c1b42cead41649bbc060e01a1c3b1748a1b4f4f08b01583ea8737d9289ab116b

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c719c617c6294974d9a37258c42b3ae.hta
Size

11KB
MD5

7c719c617c6294974d9a37258c42b3ae
SHA1

5dcf053d10b035348b139cd51ca43be9ecd63f87
SHA256

c1b42cead41649bbc060e01a1c3b1748a1b4f4f08b01583ea8737d9289ab116b
SHA512

64a184b71f45157c02eab63bdb021ab9e9bcd2533028e687420e55e0c891c17c08a500b969115a7d4282b92e4059ceb47de2c074706a8dfac54fed5148e4e7dc
SSDEEP

192:Z4E4I4/405agwx4B4B4B4B4n4B4B4a41+47Z4e4L49j24mB4N4Xv4V4z4h4h4h4V:Z1VEFMIIIICIIF6+GZX2QqPBiOveEIIH

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2316	2236	mshta.exe	28
PID 2236 wrote to memory of 2316	2236	mshta.exe	28
PID 2236 wrote to memory of 2316	2236	mshta.exe	28
PID 2236 wrote to memory of 2316	2236	mshta.exe	28
PID 2236 wrote to memory of 2316	2236	mshta.exe	28
PID 2236 wrote to memory of 2316	2236	mshta.exe	28
PID 2236 wrote to memory of 2316	2236	mshta.exe	28

C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\7c719c617c6294974d9a37258c42b3ae.hta"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\ProgramData\qListDataTypeDateTime.dll,D2D1CreateFactory
  2⤵
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads