4dee05cbdd830e96a96ab5461e96fa8895a64b57d1a880ced3c0db21bb5abd12

Analysis

max time kernel
0s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d4302915b25a8058eab7fe449cd07ab.html
Size

3.5MB
MD5

1d4302915b25a8058eab7fe449cd07ab
SHA1

e27610cb94cecdb39e8c9008907e38ded8e52e26
SHA256

4dee05cbdd830e96a96ab5461e96fa8895a64b57d1a880ced3c0db21bb5abd12
SHA512

ce0e388b63d97a73b83c286d5c614b924d26740f901e9ac050d445f0a0d67f9ef5e774d4064cff02f80c103aeb8a45115a3f09822d1750e9c5f298b800ecea58
SSDEEP

12288:oLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nfo:ovpjte4tT6No

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4D7301C3-A3D0-11EE-A0B6-6E89F5E0ECB7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1136	iexplore.exe
1136	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 1636	1136	iexplore.exe	18
PID 1136 wrote to memory of 1636	1136	iexplore.exe	18
PID 1136 wrote to memory of 1636	1136	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1d4302915b25a8058eab7fe449cd07ab.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1136 CREDAT:17410 /prefetch:2
  2⤵
  PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC796.tmp

Filesize
1KB

MD5
eb67baf06a1d94f22035da0b59a13d1d

SHA1
68948612d15d7eea6fbdb80371d9c7f78ff9b189

SHA256
428769b8aa88bd8024d80218948cd9af21332cc919bced628a7d8261aaffd800

SHA512
cc0f8e6fc3bb6765993e1074b4e34e8de49acb9c771635c02f3471249eaddd6c5a549cf492ebddf1af2e90d82cdb3f7a603fc0443334b9d4131ca78c50a085a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\beacon.min[1].js

Filesize
19KB

MD5
dd1d068fdb5fe90b6c05a5b3940e088c

SHA1
0d96f9df8772633a9df4c81cf323a4ef8998ba59

SHA256
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

SHA512
7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\jquery.min[1].js

Filesize
29KB

MD5
8124d99ae5c745e412e88fd7271c62d0

SHA1
613ceeb1310cc0ed511f0d1e398f895a1d1357ab

SHA256
fe465d10440525f398dec4dae210fbd71591bb3a0cde5c94ceb5ae4e8caf359e

SHA512
2717888cab9db513e4eacaa33fe9dbdb4f3c195b7e419b87d5360fd2b8e41b51cee206e15569f7549df976f1b44bcaa15e6b6614b50dab6b7769e7028358a808

Download Submit