cf75f00a1a70cac9848a5ee7a9f729bd5d1355fc0746f7fa9e6f26df9323b0b9

Analysis

max time kernel
0s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 14:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3a2c4710678491c4fb73e64bda609a5c.html
Size

8KB
MD5

3a2c4710678491c4fb73e64bda609a5c
SHA1

31f8dad0c0826756e77608016b2079388e8dfa11
SHA256

cf75f00a1a70cac9848a5ee7a9f729bd5d1355fc0746f7fa9e6f26df9323b0b9
SHA512

e48520dd002353e51346a91df8d9fa6df55247ad8ea3e06142ef6789aa2782e92bfbfdc059646761da841e9405111b6fd9699e4980ee03b1b2aaee1caa2ca073
SSDEEP

192:ln8uqnGDSSW0nq2X7S2e8ZWbpZEIH9Lvyx8uaroKkF3L0sMAccxSIco:ln8uqnGDnW0q2X7S2e8ZWbpZEIHdvyxz

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E3EC7B73-AC13-11EE-9963-42E20219F0C2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2408	2352	iexplore.exe	16
PID 2352 wrote to memory of 2408	2352	iexplore.exe	16
PID 2352 wrote to memory of 2408	2352	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3a2c4710678491c4fb73e64bda609a5c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:17410 /prefetch:2
  2⤵
  PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC1AA.tmp

Filesize
4KB

MD5
d67d8cd9a827f8266dadf2d6b424dcdd

SHA1
bf38bd20d6cfa5232f7597b2d766c801c3fe4b14

SHA256
889daab17f59ace04f6a6c7ee50d0cece37ebf5c4c8c0e7ffc59eb57727021b7

SHA512
b18de626ccdd20ca364e1981d8dff6c696e6115625f03410cb725238602854ca74b595a4d5c2f39c496895deb312ff2349fe7a99086bee18d7a043e6430aff56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ2SYU15\suggestions[1].en-US

Filesize
10KB

MD5
bd62e5dc3045247abc1fadd4697aa8c4

SHA1
0bf17874aa039d2e68f24ac34e5714f9238f5684

SHA256
dff2dc4670e5796ffb7f8b74780d48277c5d84ecaa98e10d76169cf7c271a0b5

SHA512
d10b2f8a720a715d7197af3deb7d6fc01c25e44cf7825d0788796e58cc98f5bdaeb0a86a4ecd61b43f23b30e74e8fb5de4f177cb244ae5d7c269979cec1bab64

Download Submit