dc1ac237b56bf31d9fb72560129e934c9a74993a557ee6d2981a18fc3c49ea17

Analysis

max time kernel
0s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

512d2316dc227109c11c21ecbb302687.html
Size

6KB
MD5

512d2316dc227109c11c21ecbb302687
SHA1

6f6fa6f9546b29ade4f14473fa79c239d7117639
SHA256

dc1ac237b56bf31d9fb72560129e934c9a74993a557ee6d2981a18fc3c49ea17
SHA512

f152efe851fab77043e64646b5218113cb25955967100a81f21f78d6c5aa39d82dc592abf21b7c45ac92281aa8889ceac00c727689d0b29e96fd733f1c16516d
SSDEEP

96:uzVs+ux7IALLY1k9o84d12ef7CSTUyZcEZ7ru7f:csz7IAAYS/tb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7D815904-A482-11EE-A0B6-7E9BDE81EA77} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4548	iexplore.exe
4548	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 1732	4548	iexplore.exe	16
PID 4548 wrote to memory of 1732	4548	iexplore.exe	16
PID 4548 wrote to memory of 1732	4548	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\512d2316dc227109c11c21ecbb302687.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4548 CREDAT:17410 /prefetch:2
  2⤵
  PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verCED9.tmp

Filesize
11KB

MD5
b0e0123df25961f5c7665e9cf7e91a3f

SHA1
a5d81d180616e134d00f7be5767f8d8d0853a5f3

SHA256
98360c7877e16a90d7ba19677c75b0e94911001ba19ea1b413fb51975d8f3c05

SHA512
fef9fbdc70d5ce0cb17cd924eaf2c0231e75540f479356f851561f416429b67e721ed332ef05b872bf1e68f136e768fd048d381e7485d09224bea9fbab2f672e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\suggestions[1].en-US

Filesize
11KB

MD5
852b1cc8463f3d546cc73b9b02533d17

SHA1
5d71776a727d174235b04aaf6218878931a6ec57

SHA256
98864ee6854e2c2fca97c37b321fa010c7bafc61881c08127ad598fbb210a59d

SHA512
77a173cc8ea28368f75b429b2f91a9a55b9e7f93bf0187571e9a5e74bb907fae2bf26cd99d387b4cc338d75a2b95c19d8d8aaf3d20902c90d08eae53b490782d

Download Submit