1aca251e3498a26a1bd53b45fcaf5db452a7761bf5a7ad796fdaa0cc21a1f19d

Analysis

max time kernel
0s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cb7bddf169e2d2b3b72de526fb088fc.html
Size

104KB
MD5

3cb7bddf169e2d2b3b72de526fb088fc
SHA1

2fd476a5dc6f4cd23de3c30bd0a7c805fcc71919
SHA256

1aca251e3498a26a1bd53b45fcaf5db452a7761bf5a7ad796fdaa0cc21a1f19d
SHA512

4b380d3b6f56dee53e96a9f1ade1ee2e30ef07294d5cfd4a122390deabf15083ef07ef71402089d0074375a02678eecab6b2f0f979233d70f84b31ca9bd6a905
SSDEEP

1536:cUo8aeb2pub800PMWHn4ymLNUSLq+KauSOugXSksbUD0oRDHLIIrXGw+8kOLhZ6Y:cxpsGsy0tJhHaFr7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{727207BB-A64C-11EE-8184-524326B4BB5C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4864	iexplore.exe
4864	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 3680	4864	iexplore.exe	17
PID 4864 wrote to memory of 3680	4864	iexplore.exe	17
PID 4864 wrote to memory of 3680	4864	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3cb7bddf169e2d2b3b72de526fb088fc.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4864 CREDAT:17410 /prefetch:2
  2⤵
  PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C34XGPV\platform_gapi.iframes.style.common[1].js

Filesize
47KB

MD5
aeaf6281d1667597fdc01893edc5af17

SHA1
c050edb89f9ae832c24035d17a12d62fd7f53019

SHA256
7a8b8cd9f79aa7312ff8ef0cb4c666f971d702bfe3fd9b467f192bbddb500311

SHA512
eddb35cc9a995789a3a3521c8a9ebc695ef65766fcd62353a0abb391e50c7b91ea59c1ad4d7273e6068dd0c3d18a843fb4b0884f816c0d6461be9a6590c3f85d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q15AV1NQ\cb=gapi[1].js

Filesize
21KB

MD5
17ea476ee88d1c1a45dd70ee21f39006

SHA1
ee43cc8382f9ee1c0039e2f6909f1fa04e4ee08a

SHA256
b48f8a4fb5810cc7af9b6f56e1ed5f61346e91a42a67188c8fe6c66c8e6be7c9

SHA512
cfab8b908f86503037be3d89c8dd337681a49853ef5255511ca4b89ce88af4c6810de6809cb28cb02a51ada0487ccdbf13a0170d4a2e2f4ef816c1a508081cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q15AV1NQ\suggestions[1].en-US

Filesize
15KB

MD5
cadbaf1171a3a2ed5fbb78acebe6278a

SHA1
9fb3489b03040b5bab973152ec853d244e3cb1ed

SHA256
2b336b6172e4378c05c9fa838150fea0732c0070f946099b4302c58d43bccfb2

SHA512
b33a94c0847319e40f6bcacd3d6ad8f914c78e6e0390ee16c240c7bc4b73ebb5ce6b4d6ec6e6b9a9f6ee9f605f5e577a0ee37d44df42edd594d81d1e61e1e863

Download Submit