51869c981d558379542856b5298852305f6af9a14ebf26a97a733c35330f4820

Analysis

max time kernel
1s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10257e9e562e02b1634e6e4a94cecd26.html
Size

4KB
MD5

10257e9e562e02b1634e6e4a94cecd26
SHA1

3318f13b32ccda03d06183f34c6c01a9fe79c811
SHA256

51869c981d558379542856b5298852305f6af9a14ebf26a97a733c35330f4820
SHA512

1bc6a1735775bd4032fea23f5fe27aff210d260b205d61db1f4fd09fa3d992455eef76d16cb85d2259545e9f3f02f9e44117f0e5c9fe165329532a1e7e06c082
SSDEEP

96:rf9seakGiwLsvfpFFOxUEIvBUqsOeN0Eg9jag0MwU:rf9FaL7LQFIaTvBRlVEg9+g0MwU

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4DB02937-A2BF-11EE-BCD9-FEBFAF1864CB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2380	iexplore.exe
2380	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 652	2380	iexplore.exe	21
PID 2380 wrote to memory of 652	2380	iexplore.exe	21
PID 2380 wrote to memory of 652	2380	iexplore.exe	21

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\10257e9e562e02b1634e6e4a94cecd26.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:17410 /prefetch:2
  2⤵
  PID:652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver2083.tmp

Filesize
1KB

MD5
eb67baf06a1d94f22035da0b59a13d1d

SHA1
68948612d15d7eea6fbdb80371d9c7f78ff9b189

SHA256
428769b8aa88bd8024d80218948cd9af21332cc919bced628a7d8261aaffd800

SHA512
cc0f8e6fc3bb6765993e1074b4e34e8de49acb9c771635c02f3471249eaddd6c5a549cf492ebddf1af2e90d82cdb3f7a603fc0443334b9d4131ca78c50a085a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCM17AA0\suggestions[1].en-US

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit