dca685b8a63d81b2dbee8825e4ca9cb033793768c2c28cba235d07dfdacbb7f2

Analysis

max time kernel
0s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41fba85503f61994e7eb09bdb6294935.html
Size

20KB
MD5

41fba85503f61994e7eb09bdb6294935
SHA1

f61f52ce69bc824170fcb71b3e63640bd18f27f2
SHA256

dca685b8a63d81b2dbee8825e4ca9cb033793768c2c28cba235d07dfdacbb7f2
SHA512

46f03fcfff94521bd542e5f5b044370b36b3f24c00238e404405b0ac9a1dfcf90f766ece7b66a47a30fa8500664185c5eab475ccd0c9c374736bf29419f3beb7
SSDEEP

384:+KT2ls1ycr8On4zEKZ50G1Llq4sHE2M9thVineL+i8VqX0BXcpKmQ3osKK+c2fEh:+KT2kycr8O4zEKZ5LLhsHE2M9tDine6d

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{74584DBE-AB4A-11EE-A0B6-6E89F5E0ECB7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4028	iexplore.exe
4028	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 5192	4028	iexplore.exe	16
PID 4028 wrote to memory of 5192	4028	iexplore.exe	16
PID 4028 wrote to memory of 5192	4028	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\41fba85503f61994e7eb09bdb6294935.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4028 CREDAT:17410 /prefetch:2
  2⤵
  PID:5192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC796.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\script[1].js

Filesize
91KB

MD5
9d690398aa6c6e8adbe3f8869e5e17d8

SHA1
df8c1df46ef3512db91cac4ec93d69c2c86c4b76

SHA256
876347dfb3aef75ef15e781da6e3881788bbb83e0d6dbd2290da5540177fce73

SHA512
22d563c7bfb67894a497f01cc1c0e4270b6c31479cce4edfe41ce5eb4c97c89f7af980caa2857274a46ecc364c704a656d4e3158cb86c28af2bd0600dc8f4d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\jquery.fancybox.min[1].css

Filesize
3KB

MD5
db944c243572aa15eae0b0f56ecc1bed

SHA1
634152bdb06fbaa680a22e3ed340265109ef0a6d

SHA256
70878c3df2660cff1e8a60398f3f0deef724ab4d71fd076efa7b6fbe6091be3a

SHA512
b71fb6d03a10cde1a0d61919d44ad2df88acb114461f5b75ccf3b1880ae2f1c069cac336941200bf8efdd111cd4ba99b213171209260256c84f15321ca210d70

Download Submit