Analysis
-
max time kernel
0s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 06:31
Static task
static1
Behavioral task
behavioral1
Sample
0bcaeb96f583433add94516289d7268c.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0bcaeb96f583433add94516289d7268c.html
Resource
win10v2004-20231222-en
General
-
Target
0bcaeb96f583433add94516289d7268c.html
-
Size
11KB
-
MD5
0bcaeb96f583433add94516289d7268c
-
SHA1
4742126b86712ba3cd7ac356d1550d8436cac4f1
-
SHA256
e267409335aa25cfabeb036635685620bf26d4efd5abd280b354957bc8ba139f
-
SHA512
274fdf81468b0b0f3899e8f32da70be4593828e65cf85459deb460ccc81eb9f8f409496bde108907f714b6fb809ad147821a1ddc857f97538240acfcec4f3ae6
-
SSDEEP
192:2ValIsr0r57MVxKT8//w1wvqa1fRLOXuBuLbdU8d:salIcIQVxj/ggZLOXguLZ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9BE8BF52-A49C-11EE-A0B6-667A6D636A0F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4528 iexplore.exe 4528 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4528 wrote to memory of 3060 4528 iexplore.exe 18 PID 4528 wrote to memory of 3060 4528 iexplore.exe 18 PID 4528 wrote to memory of 3060 4528 iexplore.exe 18
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0bcaeb96f583433add94516289d7268c.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4528 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4528 CREDAT:17410 /prefetch:22⤵PID:3060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5475705ae5bf17dbb1e9dbb9a16d4c444
SHA1a8eafe451e8c745e5825a31e5b4d505a674cb72c
SHA2562fa4ee5351906ac19975a0f1063408741bcf6a60ff0cb42fe56c5528cb910d7d
SHA512120ab0a4b549da1b23f6cab633e058b89e07546341c0b4f22eaec68b7ed92ae71018600656579db407fd2ba7b1d8b2604ecb7bb579d35130b0eed816b683ac3a
-
Filesize
4KB
MD5480be64c6645cb49fe394c454ca64d73
SHA169596b6c7efd33060628c828fe360d10e50e6158
SHA256493049033fd41831de3147007af0897c671ff1f53107200072ac674982637937
SHA51250097e0988d2b704d854aeed5623f812ed5a96e0efc418353874c46f483f39f7be7301f5ee5ae2d4f85bd1d9bb1aa9760d8eb486b7cd0cbc85576aa6e9fd3853