ab0f29961f4f8b1912760bdbb04a3037bc26365f9f0df94902a4f33592231b07

Analysis

max time kernel
0s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0475f50cc7146bedcd8fe3e613f28623.html
Size

432B
MD5

0475f50cc7146bedcd8fe3e613f28623
SHA1

8e1779d34e39f3f2e6481e665c8911e97831c2fe
SHA256

ab0f29961f4f8b1912760bdbb04a3037bc26365f9f0df94902a4f33592231b07
SHA512

b15654e329db17aabcf5063583c0f620d8cc18402d5e09de9cb54c3e0f665c2e9ca9934fcad2acf522fdb3a615e4dff9eceddf4c078eccb1cfd2f67ace09eb3f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{10526EC8-A32A-11EE-BD28-4ECC77D3B663} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
264	iexplore.exe
264	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 264 wrote to memory of 3160	264	iexplore.exe	18
PID 264 wrote to memory of 3160	264	iexplore.exe	18
PID 264 wrote to memory of 3160	264	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0475f50cc7146bedcd8fe3e613f28623.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:264
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:264 CREDAT:17410 /prefetch:2
  2⤵
  PID:3160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBBDE.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9owjsyb\imagestore.dat

Filesize
2KB

MD5
d3bbc8c3fe602988041a349c881cb0ae

SHA1
830b47e0194ffd31eb49750087d8015bd61e250d

SHA256
165823b7c07c56cf28e83cd3d9157893aa36e8f5dad515c5d376cf846a1fbda3

SHA512
328ea251b1cdd3add8f3cb1abf169ed64ae7ef4f883ee5ca083c7ac1d006f0a954949edee0b6a35b420def8d3c5b6eb29a5737906aeed53ef1d7e51e94ead4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9owjsyb\imagestore.dat

Filesize
6KB

MD5
2cf01070a60a4675ee4e981e649c3d67

SHA1
5b80f1ce63eb8be552d0aba200526ac047bb0ee8

SHA256
f30db470b3f4ad3687c6d235171621efa25e5d9e5980fab5f55f3a533dbbd62b

SHA512
3b23b6ea7358304f7813f795b3ccfdb943afa6a1f6be14748d516a0175ed58054d065c828c67256dac2c5f9e62c832651233fa0e4b82bba23a695e59c946b2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W8BIYKF7\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit