3187ab19ab8592deb97ed23dea10d35c6a9a1b383c7b32a00edd1ae6e89b30e6

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

893fbd6178c1023e07d2aa93acebc798.html
Size

43KB
MD5

893fbd6178c1023e07d2aa93acebc798
SHA1

10188997dc169fa6d59b01649ac29e8947fda1f2
SHA256

3187ab19ab8592deb97ed23dea10d35c6a9a1b383c7b32a00edd1ae6e89b30e6
SHA512

6f7919abd199fd8dae1c6d200a28ef33622dc2f9e4bb423812368c0f2f66edeb94f3a8acce821ee82659d9ebd29691a8f81c4abe6100fb0e59541d169fb5e775
SSDEEP

768:kNwWwtlYixBKFHSiSgJKOd4Nvp/RlkxLslKHQrAH5IdcqpKQkXOlJYyxNJ1bWQDQ:kNDwtlYixBoSiSgJKOd4Nvp/RlkxLsl0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 23 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2036714499"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086016"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A46F897B-C1B3-11EE-9A4E-4EA1437444E8} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086016"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2045151179"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31086016"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2036714499"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3664	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3664	iexplore.exe
3664	iexplore.exe
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 2268	3664	iexplore.exe	84
PID 3664 wrote to memory of 2268	3664	iexplore.exe	84
PID 3664 wrote to memory of 2268	3664	iexplore.exe	84

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\893fbd6178c1023e07d2aa93acebc798.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3664 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
cb99b6d5040641081530ef8f6049f1aa

SHA1
3fa9e3148cbee0e561da3787919043483ee5e5c0

SHA256
3e1607026f332ae19539f0621c8b18c820245d196febf8bf258253667ebc94d8

SHA512
13cdc5995fa4741d474c00491ea55b26101a88ee3495327950249e8bef1e16de29f46d0c1ffef3682eac0e041f0b06545d51ef8152a33606f0e13fe35e6a1d83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
d511e519e9c88bac8638ab4df1d285b4

SHA1
ad1f4c9a20c1a659b5cf1d91b0195c61530484c5

SHA256
ba9739fe7760f62b3a29b3b5dcf67953b0a928aea5a3281983ca4919eff244ac

SHA512
b0d64910cee05e6ea3da19cbda6bf6928bc2b05cc878d62ea6849a24aa36145cd6368e99b85adc1ef9341828068c9568725c2835c977301fa7b6625f61153ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6AXLYU2E\chronicles-of-narnia-the-lion-the-witch-and-the-wardrobe[2].htm

Filesize
63KB

MD5
8046d40fae82f3b51b287b5e0526b03a

SHA1
c05f7e162d9e67e9c97fe677ab318fe9fcc7292b

SHA256
71953646cced25bdb739d399eea373b364c6f958c9bf0627d8569bc14c0acd40

SHA512
b7268de7368ef04417e8c943278d9fa2b48fb2e0e35f7b24e8f4f6d6c81e68d1d040f965e7b396772b8febf646ce7b24abdf1be3b0a9940f690698f786d56900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6AXLYU2E\postratings-css[1].css

Filesize
1KB

MD5
c9dc6f1ef374d733a82d1682278e5b55

SHA1
b5b6bc412bfca400a514554026d0841e4d0275d3

SHA256
c56b566e17c62870ce139b3a57bfb94a9d785792bd6ac2220d52426b8590d87f

SHA512
7790e66df0583771de6088cd9ea75f6da53ad6ac14f4a61bbae127f14683466d4093507df023bc3a826bef7f82356aec853278a5ad7a0219fb5f006e0bcfc546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6AXLYU2E\styles[1].css

Filesize
2KB

MD5
0e4a098f3f6e3faede64db8b9da80ba2

SHA1
65b9b3c849f3fbdd783ddbfb183616ff55c7ee53

SHA256
ab21762c3f447aa08cbefd5ea3866165f925bd5058a9ae19e23721462de6fb60

SHA512
47cf04b377c4d5d512ee93439d17d21f6e0c5011e3cdc9ebe2835c91b6bfe7d5b3e4e23dd8c00017d7b235d08a8524a103edf3a199c8b1d5cb9a182d8d5eae73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\jquery[1].js

Filesize
283KB

MD5
e58bd16dd19ee38d5fa291d15c872bde

SHA1
b941ef8b6171125ef746e869ca41991c28f32c43

SHA256
f3e547dd68cdf81e0eee07f2cd672da320942336f3db781d19c134220125ab6f

SHA512
a9a802cd33daf680f8d66f24eac96c260ab5797ba0f874903751db7995e39b3d827fec72737fdb452b4b1c40a7028b75a74a49bdbfc30faabe80b5492d35a314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\karaoke-revolution-presents-american-idol-encore-3[1].htm

Filesize
41KB

MD5
b13101ff7320764e8165e95f1da3f31c

SHA1
7bc3ab594687d487215583b3ca0ef2c01e1d840b

SHA256
e45f485063131cb2aba3ca8ce0d56cac7bb7e0c59f0b164641d79a61c84ccbc9

SHA512
76e51b593de37a31178021a25127aa10ce96999e9681473fac3de2647a4c35be342e5d4dcf168d63d81f1d7c79315da73cedf6ec7455dc61b0a8593a0c8cbb8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\wp-paginate[1].css

