f033f60b885a31fb4276d80d3858490a9af770041e8031f94b2e6fb69f02c40f

Analysis

max time kernel
0s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 20:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

291KB
MD5

2218a43ace5921dbb466edd4cf9fd0a1
SHA1

dd36d18e3bd0a34b4e0cc728f0dbad733757b9a3
SHA256

b9ccf29a3b29d160f344c7902e9b2308590a9b270c050ffeabfc109bd8929375
SHA512

6917715702edfd02cca3a4fb06341a6688cf1ecc2cf05f0365ffb62648b617d88ef69fc2b82d367bce369b0c36a4747e05fd9f9a7126580141bc1e460139b6d3
SSDEEP

1536:HS2vFuOF99RtWeu592n9DS1LeVVZFdU5xZmkA/8zR421xyxvImeB+ni6sUYUr8s0:HlaV92lVUxZmkR421xgIp

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{895ABD4D-A334-11EE-A0B6-E2EC48AD62A3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1212	iexplore.exe
1212	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 3720	1212	iexplore.exe	18
PID 1212 wrote to memory of 3720	1212	iexplore.exe	18
PID 1212 wrote to memory of 3720	1212	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1212 CREDAT:17410 /prefetch:2
  2⤵
  PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC5A2.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\adsnativepc[1].js

Filesize
7KB

MD5
74cf3e2a8389a60487cf4bde3a837622

SHA1
4252ffe97f8f994edf0ecdb250a03eb85d34cdf8

SHA256
bd7c5a4ca2c0dddb7ba6c64076e51fc2dedce3fc27c36e32b4b30301f7ca4043

SHA512
d0dad1e83749aa1fa6e36bd1084570474f2e36206d78da120fa3f85c4da5a5ea83bae3e90fdaa1fccbab2e32fed87c4d00e85df23c2d6393b3eed1dcd40ccb33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\index14[3].htm

Filesize
1KB

MD5
b1ff4119dcaeda08a053b572fc2cadd0

SHA1
87fa63a48f92089909b0359079228be979534013

SHA256
5804f4af747d413dc6be1e585e1bce8c44f3d83c8e22cf1545d96dc25ccb6ae6

SHA512
adec98f748c324a8ba26b74e4124b6376694a95a0b5a01be8f7a65cbdacbcb10c4d3e014b00a33961a58df06418b1ccece2a243a9485756244d21f261bd2ab71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\20120122203821d0f[1].htm

Filesize
154B

MD5
cfbeaf604823f038b8b46f0ac862b98c

SHA1
7b9eb1dac48e74fa5f418bc456cb410f88b81d98

SHA256
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

SHA512
c99bf4f1351efb28a74fa2504429875d9a63eb2d6a145a060ed487f83ff3a42b6c85d94165b960edca90aceec58d16a6ed37b25f44452bbacd7f5204c15c23cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\collect[4].gif

Filesize
35B

MD5
28d6814f309ea289f847c69cf91194c6

SHA1
0f4e929dd5bb2564f7ab9c76338e04e292a42ace

SHA256
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

SHA512
1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\js[1].js

Filesize
161KB

MD5
34d901b677f8cec7f06eb0c3407e8825

SHA1
c539d8cff575bb5e06bf2e4df20dcfb8919f0b97

SHA256
608ae05b9662d36a626b1122424c9d7d25c9962309671ad86187b86f05a6af0c

SHA512
42e969b3a31502e2d9c4a48a759ea0f4de780278ccad3bd4e112d243f2a44a9be1a9491c62c50ee3065a7f3cffc3cad9575edda358104aeb0fe9fa6aca0330f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\js[1].js

Filesize
79KB

MD5
d9fe6abbe5866337162d5dff136a9c7d

SHA1
380e1fe0602f243671394111b32abb9c4c5e45af

SHA256
a1df3a984ede2160ad9aac391a6aad685061b4d6ad9b6f5053f430400861dcd2

SHA512
e804f810492db747660c04bb4a22c59468bece6ba01dbf30f5030c29f45d9cafa986abf0cb609fe9f2cebb9549372615fded9f46dfcf0397ebf3fbf9739914dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit