f6d6d0f82fce72dc59998fcd6b8b59a23c8aa9a780447019c8fd7e767613b12b

Analysis

max time kernel
1s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e4def94ea53dcf3f333b315bceb0b71.html
Size

86KB
MD5

2e4def94ea53dcf3f333b315bceb0b71
SHA1

6481e23422d5965ac2e5c0df0fbb5412d92e0d5a
SHA256

f6d6d0f82fce72dc59998fcd6b8b59a23c8aa9a780447019c8fd7e767613b12b
SHA512

da26cf291961e1e7e22153bced84a95c1749372e5501b6ae575dbbc91c724ef1c94c47be0b21f46f0f351d93e96c517dd8e43aa927a0e384886864e70ac171d4
SSDEEP

1536:Js8NcHH2E5ZNhUFp8JKo3FaqaksPtd5UzpZcE9oHr/VB:JJ2HWcZn2p8JKo3FaqAxUVyE9Y/VB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F54E43AF-A5DA-11EE-8024-7672481B3261} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2132	iexplore.exe
2132	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 4708	2132	iexplore.exe	21
PID 2132 wrote to memory of 4708	2132	iexplore.exe	21
PID 2132 wrote to memory of 4708	2132	iexplore.exe	21

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e4def94ea53dcf3f333b315bceb0b71.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:17410 /prefetch:2
  2⤵
  PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verEB0C.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BPK32G26\suggestions[1].en-US

Filesize
1KB

MD5
c6bdda3f990d9f4af799c6780b8859b4

SHA1
a621164f6b814af5e867c84e7b014695c850fc7e

SHA256
bf1d3d4bd2bfaf7e1c3ecda4669a16a68da4c2780c49c60b09d3fbc13a1633dc

SHA512
955019d37611587f11831068a20a8b7f2a51838d6c11d02c822aa752fc056ba1336ce2d8f1e7d338fee9b3c9b11889ab8c615a1f60183f27cb060b3976033443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\cb=gapi[3].js

Filesize
38KB

MD5
0f2052773d7a67637d2c8c40ed721f60

SHA1
b08440578c5b107ed0619f290f677e67faf899ea

SHA256
3b719eb4cc6124257d06dd796abe9af091fbbac4228eba694c3b30fea981759c

SHA512
1683ec4870fe595d3ac64edb791d5c44d4383126a4b1fa303d863af5959730a341ce36c5b5bf90d362dbb03d6621da496e7003473990a3a9a03e6fb070010f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\f[1].txt

Filesize
34KB

MD5
94baeae5a431d3f4b6a82c4a91f59511

SHA1
42afc199c30c4adf7d69bb10cc1b7674102cad6e

SHA256
df5d165b5af8ba63c3b606253a8c73dbdc132bc66153c867b4acbe47efa55f0b

SHA512
866c5064e7a88ff99696a64ef6cb3a770db74ae99d773754613422f6fc4d850eb32945d57aabcd0cbdbb9bec74ab2627a7d7a0cd14bd465086db0083756f0017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit