45b4b9fa980f9ef7095c7e911a0b38784014490ae0e00229e6f7e87fea860ea9

Analysis

max time kernel
0s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38c7a5b4113d54b5c11484f265163c3e.html
Size

23KB
MD5

38c7a5b4113d54b5c11484f265163c3e
SHA1

eb912e1897b8989963b4a59d8f11843ebe8d16d7
SHA256

45b4b9fa980f9ef7095c7e911a0b38784014490ae0e00229e6f7e87fea860ea9
SHA512

98cdc957c03d18bb88e828d487c8a64ad9d4fd13e71e71b455916a00998d0165ab7f0016a8ea1f3c6c2fb96abd39e61dbfba410dc2b0ed27467d32bd2522d0b1
SSDEEP

384:JsnA4ywJ46p/aUBztvukeKXXTu5wJxVQq+ZKL24UTpNyOcn8tvG5nTDuU5esT8a:+1b4qtWkek6ivkZKc7wV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{53D1D9DF-ABCA-11EE-A0B6-6EDCCF833886} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
888	iexplore.exe
888	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 2364	888	iexplore.exe	18
PID 888 wrote to memory of 2364	888	iexplore.exe	18
PID 888 wrote to memory of 2364	888	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\38c7a5b4113d54b5c11484f265163c3e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:888 CREDAT:17410 /prefetch:2
  2⤵
  PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\suggestions[1].en-US

Filesize
4KB

MD5
71cdaee7ccda4a7ac199e4fa2c448426

SHA1
43435753b6eb698254f23b12053954ace9c8f6e3

SHA256
cbb972449dfc909df58be73e85a0a438af8cc00e0e6e272d4ed6e4cbfa636152

SHA512
0f1554d5e680b63c95a205a93cd4543856d928eef1c3211fbb669a0519d10fd2d7e82d8c36b0b482df0346fdcbdab9bf95356db1cb871e752e0e57b6cd9027b5

Download Submit