e448f4c78c0b8ee30d8967e244eb3acd8f1b091dc50a40e1e7a69c946ab58b0c

Analysis

max time kernel
0s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ecea64973289776a57116b9a28442f8.html
Size

8KB
MD5

0ecea64973289776a57116b9a28442f8
SHA1

cf696467ad070f7ec23c23e271a78530480d5130
SHA256

e448f4c78c0b8ee30d8967e244eb3acd8f1b091dc50a40e1e7a69c946ab58b0c
SHA512

e701de148441ab5e26e2e937bf1eb60c0af4f2cbf648397e502cba99ccc631cbf48125e49a4e90c6c18f0e96faf56d3871d23d00f529ab7322e6698814fc5165
SSDEEP

96:ByzVs+ux7CFLLY1k9o84d12ef7CSTUOBkIIwvzR4CIp7ncbZ7ru7f:Ksz7CFAYS/WvOJgnq76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C15C6900-A31E-11EE-A0B6-EE8D4A0E2818} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5100	iexplore.exe
5100	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 1280	5100	iexplore.exe	16
PID 5100 wrote to memory of 1280	5100	iexplore.exe	16
PID 5100 wrote to memory of 1280	5100	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0ecea64973289776a57116b9a28442f8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5100 CREDAT:17410 /prefetch:2
  2⤵
  PID:1280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1KB

MD5
b6dfda79e62101bbf8963881ae5dbd16

SHA1
cc56a8b884329ef7ab58366faa2dc4052c04aa7b

SHA256
8b73ca79d710e707557ed076b0e1e0519eeddc4dd0baac26f10e8c9309250ce0

SHA512
945c9db35bc749c0d1c75d5c0335a6c44588bfe2ce7fe6fa82d54daf5153772aa34690c40181de3c5183713e41ce880a3d45bc3ad05921cfe48507d9b4464095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\suggestions[1].en-US

Filesize
6KB

MD5
5a9a5951756b44b0520914fc8a4e2ac7

SHA1
976a6dc7ee54f7b56e92ae49d4dd608b85d2c6bd

SHA256
eb665fab4713d99cc26c670cb75412d1a752cc6e3dc7cb0186083339caca6e81

SHA512
31b2a7918eb6fc0b547543a90f37c5080555fc177f1359727eb89dc63e2545307649e63f0a0c6eb122bcc31b1c6f448145948b4bce9d4f0bb77de5557a92ba4a

Download Submit