e36923e1f4fcf3dda6d75085edf2067390519898e35af39d5046fda4f3e4d80a

Analysis

max time kernel
0s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c6a9c93204c64cd1fd32ff6021e7dbe.html
Size

6KB
MD5

3c6a9c93204c64cd1fd32ff6021e7dbe
SHA1

dfc58d959a0c8664dc9a2fd9f276f33392c227b2
SHA256

e36923e1f4fcf3dda6d75085edf2067390519898e35af39d5046fda4f3e4d80a
SHA512

2ed33cbef8a536c53e30132f03ffe25953a9affb82d3637a21101ad2ccdbc13b1bfd1d99b17dd468425a1415b65e3bebbc6a879e8cb7f927cb6269b05e47f7aa
SSDEEP

96:/IpFgRGEaeeTQJYzYpQNdT2wXH8smKGO3mrOOSUcTZxe5vKtzUse/u3uj:OFgRGJ3QukpWdTxXcs7ccT70vKdUH4uj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D126D31-A649-11EE-91A3-4AE60EE50717} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1704	iexplore.exe
1704	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1652	1704	iexplore.exe	15
PID 1704 wrote to memory of 1652	1704	iexplore.exe	15
PID 1704 wrote to memory of 1652	1704	iexplore.exe	15
PID 1704 wrote to memory of 1652	1704	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3c6a9c93204c64cd1fd32ff6021e7dbe.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
  2⤵
  PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e52b759b57e388abc76118e51ae3c312

SHA1
c79036fffa408361701342495c85faf93d2ac4a5

SHA256
938010cf367994b59a03ebe6e4f8e52970a825ecfa47fd41abe5d7a14224b249

SHA512
a86b8be79a5296630385348394a94afae37c673ec4ab5b9f1508b661f9c8d00127904870573c03be7ecdc116f5a544c459674153f24bd64f0b30899320f8bb9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46c1c32f36448a8c7e815a27f245fd35

SHA1
98a38055511d52d4d6795dda86f56cba66e54e11

SHA256
eb357fb0aff153b0a9c5fe51a8dd6008a820b6db8b396a818b5a934a1e44a2bb

SHA512
694c5ffea97c093492f548e58f428ba606c28da539e7b98590a179b5cdd054f8968d4c2b1e92defec86354f9b1549ca18a2136f188b351440d931a3a5165901c

Download Submit