Filesize
2KB

MD5
8573092dc5d46fdafb52651cee0eaa5e

SHA1
beb8394d5c2146ea65024c84f61cd7aeee735188

SHA256
e379a211e75642755c7b975859d84ebf76697490618e8a6127a41036ef82f2df

SHA512
d843836a7614ec9eb52a8bccd0719e59f65b15d4e4ea7bf7eb84641baf1baec3f9eb1773688f6528e7c75fa4f781342107ef1fa9c0fd115cd1814eda0b69e87f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\ytprefs.min[1].js

Filesize
14KB

MD5
e88d65907c498c5a73bcee516fb5ce03

SHA1
9cbded7bf9766ea78ecd8636494de632e6051f57

SHA256
a8a601f7a37c4e3e18f2960f2c09ba71a676fa30ea0af33cd714194b1b03ef2e

SHA512
80a4b44226042c7f20b68d63e7c99fa3856dba0902268830de95775a6e20072d23a4e22c16d1f62f9a344b0d59360da9a258f4c19edf23d63da81c1a66f56b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q9YQXK50\frontend.min[1].js

Filesize
9KB

MD5
e8e1926e604c239d9631d52d530b0df8

SHA1
a9f05939eb5f0c00bb982d8dcfd91201f2547663

SHA256
63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4

SHA512
25bb09bdcb14afa3acd74cb135f6ed120ab06721087ac98574d1080ffc039583c7d15042c577e7086a2907446b21e0c45135679c5ea624d9ce88fe8ff3960a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q9YQXK50\genericons[1].css

Filesize
26KB

MD5
5d653eba2d64e9516831f83ed027e55c

SHA1
7d02b30d0f99c53751724762b87f723de8a5865b

SHA256
f9a93247cd0a690a376e4f23883a07b2d7fc896737e2c3fd62cfbc2eba938c7f

SHA512
b72e801966a997b31920300ca89a323d79aa2d1dae74519c43c53066bde4246cb007452d8deadf7765b023d9438d240e4fe6bc5ea40f13b301f8bd6a9339e21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q9YQXK50\pagenavi-css[1].css

Filesize
374B

MD5
73d29ecb3ae4eb2b78712fab3a46d32d

SHA1
05ea352ab14ccf04386a4c7d112ad4fec944d551

SHA256
c2711e9edc60964dcb5aada1bfa59c2d68d3d9dc1baf4a5ee058b4c1bd32c3eb

SHA512
7623bf487f1bcf2978090ad34d1b316381b69328007b364f20a17016b511bb08735075e32c47877b1450bbb27b5b628a647fd5d87aa670cd77bd42016feba78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q9YQXK50\wp-emoji-release.min[1].js

Filesize
18KB

MD5
32beb68a374e3aeac00abdf9e12b84ea

SHA1
b5d18aa625e8696dd9d07cd0869337717b211ae0

SHA256
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

SHA512
8fc41038b4dc2fc2465422fb3144b71c2acd2f4552607369314fec9b7f561b7a3919cdc4219df2089395241168ffbfe29e67ddda834e66c27e4c88066c8f4496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH9W14NQ\css[1].css

Filesize
2KB

MD5
5ea6a06cba8c1995e6fb8624a5082683

SHA1
55aff53f8d85a4381d35496e40c99b26beaf2689

SHA256
dbe60bd327cd1cd3cb51b4437d4da1a848a4191bd20f7485e833c66775fdba2d

SHA512
f0ca4442b75f16a70200a272e75712f45b0b6f1741d7eef8b234ee2eff0b8e90eecef5a69aeb276d13fd2d51e1abf393128f36749c6574727091d0ed74843dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH9W14NQ\jquery-migrate.min[1].js

Filesize
10KB

MD5
79b4956b7ec478ec10244b5e2d33ac7d

SHA1
a46025b9d05e3df30d610a8aef14f392c7058dc9

SHA256
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

SHA512
217f86fee871fa36eca4f25830e3917c7bf57a681140b135c508aa32f2a1e3eff5a80661f3b5ba46747d0c305af10b658d207f449550f3d417d9683216feea8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH9W14NQ\style[1].css

Filesize
96KB

MD5
62c769172feeb407e79ae6c9c51f66a4

SHA1
a1026236e8a73a64fe91ab0fefa98f3a9cbe4251

SHA256
571ef51d5d27d7090d7ed6dedb2dab0e433ac65b0c83a6e4d3bfce2651cab106

SHA512
07bf3d6bb85c7704dfa23f97a70b028698fcb75446afb61b6548161bba285c307187b6e442b1aa199e287083c4314c9d97346060ef83e9714bcdb96112da7ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH9W14NQ\ytprefs.min[1].css

Filesize
8KB

MD5
838b8635594eaf90069f97cb52f3bdf0

SHA1
d70fe6fbedb3b6410047b62dd9b1cfc9dc635352

SHA256
6c9e9bd4e992b05389236894daba31e34cc03e95c1dcb18fdb229087df1606c6

SHA512
0799deb083328d95aa3ccc36255f151b1b7daa37c206d4287c74e3f02386cc508229d958bf8d881e4a443acb30201b924cf9939ce7cfcbb6201bc5536037e14b

Download Submit