9f3b61f856595be9d45afbe12ba07cd7f78022c243ea1cb58726bb7431ecf937

Analysis

max time kernel
0s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

459329afbdbdc0173f1300fd1357cbbf.html
Size

2KB
MD5

459329afbdbdc0173f1300fd1357cbbf
SHA1

d31fcecc0ea1cc9448457860afddb761e5cc1fb3
SHA256

9f3b61f856595be9d45afbe12ba07cd7f78022c243ea1cb58726bb7431ecf937
SHA512

c1e01e02d0850062d359244cc9aa414a73333021a52156836d4797ee99c15f2fe9f85c78f15c47f8cb1e55a9edc15d43814e148da02a5d853fcfcb85c20e3d10

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D1E15CDF-AC60-11EE-9963-76CF25FE979C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2192	iexplore.exe
2192	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 1724	2192	iexplore.exe	16
PID 2192 wrote to memory of 1724	2192	iexplore.exe	16
PID 2192 wrote to memory of 1724	2192	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\459329afbdbdc0173f1300fd1357cbbf.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:17410 /prefetch:2
  2⤵
  PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\suggestions[1].en-US

Filesize
9KB

MD5
9319830715e455a8fc5647ca0e6cfeb2

SHA1
3e72ed887432bee16ab5bf6aa86c78ae7a46095f

SHA256
5297e0d98b0d75a70fdd7b13b2355bb9ee62aeef3459288bf7ef40a983b892b2

SHA512
dd1be63a4029cb786deb65fe3c561f194ee6294135d68d9f4bc9d154cc931a4cde080d24f0efd31a3ade1bcbbd9c6f609817e0008e25bae401b73164e5c78c87

Download Submit