e984cd91e4e39c418c783b4fd7fd2996a7c83ad2233c5cf49d70e3c0985b7dae

Analysis

max time kernel
0s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

37c58ab33f88e19e790878da3316e650.html
Size

70KB
MD5

37c58ab33f88e19e790878da3316e650
SHA1

d2d3a2f5886b39c0d8fbff84360211b02f0fbf96
SHA256

e984cd91e4e39c418c783b4fd7fd2996a7c83ad2233c5cf49d70e3c0985b7dae
SHA512

0396d18861dca2b851b41dd13c72bdb571d1ebd8d4d8d42b5fab33d220d6a9b02014dc70513771dde66de04d279e80f0af6f78fa3bde7e8d3d75e9849998042e
SSDEEP

1536:gQZBCCOdE0IxCDD2wzR8lveXGDIVt0lP0zgijVjK0ArNrzZiuZLEsCT56KILzio3:gk2e0IxXwzelveXGkVt0lP0zgijVjKtH

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BA0E7084-A416-11EE-A0B6-667A6D636A0F} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4240	iexplore.exe
4240	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 1956	4240	iexplore.exe	17
PID 4240 wrote to memory of 1956	4240	iexplore.exe	17
PID 4240 wrote to memory of 1956	4240	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\37c58ab33f88e19e790878da3316e650.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4240 CREDAT:17410 /prefetch:2
  2⤵
  PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\flj0k7l\imagestore.dat

Filesize
1KB

MD5
0df6e3c252be027148c6fadf84bede62

SHA1
eecdf6526d7f8d3874d1c8bc10aca2e850e3c524

SHA256
75119b4bc5ed26831469eca771d3df39cb6e098fa4de862bd393d7df683e7b30

SHA512
5cf6d0f8ff7566b16a1962f555c0c4a2bd1f1b64a9396b42d6eb10a4ca7ad6c5bcf4a18c3b07675f49e51bec1173b8e467d7d514259fa717c53f2c08c5d4016e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\favicon[2].ico

Filesize
2KB

MD5
cb546f0ce2ca2505cbc9088d8a4592e5

SHA1
d87b70b1a34f4313d085de80da3aa4e8845af904

SHA256
0c3851f8f6d7b9dc63645a68b0db991edc9162620b9d757684a4a20206c458fb

SHA512
b6fcd078f43082daf299a49646280ac3a30b91d10dcfaf8e9fb9e8317af417e34d45ae7397af9507d4101b7bcc58169c2f64adcaa253fc08204b98020b20b551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\jquery-3.5.0.min[1].js

Filesize
87KB

MD5
12108007906290015100837a6a61e9f4

SHA1
1d6ae46f2ffa213dede37a521b011ec1cd8d1ad3

SHA256
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

SHA512
93658f3eb4a044523a7136871e125d73c9005da44ce09045103a35a4f18695888ecafe2f9c0d0fa741b95cc618c6000f9ad9affc821a400ea7e5f2c0c8968530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\layout[1].css

Filesize
11KB

MD5
fb0b1b3a205243bb6a3e9051e2cba00a

SHA1
c597edbc350ad29e675cf8d38c0bf658cfadcae7

SHA256
767ca59062b2de7debf1e64a06d8ba252d0d1c6f5e954e310677ed3b7d28c1ed

SHA512
f0ef368c43c95869b7d504daf2006dffb120588a571978ea38d44fe4294d7b0ff139fd1499820dafaaed1e46a12880ff1008a08b82bbf57770caf6c4f4b55c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\suggestions[1].en-US

Filesize
1KB

MD5
c6bdda3f990d9f4af799c6780b8859b4

SHA1
a621164f6b814af5e867c84e7b014695c850fc7e

SHA256
bf1d3d4bd2bfaf7e1c3ecda4669a16a68da4c2780c49c60b09d3fbc13a1633dc

SHA512
955019d37611587f11831068a20a8b7f2a51838d6c11d02c822aa752fc056ba1336ce2d8f1e7d338fee9b3c9b11889ab8c615a1f60183f27cb060b3976033443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\recaptcha__en[1].js

Filesize
1KB

MD5
2513bdb9159b62ba81532e8332c72fdd

SHA1
2854f454cb01a89561f24df27f8609eef7eacfa9

SHA256
2b98ee81a0dc540907d277bfd0d7583d510e9f85cc205c1529b887c161364b81

SHA512
166300567ce0cb6038835798cbcda4119da9ad3528bccf699f559ae1cb4be01ea47be9dbd9c6114fe77dc986e5711f6179f86db00bf4ec0e19deb1f817656f25

Download Submit