4ab32f77fc081af51033e1e3d0638ff2a97ed62ac3f217a85560cbe5cb5c46d1

Analysis

max time kernel
1s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12143ba2886ce106a67b988bbe6a1862.html
Size

1.8MB
MD5

12143ba2886ce106a67b988bbe6a1862
SHA1

3cfb0db54ed8ea49447b72b0471d1c35e83cac20
SHA256

4ab32f77fc081af51033e1e3d0638ff2a97ed62ac3f217a85560cbe5cb5c46d1
SHA512

d8fbb44bbe79fc3bcba2dd6c39337836b90a92cfa48071a8b4562d86dd56f6c606364a7059fd20e9b254733badeb9eb3f02c82cabc448b519f1df624b8e329ab
SSDEEP

12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NN5:jvQjte4tT6T5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{EDD92FFC-A2CA-11EE-9A4E-4ECC77D3B663} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2796	iexplore.exe
2796	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2964	2796	iexplore.exe	22
PID 2796 wrote to memory of 2964	2796	iexplore.exe	22
PID 2796 wrote to memory of 2964	2796	iexplore.exe	22

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\12143ba2886ce106a67b988bbe6a1862.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:17410 /prefetch:2
  2⤵
  PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver2A76.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6AXLYU2E\jquery-3.1.1.min[1].js

Filesize
36KB

MD5
176b1acde1b2c50780a2c20d6972f4de

SHA1
a7e155a1fcaca04cc9448954610732837aaff665

SHA256
a0610f41d1e24c73989724828a4d576d39a95227f7a4a9ca08c1d5695890f352

SHA512
9c5f39f5b5130693d71d98b794bc4cceba30ffd5d9bff8c6eb8c21b301c5c0db5953e1ca464e1fe0245329b31a9f027fe1ba87a5d5823ee10b882cb0a68ebf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6AXLYU2E\suggestions[1].en-US

Filesize
6KB

MD5
b017e82e8379a1210c9f5250408a007c

SHA1
099af9c8f5e70ff970f8ddfc1b4c156a2c1229ed

SHA256
9856ceef0c088fa18d4ae635a42f64035a17425b7cfded682d048cb6ec4ca993

SHA512
54f11f271721fb851056567d7f929922ed0f87919f74ca06766abe629444590d1e5ce3586bcd713dfa3b1f5ed40128d9589a9fd7af02e4e72c80a8b71ea6509a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\jquery.min[1].js

Filesize
29KB

MD5
dad56d26930f517c9994a0f461b04355

SHA1
f99a9e504466c87320f369f2705831e508791fe6

SHA256
fbdeb4648e4b2a1429282ea96cc7a0ce0a6a2588fc41f561a1b211d2a640fc49

SHA512
5a3921a5883f7ba285c95f191fb0e430e7b55807ea2610e932bdd4571ba1cf89320b7a64e967b9d8ea456bf2acfcf3fbb9f490ce5934bd07364d62dd9723c52a

Download Submit