16f988feaaa1937ba278da798a6360997d357df0e4908877b2618aed8ca5f6fc

Analysis

max time kernel
0s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ece47de6eecf312331f439ed555d27e.html
Size

102KB
MD5

1ece47de6eecf312331f439ed555d27e
SHA1

8273631ceb15a7da46d1224dc38deb939adaefa4
SHA256

16f988feaaa1937ba278da798a6360997d357df0e4908877b2618aed8ca5f6fc
SHA512

024837a357575fe1926f75002973bed5d30c9e1a31c6741ba05f6947be6ea048b5200f828c7145a87799723cf1c7156bc77c40c2b2f03e3e838df6912021448b
SSDEEP

768:EPhzJDIpB3ZWxKDJOW9c3IkbXOuUGsYLIkmR0fsEqGT2X49HL9mU3aFg63dRscGe:EPzIpB3ZWQJ2tPfoW6N6JFe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{63652872-A3A8-11EE-A0B6-DA96C499C6F0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3476	iexplore.exe
3476	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 1964	3476	iexplore.exe	16
PID 3476 wrote to memory of 1964	3476	iexplore.exe	16
PID 3476 wrote to memory of 1964	3476	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1ece47de6eecf312331f439ed555d27e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3476 CREDAT:17410 /prefetch:2
  2⤵
  PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC11D.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\plusone[1].js

Filesize
15KB

MD5
31204af4cf60ad052ef157696c2ee127

SHA1
8ca60798b1d1d6a8d3d8a134f58f95008216d765

SHA256
83a5117137f9b6d8e7a54062e714093015c7a54c08c7e765cd870338838d054d

SHA512
e4f1536eac00e35658aa0ddb979046b42bde1f53768c720c3c8c7a968498e794c90034cb00957232f209c0377b6021a5bcb55efa131e4df9a34957ac9461544b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\cb=gapi[1].js

Filesize
13KB

MD5
e0af26da50aa4a0735154be4ad430b50

SHA1
456fac33053d58bd5da55788b4e2f533f6bfd937

SHA256
00124c5dc92feebbda33b266d2b7c161f24e088e136309e17f5ae8ba5996a33b

SHA512
6e7c421cd81a63ee7be2c5426d2a8feb0ffec099fec466d151826df0771b0667aef6c9cc40c90ddde465f2182b1fbea0eec4a89299aff822cc0e718a06642449

Download Submit