e1a77fbd19dce991fb270c4b77adfcd4f48bc8d9c1c8b755ee049df8ed413e71

Analysis

max time kernel
0s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cb55689be3223d4d5678ec78975478d.html
Size

57KB
MD5

0cb55689be3223d4d5678ec78975478d
SHA1

1b3bd2f0ce69756361a4c761fd1cb8b6c3f242f0
SHA256

e1a77fbd19dce991fb270c4b77adfcd4f48bc8d9c1c8b755ee049df8ed413e71
SHA512

a02db15c4b9a9254f7871f4f1bf73ddd57f083ae777c6af3d979e5baa96a189417037e2cc24ea4b564948b34c66bf3a4cff2119b346f6798eacf9f51b1a91646
SSDEEP

1536:ijEQvK8OPHdFAPo2vgyHJv0owbd6zKD6CDK2RVrox5wpDK2RVy:ijnOPHdF12vgyHJutDK2RVrox5wpDK2m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C81FC3DF-A303-11EE-8184-4ECC77D3B663} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4832	iexplore.exe
4832	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 2332	4832	iexplore.exe	17
PID 4832 wrote to memory of 2332	4832	iexplore.exe	17
PID 4832 wrote to memory of 2332	4832	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0cb55689be3223d4d5678ec78975478d.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4832 CREDAT:17410 /prefetch:2
  2⤵
  PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64E544B76338020D780BCC40A2A2B366

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64E544B76338020D780BCC40A2A2B366

Filesize
414B

MD5
9b778915b5c8d99b462a0ea3c61dc2eb

SHA1
2975e5f5d469d1e9873e2aee68b0aeb86dec9b29

SHA256
5e92351cbc0c823adf6427d9808f7a0fd3e2b6231871f4e85a52b9d644194df1

SHA512
5a2a5316910fb03cce30bbd25d3f9065ddf0801d6a65c11dff4cdbe50e8ea835ae2358a7a8e27e7674b09e230496b24769bce1e79bc9ea7b7a694f2bd31d758f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZCK267OU\www.dailymotion[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZCK267OU\www.dailymotion[1].xml

Filesize
166B

MD5
862aead24019642ebc1cf7ce48985012

SHA1
d597e238254a6c20a658fa568759c2ca15360c1b

SHA256
32a5df7c59c4782b41d22bb2cb0bfb440384a85ca36117147eb9a43f325be45c

SHA512
1a971e8aec475e9b5d9757d6da1680eb003e34ef45ababd633b3c585f04ac99ff94a0098feef49c0ee2859ec1d578a6e9f70b4c69fe7592901a7a3ecccc40497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBDD3.tmp

Filesize
5KB

MD5
6f2ea2ab1c6d596db078294d37ad0260

SHA1
29c1ffe0d3ece537c146b43bd8b40fc37b3f62dd

SHA256
f7a8a6c3904033f6aad76c52178385b541c0fe8650736cf282bf7429d34cd1a4

SHA512
aa185c4989caaf74bb6f1e843ebd82d071bcc1948bf28c918c4cc08d169b1d3286638902c5015cba837df4ffe15de0c130e1233fef59624a1db9bcb6e01e5b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q15AV1NQ\f[1].txt

Filesize
1KB

MD5
e5e7626a1212143b3c2272cf2fe109a1

SHA1
29135c3d07dac1554a916ffef79d401b683fe969

SHA256
74deba24178552ac9ed68bcab760c8f441b12902dfa30cab22be568d0bba07dd

SHA512
eb4dab4a74f5ed73a7f7b0510371014ca4912048081afc03653661e0c8fd933d1bc97edabd8b32eddf95742a262eaea656a92f87981b32814b9fa26da4cfa677

Download Submit