3b34188f72381c298708361a96ea090544d842cf4c8388c12dbc540febd25853

Analysis

max time kernel
0s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

263ab175a0a5f74a524cb592d2bdad6f.html
Size

432B
MD5

263ab175a0a5f74a524cb592d2bdad6f
SHA1

fccdc5ff6a4235a4e6468c9bf57f76f21db8f2d6
SHA256

3b34188f72381c298708361a96ea090544d842cf4c8388c12dbc540febd25853
SHA512

1dd497ec6484213a2880faa3ae0f6f5a17f17cef845fb31ec3a7760ff05e3d97430916a6b1877124b4350032668da4ce5d5ff11e27bb7262e23e519497b60f57

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{68D86E4D-A915-11EE-A0B6-667A6D636A0F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1196	iexplore.exe
1196	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 4620	1196	iexplore.exe	17
PID 1196 wrote to memory of 4620	1196	iexplore.exe	17
PID 1196 wrote to memory of 4620	1196	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\263ab175a0a5f74a524cb592d2bdad6f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:17410 /prefetch:2
  2⤵
  PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\flj0k7l\imagestore.dat

Filesize
1KB

MD5
7065644ada22dcd357b5ae149e4a3f02

SHA1
07c4d5640efb08ec0b1d4b1194bac4f1bc661ed7

SHA256
b81ae0e9397fbfee7e996ac8cbd88f0e327d847adc9297f2b89d2643e5cd4808

SHA512
638b042bb6996a7dabffa6e7c5b8e167cc8e8937cde45577e8cc2c1a6d97d07eb4593e933608526139045ece78c9909126da63de250722ee7d3d738120ffafa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit