8530cdde2bf631257e54fd9bd74b252c356c0de6ed3b4ffafee8fed23fc709c2

Analysis

max time kernel
0s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29db85475b19e1ae9f4cb796d0ea3b17.html
Size

79KB
MD5

29db85475b19e1ae9f4cb796d0ea3b17
SHA1

9193f99c03a0b1b8de6e06b93210fa4a8e6ad20d
SHA256

8530cdde2bf631257e54fd9bd74b252c356c0de6ed3b4ffafee8fed23fc709c2
SHA512

3bd010e7e3ba87e2e2f9b88711b5761bc006447d4636c74dfee3a3baf4461cfdcb0ad36680080747f02aaa71664d970b712668391ea20dca16f766c80a266e1a
SSDEEP

1536:/OYGMUgbsjcXmNRS7ODNwKB2z9WkZlMl1SHTd9M9T76FZp:nUcUcXmNRS7+wK2z9Wk7bHTd9M9T76F7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A51A84CC-A943-11EE-A0B6-766E2D171A79} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3080	iexplore.exe
3080	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 3652	3080	iexplore.exe	19
PID 3080 wrote to memory of 3652	3080	iexplore.exe	19
PID 3080 wrote to memory of 3652	3080	iexplore.exe	19

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\29db85475b19e1ae9f4cb796d0ea3b17.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3080 CREDAT:17410 /prefetch:2
  2⤵
  PID:3652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
338B

MD5
9af2c90e7d95890bb2e7811f1344e0e0

SHA1
ec95ef66d8445a15a59b0782a2c2e21cfba54c69

SHA256
00db60f27a1fb4bd27841ff15e902ac4b5f22d1b8dc6c43ef630ce68fec44acc

SHA512
a311e072e7a0f191d1557de86cc52935dfccedbc13c3c078b4ab39553297902fb42bee4d0b47f60fbeddedf3f7cecd25d0b5774908785b5e3dd0014d7344e21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\cb=gapi[1].js

Filesize
133KB

MD5
288c5ba5b7001fe841c32f690f62cc93

SHA1
29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

SHA256
c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

SHA512
e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\plusone[1].js

Filesize
56KB

MD5
1944af3661da46249991197817b6cd8b

SHA1
f952df40ec79fafc7c798f37aff92878977376ed

SHA256
63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5

SHA512
0bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376

Download Submit