a32fbdcfdb0bdcf85461e28877734085490b0ae60d23d3046eee9b95d55cb381

Analysis

max time kernel
7s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

images/popups/custom2.html
Size

930B
MD5

0140d08971f1ac830877878b2366f731
SHA1

06af398759d6ef54e9988af93c476f7fd0288052
SHA256

55c003d974c79b5f4ffb4e8c61af96e57ee3fa833f019916e5d77483ff324041
SHA512

c3f17f1b8f86ed8785f4791af7fa0a7f1cb3fbf38dff9be74a63f69239a53cd78f29db343fa97d2868b971af9b8bac05725e10cea83a9f987f4091004abfbe4d

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9A0C98E0-A746-11EE-9A4E-524326B4BB5C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2852	iexplore.exe
2852	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 3412	2852	iexplore.exe	89
PID 2852 wrote to memory of 3412	2852	iexplore.exe	89
PID 2852 wrote to memory of 3412	2852	iexplore.exe	89

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\images\popups\custom2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:17410 /prefetch:2
  2⤵
  PID:3412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver16B0.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6AXLYU2E\suggestions[1].en-US

Filesize
11KB

MD5
c5dc259acaad9ceb7bad842fa820b4f3

SHA1
6f918e5810b3f529990bcfdaf62b4da5be7a0ddb

SHA256
7956656ebc4c6af037bf17cb359fddfa269610ada13018dfab3b8056727eded5

SHA512
3ebc99797d81b2eabb79155c619e960146c41b4c04b36f17ab069e76d1df109aff002d34e172ca90fffe47ae8984bc5136dc3c731dd53a1d8a08d64994260938

Download Submit