5492b9187e972bafb1c6f8c748ac395518cfcdf56c2f556acbabd1be365297aa

Analysis

max time kernel
0s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

137KB
MD5

13fb2aab1815989a9c30ccfc23ab8fb6
SHA1

be1880b9bb917b3767fc683f864a361a245f60c8
SHA256

67f1c7e4791bd57ab18ddca7ee4197b5389da2cd794394b1258d89e0c5c41ec4
SHA512

9e9ad8ee518bc3e0f96f325380e01ff9fc9eafb07d31f4c206eb0bc27e2a94f90a5d2d4b0ad92f3809d1f87176efc35a40e9e46dc4701bf15e7a4f03799127c4
SSDEEP

1536:HDlBYkUzLUB1ZONeNTX+ZnpClgWoLgu0eZeglL34:HDlBYSgoOZnpCV9NeZeZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{EF3D35A0-A318-11EE-8184-CE055DF4442A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4456	iexplore.exe
4456	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 4188	4456	iexplore.exe	16
PID 4456 wrote to memory of 4188	4456	iexplore.exe	16
PID 4456 wrote to memory of 4188	4456	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4456 CREDAT:17410 /prefetch:2
  2⤵
  PID:4188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C34XGPV\kyo20120310134317[1].htm

Filesize
154B

MD5
cfbeaf604823f038b8b46f0ac862b98c

SHA1
7b9eb1dac48e74fa5f418bc456cb410f88b81d98

SHA256
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

SHA512
c99bf4f1351efb28a74fa2504429875d9a63eb2d6a145a060ed487f83ff3a42b6c85d94165b960edca90aceec58d16a6ed37b25f44452bbacd7f5204c15c23cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\9103061[1].mp4

Filesize
92KB

MD5
c5a8e8ae39f3b784b09759240dcdc73c

SHA1
c3c126355a7a276f4fec42536ac9438a8aef80e6

SHA256
79f6db7842cd64e267cf7b7d5d3a86fc70633bb692de98eedb089fc5d1b8f393

SHA512
465f58d9ab8133a801918e69966ffc8dd735f94aab2e9c06248ea715ab9fdb7abbd4a61452460754091ffa79ccaf0ec70089f7d027fcdbaaf8384325db36ca4d

Download Submit