e97e8f00a96d9d9da5686fb3179c116f8013fb8fbe73c055f9e2fb12c2b55927

Analysis

max time kernel
0s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 01:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f11ff4709fa5993ff6eec698df031dd.html
Size

14KB
MD5

1f11ff4709fa5993ff6eec698df031dd
SHA1

183c5f56036523d1f2cfa1f63c27d1f13ac72e79
SHA256

e97e8f00a96d9d9da5686fb3179c116f8013fb8fbe73c055f9e2fb12c2b55927
SHA512

071df60d89f68c5538ecc277faea8f6caad9d1d647ad9135a69382cab5e06128c3209285b5a1414fd474758e0a997b449ba9f9187f721ba1f1424d9379a43a23
SSDEEP

192:yyh75jcXDKNRE2dRm3VMYVFnB2d5BBoSHVc+KKMECRusODvojw1hd4hoiZ6+rXao:Xrc4cO+atguhmM+2tiDne2DtK/X2V

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{65EEE8E1-A3E4-11EE-9ECD-7E4216712C33} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4720	iexplore.exe
4720	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 1920	4720	iexplore.exe	16
PID 4720 wrote to memory of 1920	4720	iexplore.exe	16
PID 4720 wrote to memory of 1920	4720	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1f11ff4709fa5993ff6eec698df031dd.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4720 CREDAT:17410 /prefetch:2
  2⤵
  PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0SGFK56Z\suggestions[1].en-US

Filesize
3KB

MD5
9716b40fc7401dc17917b1d42e76a49c

SHA1
886b681614cb680e690ee4a4249d6aade710162d

SHA256
a8c537e1299202135393aab01a4f24f081fcfb0f8c1f1922933824aefdbf88d9

SHA512
3835c6555b48ed6f818948c69293f0428a08abc4ca6d57b05d9b85f5f75c9f97eb72ca1a3a9e36d7ef00e8eee61d2b996f3ff9969f26fb50946b57729434d85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BMK4G1YN\styles__ltr[1].css

Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ISEWAASI\recaptcha__en[1].js

Filesize
32KB

MD5
53cb327bada0120fb622b0051fe6ae40

SHA1
46a398e140afbf24adba014e24f0e26a29b97efb

SHA256
f9d7ed3210374409eb000367a1a1e2859503fa3c9d1d7b73789b85a455380df4

SHA512
868a1da68d1a68a291bdd0b66aad810c0c07e998eef640f11be0322148b13d12674944359e59a9c8323460f1a9b72083d2c17bb11f2bcb157d9d72eb8da03395

Download Submit