48b35ce949ebfb2d80f3f922719e78b1a6a257b330f

SHA512
fd314b742580e99afa35fc06e6f420c2660cd3194b6150c7a90100ee2a06e75e6c49579b25456261757884eee92430c03ae5afec3c6192385192274890ca4d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\navbar[5].htm

Filesize
6KB

MD5
833a9dc3503cb2d1db033ecad00f7270

SHA1
a4eb57dbd89d810f20f828657226b826d91d3ae3

SHA256
6fbf8a8bdc7aa245eb8b4e7143b4aae476afcc9474d1e98ab4c1c42e56e0b115

SHA512
0a73b6065958589899f07d411ff4aef08bad5521a5b31823e3d990d923b73b607b168f34ff7f4d7020f21a6f6b31a60ab1f43fdd55d5cccd64a3ca5743e21914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W8BIYKF7\IN0X7luX3xiNH0lU2FcjzrGq8S4Vx87Tktngs9-M0rI[1].js

Filesize
52KB

MD5
0c773d3e8392f8c8d3ee0fd74a402b2b

SHA1
10fe2366bdbbb0b9a5b4384a0d4e054c4799feb4

SHA256
20dd17ee5b97df188d1f4954d85723ceb1aaf12e15c7ced392d9e0b3df8cd2b2

SHA512
dc1e4fa18ebecb2a19a68ab7e9f19294b6410efc1a801e10b378f97f14c9a62b658776e0fceffeebe75790dc3a815b50fa90d0c7e4687dab586756060f6f3d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W8BIYKF7\followers[1].htm

Filesize
527B

MD5
2094a9be3bc4d2f741d779b26ee86d5f

SHA1
4ef7472b4bf401c7f20c5c317a91b5fde5aa828d

SHA256
9db598a42fcaf149f27152b594c34ea84c68b4d27b1306f714ecdda3b6c249e6

SHA512
944fcbf98cf3e86d83c313d798dfa3020d4d758522eb80ef948ecc8eadb2b030fdccd82f215d49af99f71c3daf1007bbfb546b293cb42e8aa000006adbae08d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W8BIYKF7\followers[4].htm

Filesize
5KB

MD5
c627800e11c46a0dd2f050471a226184

SHA1
d04bed4ef9e94f5d484eeebbf7c5800285b7fee2

SHA256
3b58b99665128fe5f4f648c4021ef54d2d7a01f98eb62fd744780ac5608eb922

SHA512
01afd978436ef6cc4b451d6c46c4f55a615a9627d09ce04e985136e23b23854f872e3f6a35c3cc4994e66489b0c560c3ceee6e93d9358cbafe9fc97bc988d742

Download Submit