3544d9d1e13e85307304ceb12c475ac404663868a8d31553295f3f5e81d15586

Analysis

max time kernel
0s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fe17fc072211748f5aac449830ccdbb.html
Size

12KB
MD5

1fe17fc072211748f5aac449830ccdbb
SHA1

ef63b0d87d3b33ff24fe673521e0ea832f7a4c8b
SHA256

3544d9d1e13e85307304ceb12c475ac404663868a8d31553295f3f5e81d15586
SHA512

f73ede4b3f34425ea532ac1458e888c1deaf4e2498149c416ca04edc2e59d40d6a9be03a8951a4eab909248bc60f4d20bc085b61d99359037de03fbced7b6c41
SSDEEP

384:Ss2ZquTqEjld6rTyv6Rb+nQKrlibQmYMH/pMF1E:SvbgyvCAdhi8yfpe1E

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8A6ED8B4-A55C-11EE-9963-FEBFAF1864CB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2148	iexplore.exe
2148	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2740	2148	iexplore.exe	17
PID 2148 wrote to memory of 2740	2148	iexplore.exe	17
PID 2148 wrote to memory of 2740	2148	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1fe17fc072211748f5aac449830ccdbb.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:17410 /prefetch:2
  2⤵
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verD060.tmp

Filesize
1KB

MD5
eb67baf06a1d94f22035da0b59a13d1d

SHA1
68948612d15d7eea6fbdb80371d9c7f78ff9b189

SHA256
428769b8aa88bd8024d80218948cd9af21332cc919bced628a7d8261aaffd800

SHA512
cc0f8e6fc3bb6765993e1074b4e34e8de49acb9c771635c02f3471249eaddd6c5a549cf492ebddf1af2e90d82cdb3f7a603fc0443334b9d4131ca78c50a085a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\suggestions[1].en-US

Filesize
8KB

MD5
b267c4bf3075cd4054cc825fbfe34cb8

SHA1
689d2c8e6b013b529c912e5c8cc1ed0ec57e0f3d

SHA256
e3bf2274ba4db8729232c13312a860cb6c1e350301b2f9a12a198ee8fd75949b

SHA512
2091bd927258e3ba9c4dc0176bae335f599b1d0f752762d6867700806f0e8b8f68cdad72cd54203f9f791cc58c3ac16e84dcb50c91a20e35c9b33f8b6648f946

Download Submit