e803377a1da7e53835a806411fa66e4bdeb31e1655366b14b66f4d3e133867fd

Analysis

max time kernel
0s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5399060153acf4a35030959b5d603b09.html
Size

14KB
MD5

5399060153acf4a35030959b5d603b09
SHA1

3842c9b2ecd7e0bcf208d57313583aa4b4ea0c73
SHA256

e803377a1da7e53835a806411fa66e4bdeb31e1655366b14b66f4d3e133867fd
SHA512

a0aaea33c95ffc7b1bc5b5d4f0c2fa0e8480e90b1b27420a17eecf870446ee93ff5f2d95184fee245ff9418bd564e025a3a9462f6e22a410a656b2c7483d76ee
SSDEEP

192:xWTShx5jc7nPfhIHwwbM41LjCOxYFicj7Kb/KyyY0Unc1Ud6JClmP3KTAL3vV:xjtcbhIQOjrOiW7Kr/oxs2V

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{FC73FECF-A48A-11EE-A0B6-5E75A0F0D9D7} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4740	iexplore.exe
4740	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 508	4740	iexplore.exe	16
PID 4740 wrote to memory of 508	4740	iexplore.exe	16
PID 4740 wrote to memory of 508	4740	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5399060153acf4a35030959b5d603b09.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4740 CREDAT:17410 /prefetch:2
  2⤵
  PID:508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
b884082de8745f068fb2d50b0da99664

SHA1
9179d9ba98975b4fa67bec498861f359ec4d858e

SHA256
b256debea762868ce4090f8f44fc3faf2a47d5dd4450028fa716926df2713351

SHA512
6c85c10a592d76c333adc31848363200117d9dbaca349bb601a9734822a315e45d2edb06ec1d6ce136969b1593d8dbce4b5634f3de832472c0c6d13084d42617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TQOCAY2I\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TQOCAY2I\www.youtube[1].xml

Filesize
229B

MD5
d1502077fe16ae2d6d1d88e7d5321b76

SHA1
5d366159e39308c5ab07ada57fffc5de72919cf3

SHA256
8df7f7c49b4a2799b32bb14333dc25cdbfda42a6cab8cf15e16da8df7cde2977

SHA512
b2c2d096ad6530ce947f5b0d3eb8464caf6d8124a29cab448e26e3988e451a0f1032d09b25462b19e123d1b91f7df20236767d1db0194840fd6a3839a73ce3d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\flj0k7l\imagestore.dat

Filesize
1KB

MD5
9b0e3e84f1f3e8adf864e40635029f03

SHA1
13176a5003f1125f60b47ff77c56a5198b9d9f58

SHA256
9e612e9681abe52cae462982c56d57fef489396d9cd6bfa679865f9324b61bbe

SHA512
6027e7ace30fa1bf51d503f5bbdd59c10bc9fd236eb41858d1cae227f338318f6dbeaa7e19ffcef9d3a758120c45a77e8252bddd9e6f530ecc76c9bbb6f04290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\jquery.fancybox.min[1].css

Filesize
12KB

MD5
a2d42584292f64c5827e8b67b1b38726

SHA1
1be9b79be02a1cfc5d96c4a5e0feb8f472babd95

SHA256
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

SHA512
1fd8eb6628a8a5476c2e983de00df7dc47ee9a0501a4ef4c75bc52b5d7884e8f8a10831a35f1cdbf0ca38c325bf8444f6914ba0e9c9194a6ef3d46ac348b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\favicon[1].ico

Filesize
1KB

MD5
0106d4fd24f36c561cf3e33bea3973e4

SHA1
84572f2157c0ac8bacc38b563069b223f93cb23c

SHA256
5a6c5f7923c7b5ba984f3c4b79b5c3005f3c2f1347a84a6a7b3c16ffbf11777d

SHA512
57b77c5d345eca415257e708a52a96e71d3ddf4a781c1f60e8ba175ea0c60b1d74749cd3fa2e33f56642ce42b7221f16491cf666dc4e795ecc6d1fbfdb54ab98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\script[1].js

Filesize
14KB

MD5
61a93c8d52650012379f0521cfd20f8c

SHA1
9c1f145e4d059d09110412c4a352fb4949f1cd6d

SHA256
36349a6b65142c1a942905d88c5c27af86d892d09106b6ab96a1af6852b915a7

SHA512
847d1c52089a01b24f472295378a2d88d82ca74a832bae9546ea2e77e40a7c1b7b543249ca55725da26d876cbd7a8d066749994f7c419bf85ecbfc8a1ba8a68f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\css[1].css

Filesize
530B

MD5
0a127ad39a8ebe4207492293b556adf6

SHA1
17d3dad64e4f9139cfb85bbcca6659a8aa532a48

SHA256
c1294965425b5028a83bbe5eeed0cd9b92733ec41efd07e34532522d4c97b6e1

SHA512
5aa845c5c6c20259d9c6bc0c9fdbd13ff178ba4008865f7113387767db0ad39cd53c1d276cfa4997186fd39f21d30bf00caf8d092e5c04119d992368b1563df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\reboot.min[1].css

Filesize
3KB

MD5
51b8b71098eeed2c55a4534e48579a16

SHA1
2ec1922d2bfaf67bf3ffabe43a11e3bf481dc5d7

SHA256
bd78e3bcc569d029e7c709144e4038dede4d92a143e77bc46e4f15913769758b

SHA512
2597223e603e095bf405998aacd8585f85e66de8d992a9078951dd85f462217305e215b4828188bf7840368d8116ed8fb5d95f3bfab00240b4a8ddab71ac760d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\banner[1].js

Filesize
46KB

MD5
d62c7508a74dffc8de9a7d7faa693616

SHA1
35abb8218bc1a6e98036830ad970505e8b431172

SHA256
a5123e45d387e332206d329e7a5ef93d392ff3f3a97f5987858d59baccb7334e

SHA512
3664d62825d721da6d3a71754bc5f8557502bf8229a4d9b09e20d21a50589d279d3d7d234951baf566d2913388005c5c9f7da358f426701717000873ff2728b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\p[1].css

Filesize
5B

MD5
83d24d4b43cc7eef2b61e66c95f3d158

SHA1
f0cafc285ee23bb6c28c5166f305493c4331c84d

SHA256
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

SHA512
e6e84563d3a55767f8e5f36c4e217a0768120d6e15ce4d01aa63d36af7ec8d20b600ce96dcc56de91ec7e55e83a8267baddd68b61447069b82abdb2e92c6acb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\recaptcha__en[1].js

Filesize
1KB

MD5
2513bdb9159b62ba81532e8332c72fdd

SHA1
2854f454cb01a89561f24df27f8609eef7eacfa9

SHA256
2b98ee81a0dc540907d277bfd0d7583d510e9f85cc205c1529b887c161364b81

SHA512
166300567ce0cb6038835798cbcda4119da9ad3528bccf699f559ae1cb4be01ea47be9dbd9c6114fe77dc986e5711f6179f86db00bf4ec0e19deb1f817656f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\suggestions[1].en-US

Filesize
10KB

MD5
d2875bef22b0a76e5079909977e3adba

SHA1
0c56f172ed1d21c8efc6a5befeb921e44bff042f

SHA256
425dcdf105ace4bfa814542528acad320e2d34b466334507fde042a53620c111

SHA512
07ce7f7f3ccc1c6eca6a131d02c9ad93c8deb360d40beaab668d8f947431031a5c899336da6fa810c0cc156383e30cd963cc607564f8aa3ab739a05d868c3db7

Download Submit