Analysis
-
max time kernel
0s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 03:41
Static task
static1
Behavioral task
behavioral1
Sample
512d2316dc227109c11c21ecbb302687.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
512d2316dc227109c11c21ecbb302687.html
Resource
win10v2004-20231222-en
General
-
Target
512d2316dc227109c11c21ecbb302687.html
-
Size
6KB
-
MD5
512d2316dc227109c11c21ecbb302687
-
SHA1
6f6fa6f9546b29ade4f14473fa79c239d7117639
-
SHA256
dc1ac237b56bf31d9fb72560129e934c9a74993a557ee6d2981a18fc3c49ea17
-
SHA512
f152efe851fab77043e64646b5218113cb25955967100a81f21f78d6c5aa39d82dc592abf21b7c45ac92281aa8889ceac00c727689d0b29e96fd733f1c16516d
-
SSDEEP
96:uzVs+ux7IALLY1k9o84d12ef7CSTUyZcEZ7ru7f:csz7IAAYS/tb76f
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7D815904-A482-11EE-A0B6-7E9BDE81EA77} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4548 iexplore.exe 4548 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4548 wrote to memory of 1732 4548 iexplore.exe 16 PID 4548 wrote to memory of 1732 4548 iexplore.exe 16 PID 4548 wrote to memory of 1732 4548 iexplore.exe 16
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\512d2316dc227109c11c21ecbb302687.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4548 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4548 CREDAT:17410 /prefetch:22⤵PID:1732
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5b0e0123df25961f5c7665e9cf7e91a3f
SHA1a5d81d180616e134d00f7be5767f8d8d0853a5f3
SHA25698360c7877e16a90d7ba19677c75b0e94911001ba19ea1b413fb51975d8f3c05
SHA512fef9fbdc70d5ce0cb17cd924eaf2c0231e75540f479356f851561f416429b67e721ed332ef05b872bf1e68f136e768fd048d381e7485d09224bea9fbab2f672e
-
Filesize
11KB
MD5852b1cc8463f3d546cc73b9b02533d17
SHA15d71776a727d174235b04aaf6218878931a6ec57
SHA25698864ee6854e2c2fca97c37b321fa010c7bafc61881c08127ad598fbb210a59d
SHA51277a173cc8ea28368f75b429b2f91a9a55b9e7f93bf0187571e9a5e74bb907fae2bf26cd99d387b4cc338d75a2b95c19d8d8aaf3d20902c90d08eae53b490782d