1923eaa83df6b7af7a8176d2efbd2f9d3059b796f0a3dda56f9fa9c5a8046f78

Analysis

max time kernel
0s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38253bbcdca1561fcf0381efceae71ef.html
Size

3.5MB
MD5

38253bbcdca1561fcf0381efceae71ef
SHA1

7b729264a2245416098a9fc31a5e328f3bee95f0
SHA256

1923eaa83df6b7af7a8176d2efbd2f9d3059b796f0a3dda56f9fa9c5a8046f78
SHA512

b03bd762965c2ab27714663b931714c09a77825d15f47489774c7c2800c54397f44a49a970c656df4934f487ae8446244c7f1060d05243e7446eb8a9958e2acc
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NSc:jvpjte4tT64c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1C014827-AB85-11EE-AA35-E2FF52840C3F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2320	iexplore.exe
2320	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 4400	2320	iexplore.exe	18
PID 2320 wrote to memory of 4400	2320	iexplore.exe	18
PID 2320 wrote to memory of 4400	2320	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\38253bbcdca1561fcf0381efceae71ef.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:17410 /prefetch:2
  2⤵
  PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8D1Z5HG5\beacon.min[1].js

Filesize
3KB

MD5
37c4ac0dd046375d2fc33aa3e5e61a5d

SHA1
d4218c90fddb52d8c17f0cd3ba63a9c8ba96cc7b

SHA256
e406498197a464755ca74002f11ff07438b7b7aec2f0fcc84361a08fcbff5e76

SHA512
fdd486d304ca1f610a902bcb8030bb78cfd57c004960560fc3cc4e8e77e1eaa2f8926c95fc8eb2bea692026cbcbcfe56de9184fc6b04f4f88159f5cc95a6dd27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8D1Z5HG5\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit