e94258a5954812480f4719212476f101e38c84292e0368e2a096f5a2e718c253

Analysis

max time kernel
30s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3868debad72484293199cea4634c947e.html
Size

57KB
MD5

3868debad72484293199cea4634c947e
SHA1

813b7481e90379e2304d65efe513c3e2089c8408
SHA256

e94258a5954812480f4719212476f101e38c84292e0368e2a096f5a2e718c253
SHA512

c7921495107bdc60061c20ee1ff98adb84a1f89dd70d6d133cba04fe62a4ee8ebb3794929d75618b5cbae23002a18c28d39895b3371f6e3fed81b7f1720e5744
SSDEEP

1536:ijEQvK8OPHdsgjo2vgyHJv0owbd6zKD6CDK2RVroBLwpDK2RVy:ijnOPHdsD2vgyHJutDK2RVroBLwpDK2m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1DFF2C42-ABA5-11EE-BCD9-72AE6231743A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2604	iexplore.exe
2604	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 4764	2604	iexplore.exe	44
PID 2604 wrote to memory of 4764	2604	iexplore.exe	44
PID 2604 wrote to memory of 4764	2604	iexplore.exe	44

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3868debad72484293199cea4634c947e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:17410 /prefetch:2
  2⤵
  PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64E544B76338020D780BCC40A2A2B366

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64E544B76338020D780BCC40A2A2B366

Filesize
414B

MD5
385f8042a34fd0be27c3c02364284457

SHA1
ad69011d30b623b7094927c19c30f556ecaad069

SHA256
2c45ea8032c05bab3ef7c00b1bdfd43c8f121cdc521569284707fecd5166de6c

SHA512
5650b5cb587fbfa219a8af21d43cd9145ea9940e09f6e1fe7d8d6b6602f18acf8c0ea1516ec99d34a3f5212806212957703e6f0b9829af0256792d039bf9b1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver844F.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8PO8IKDM\f[1].txt

Filesize
1KB

MD5
e5e7626a1212143b3c2272cf2fe109a1

SHA1
29135c3d07dac1554a916ffef79d401b683fe969

SHA256
74deba24178552ac9ed68bcab760c8f441b12902dfa30cab22be568d0bba07dd

SHA512
eb4dab4a74f5ed73a7f7b0510371014ca4912048081afc03653661e0c8fd933d1bc97edabd8b32eddf95742a262eaea656a92f87981b32814b9fa26da4cfa677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8PO8IKDM\suggestions[1].en-US

Filesize
15KB

MD5
77dac70b4cb81ce290ada9e9bb789c7f

SHA1
6cd2a06575082e37624d70b1e2b1f39cc73c7195

SHA256
99accb85514a16477c7a72923dca486d5ce791a04e5b3004cbdede81c43abe6c

SHA512
24058511eca8358fa404488e9840a506b1f8f5f2874f78f5dfb6f928175dcea7359b3a3738add882f2f5551ec151f7aaed52fac2ff8e9820fd347b81a66b3b09

Download Submit