71268ee3c07e47f02eb7d44737105e60ba17fdbb9a1e787388b34ba81911802f

Analysis

max time kernel
1s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1da70c3c00f720dc764cfb670f5824ef.html
Size

22KB
MD5

1da70c3c00f720dc764cfb670f5824ef
SHA1

1e6bdbbb2b55d5e529ba1a44435bb95cb526c9b4
SHA256

71268ee3c07e47f02eb7d44737105e60ba17fdbb9a1e787388b34ba81911802f
SHA512

2ee321621b944ce8253c2a259b160ba371c941fa1256696426ea93f5cc9b1cbd4cd35feb27f0d3e3631260c5b961a90b7bc76593bf077d55c9ad851ae004dc08
SSDEEP

384:F8an/+j8hnflvP5LESGKDqiSiDfQ3anVc1SADFwwswV3IVwiGKdAfGKnskkUgVLP:F8an/+j8hnflvP5LEpKH7DfQ0q0S3nKD

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B6A2688F-AB18-11EE-A0B6-5A131972A918} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2996	iexplore.exe
2996	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 3272	2996	iexplore.exe	32
PID 2996 wrote to memory of 3272	2996	iexplore.exe	32
PID 2996 wrote to memory of 3272	2996	iexplore.exe	32

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1da70c3c00f720dc764cfb670f5824ef.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:17410 /prefetch:2
  2⤵
  PID:3272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XDZ69F8O\avgle[1].xml

Filesize
84B

MD5
fd57da70bc53ede81d25cccd7167c5f6

SHA1
259c430133c463159a4167237c20596cfe1e4d74

SHA256
bcf249f231e6062be175ac663787ad96bd359c71c67e7076afcc02771adb6cbf

SHA512
6b0e8237a360899a48e42f25637cadbecedc83a8bdf53438e58252dab1f13e210b50322224e55184eaedcc5c603eb08ff30d25abe4ca00b89f9aaa2585baa5f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\jads2[1].js

Filesize
3KB

MD5
bc8141c4650030c41f6a98026b12ce80

SHA1
af5618f7e467a207d4c64627be580283ab5640cd

SHA256
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

SHA512
70fc6246b67dd18b92661c9562020cc9256a9f2aa500017bc79e71b9528251dc241505b58efe58174e0268d6cd44a2158c25f5cb6217ea25a6ea73f58e99ca86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit