d9995d663c1f945db79b60ef284b659f96b96277800b035c3ca35750406cf623

Analysis

max time kernel
0s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d95738d6383a69a4f802246d67e9d82.html
Size

3.5MB
MD5

1d95738d6383a69a4f802246d67e9d82
SHA1

87e198ba3643e2cbc26bad382b78f6ad789023eb
SHA256

d9995d663c1f945db79b60ef284b659f96b96277800b035c3ca35750406cf623
SHA512

e0aa87e7c5fb0c110ebddfdeddf7078a78c221b0033b281bcb7cd9f1b1065f3738ba8268b62810664570fcaf3ba301c62335ef8c1a475a8d87df66f3f553cdae
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NNO:jvpjte4tT6DO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E1A6D1A7-AB17-11EE-8184-4ECC77D3B663} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2356	iexplore.exe
2356	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 3428	2356	iexplore.exe	16
PID 2356 wrote to memory of 3428	2356	iexplore.exe	16
PID 2356 wrote to memory of 3428	2356	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1d95738d6383a69a4f802246d67e9d82.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:17410 /prefetch:2
  2⤵
  PID:3428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9ALL181V\jquery.min[1].js

Filesize
309B

MD5
5f535837ba2b594d7a47f5a9a0d940aa

SHA1
5db2b77079a6721bbf79a84d4e821c1013d92340

SHA256
0594286aa8c399785a6cdd45e057450654700086bf1fa11f1c298f3fc23462d6

SHA512
a8c9465f41cbb7c95aef773f7eb1df84c85660c6310d01c25c299d462052edc57ef13ec551f52a989afcce6192095fa834e3d12f502deab14aeb13edc5cbb999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\jquery-3.1.1.min[1].js

Filesize
25KB

MD5
48e5773569f9d8fd60c549e9a3527736

SHA1
f85d8de4fc8daf2b9a74cec75a73157af32f2a38

SHA256
242a52af9f4657e3de1cda1d2762036ee3a6d02a6c74962311e7bfcdd0e7fd34

SHA512
44e08637d813dc4f9b01aaf52a96fd8a5b4dca7073841f72f82cdf898e8dcba1cf29aac6fbe53de8df1b85d253c576c1e23fab7eee1112a87c571dce9febeeb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q15AV1NQ\beacon.min[1].js

Filesize
12KB

MD5
9360fe4da2ae5c54361b8460f9ace39c

SHA1
5acd1bc33bd56ccc7dd123cea00268ef922cf2ad

SHA256
8b468b1411bf12a53100d300f03a896fb6adac8a9a468119dc6545eff1d0eddc

SHA512
c1c2a7afa19c596a7dfcfaad66919aeb8a67abdf2964342d02f1fd856e9c6934fc4a01f84fe21239fd7622ddd0939b07a2b6dd5550ad73eb7aef3bf68050eae6

Download Submit