e49ea421177db5c2d241073bf7504cff7dc922346f32ca7833668b40dcf67cd6

Analysis

max time kernel
150s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

968a13289fa4c88d0179417bdc3a750c.html
Size

57KB
MD5

968a13289fa4c88d0179417bdc3a750c
SHA1

b6be2cef9c35e4f54a783390829fd2e6229b7ee6
SHA256

e49ea421177db5c2d241073bf7504cff7dc922346f32ca7833668b40dcf67cd6
SHA512

181405d1b02add78ec7258c9c95c56ed976f8f154e80f0d9b46771d35aa5c3661dd09a2ba6f60d66c907586db8c9b8c7cfafd56606cbc6e8f2b2c5384acc75a5
SSDEEP

1536:ijEQvK8OPHdsgjo2vgyHJv0owbd6zKD6CDK2RVroZRwpDK2RVy:ijnOPHdsD2vgyHJutDK2RVroZRwpDK2m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 61 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414485721"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DOMStorage\dailymotion.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\dailymotion.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.dailymotion.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056c0f093da428f4099809f3dbcc1bfee000000000200000000001066000000010000200000008dc41a15c28f7bbb75f90dfb43023037b263d5137c65be8439e7d5c2ad2bd21b000000000e8000000002000020000000ab6f5261ed6237133b1bb4dc9af46431a4a07cc67e3ab0f67537fca0c29f7eb5200000003f350386f6309f92381dff85779fc69a869d0e5e65dae0704d15639b7c70fa0840000000e8cf62daa88e2bb6583d693c12002f95bd97d3a448d081b32256bf32ae1efb95f4e31ec7e145f4e6ac81c68257df22a1d49722d3f7c59f510a5d278ae4264f33	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "62"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "462154077"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "80"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31088000"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.dailymotion.com\ = "15"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.dailymotion.com\ = "62"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "24"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\dailymotion.com\Total = "15"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "484186311"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\dailymotion.com\Total = "24"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\dailymotion.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "15"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\dailymotion.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0432320805dda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31088000"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.dailymotion.com\ = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056c0f093da428f4099809f3dbcc1bfee000000000200000000001066000000010000200000003504d7ab544597965e3941db157528ff98de0810e33b832c61457f3aa355f0ee000000000e80000000020000200000007b822ed34d61f3d7163f46e8dd1d0aeeb497a09fc69ddffb204f3b293603165020000000ae85c62f2f7f7c70e62a6c63ac8eec1ce96fbebd3d5a114cc01c3d8f7a37f6ad400000004084373fa70f77ed6aa915dfa4ecf17f0730c908c4c33dc494303a744ea0dc390fd2e9adf297f7f4b42b50d6beee1e87bee643e18d6793fcd977d1614684089e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40955020805dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\dailymotion.com\Total = "62"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "462154077"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31088000"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{470B5625-C973-11EE-9BE3-F21AB124C203} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.dailymotion.com\ = "24"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3572	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3572	iexplore.exe
3572	iexplore.exe
5108	IEXPLORE.EXE
5108	IEXPLORE.EXE
5108	IEXPLORE.EXE
5108	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 5108	3572	iexplore.exe	83
PID 3572 wrote to memory of 5108	3572	iexplore.exe	83
PID 3572 wrote to memory of 5108	3572	iexplore.exe	83

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\968a13289fa4c88d0179417bdc3a750c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3572 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64E544B76338020D780BCC40A2A2B366

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
6e89104dc54cf9f6ef8ec2df9d38dc2b

SHA1
ba9fa8653a6c58cb3d8c7bce69d8ea2baf78db61

SHA256
4c94a38ada16dde13fe44544154beb16b85545366b221f34470146ff9fb653af

SHA512
649d1cb392a06c3791f531d4f9469182497f2bf9b4bb1ae0e83c64d6942c33796d0735517f36c3a7d08c85443e7f791f613ecb8eee18fe89cf19d0f76539bea2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64E544B76338020D780BCC40A2A2B366

Filesize
414B

MD5
cc929ac0f5f99e9f97d66e3d7c8b958c

SHA1
bd43698df64dd27f5c8b4a9c02eb05d71bcedf16

SHA256
33018ef1e8ebeecbcc8c135b44a26b97f834c1da3dfb91227eb3ad19ee28b46c

SHA512
8becd5473f2dfd4d4f80a02ad21d34a97fe88ea679e443a4d57afdca5e9773fa3e37e0160e07abeb322e104aa0ad7e7a5a87ef49c7332e2360fca3da0fba79b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
4305f6c64f9d5e410fd0aa987c1ad0b4

SHA1
200c4abfa7587ad86ea03a7915ec4c5bdd5895b0

SHA256
76a3dcc06e5580836bde36853d5b9193b78f8f22dd242de4786c1242901328c0

SHA512
fd5d3d8c34d04c4e338e866571b7b70b155b7d34790ecb2e028ffc8877571953b48d368a3ec59867799ff27a4974895168db8ddd11f2708f77bba80922b51c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4L94EK2\www.dailymotion[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BUOTXRX9\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FRK3R5YS\427x240[1].jpg

Filesize
23KB

MD5
63153c44b22a725c34dddef7cc8851c5

SHA1
ef4862edf534bccefacbba9c5519fb0aecca3775

SHA256
faa80fe6fb42139db295028c51796a1652851d19b7594455c9024de1b60da6d1

SHA512
2e4ddbdf3196db936837e44c06839e0d035cf8776ddfc2526e4ae90d35fd3cde9a5292758ebbfd45cdcde67d88987852b67925f47382f29a3e1317236530c2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FRK3R5YS\f[1].txt

Filesize
36KB

MD5
76a0cda7b57bbfa90e52f20c560493c0

SHA1
3764341f1380987f9e3df9df018d2fc96ca73239

SHA256
b463ec2b5e69cca5a8934fe37c83e0b0142cf17e778f0789ee8cccdc14c2e940

SHA512
475848b5a35e23a7bb5b6d388173024ab3463653f3f4040dc309050a65578fa9e9bbdca93c50e766d081b3c158246faa38faef5ba23f31cfbf27461ecd95fd43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J6M39GIU\427x240[2].jpg

Filesize
33KB

MD5
f409033ede3d8563eab5161f09aecdfd

SHA1
66e86a55752f0b9789836112f7201f65431ee5df

SHA256
99cff6ac5c548759338b5c3ce656db3eca2edb5eb792f1962fecdfdf54644a44

SHA512
03935faa1032f8b03d3dd4ec7f55015f98c124a6b82b856b7f2b0182ecda1b36340795d0ee0075f80ac93c5d8385a0e439a7427ebaca656fa627b515c24cb265

Download Submit