8ebeecadb02ca92cb2e4d5c7db64b65ad7faa1eb401523b53d15c8bbdccfa49b

Analysis

max time kernel
0s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

252ce97d6fac3f426345623c19ee5585.html
Size

223KB
MD5

252ce97d6fac3f426345623c19ee5585
SHA1

f6399d5000bbcdc56eac307a92b78ac382c2b2b4
SHA256

8ebeecadb02ca92cb2e4d5c7db64b65ad7faa1eb401523b53d15c8bbdccfa49b
SHA512

775ac3216f640c5016c903d8f9200f2878dd431e92c86351c07b8418832452e9d42690bb8d6dfcaba3e5dde028019d3572058f10f77930f14d45eaa8c092364f
SSDEEP

3072:rXIPRX4PTR9wFT4E6l7yWGFfb0yyB8BsBeUBE/OEkyDn85lw5M:rXsXQRiNP6l7yNBb0ug3bEI5mG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{157E8454-AB9D-11EE-A0B6-7E9BDE81EA77} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3520	iexplore.exe
3520	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 1628	3520	iexplore.exe	22
PID 3520 wrote to memory of 1628	3520	iexplore.exe	22
PID 3520 wrote to memory of 1628	3520	iexplore.exe	22

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\252ce97d6fac3f426345623c19ee5585.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3520 CREDAT:17410 /prefetch:2
  2⤵
  PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\suggestions[1].en-US

Filesize
12KB

MD5
4fab1bbc755b315f78d09c9183d6f36d

SHA1
d7efa1765f8845533867e1b9fa8d1a776c07115e

SHA256
15b1ef140b52d2d988377c4e98597dff38147b5d9b0315b70d9349f7c59022f3

SHA512
6dadba92b5fd139f016b4e65a94fd84a8dce92f04a713be170cda89622d0d6f62dbdb06ef163d686aa1e844373c95b261e29576397949853dd82ea0f49318bd1

Download Submit