00538455258b7d1a44c423810921f935a0d06ecd7515ad42ced5becc3f622851

Analysis

max time kernel
0s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 07:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11d0e7bb7f79ebfa4f943467fd6380e0.html
Size

67KB
MD5

11d0e7bb7f79ebfa4f943467fd6380e0
SHA1

e35d6e8df8ed58ea559001bd95f8a377abecc058
SHA256

00538455258b7d1a44c423810921f935a0d06ecd7515ad42ced5becc3f622851
SHA512

2460ec71ec493ef5f018fa090016d26fb746d0abbd2aa9b6dc4a923bcff726d6a4061aedb5797d488892560dcb40f1a8dd738a873efcfd8f48c5f1866eca36a8
SSDEEP

768:7zz1R3LtGdsmWpDJxgZ8z4lWCESLEpzV1GAK4qPD3mrm7maP6ZtLdEic+6qgB6mR:73SJW5qPD33ndx5FJ1o0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{16CCD8C2-A79A-11EE-9963-CA152A8DAB80} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
624	iexplore.exe
624	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 4508	624	iexplore.exe	16
PID 624 wrote to memory of 4508	624	iexplore.exe	16
PID 624 wrote to memory of 4508	624	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\11d0e7bb7f79ebfa4f943467fd6380e0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:624
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:624 CREDAT:17410 /prefetch:2
  2⤵
  PID:4508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RVXHSNZG\suggestions[1].en-US

Filesize
16KB

MD5
f917a0c3a182f61267521bbc34811055

SHA1
32342479e4d7836859de70cc068e0eb1d6b0b239

SHA256
62a7c1a76e11d83d25b479df301fc5c857a5e6a470038f16e509fc810a71aabb

SHA512
3143f1f7eb70cb6acfb158d135645789cf6c02d826298e61c34a6e03bd3222a72b3e73d90fe60b7534c2573c7a6e8a2720f1cfc2adbbfdbb222205515a299deb

Download Submit