e80adb56740076bacaf8ac81f4d115c4d758cdea8cc52e56a8a031092b8b4e3e

Analysis

max time kernel
0s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e93c609f061fd24d0e2ea17083dab3c.html
Size

14KB
MD5

4e93c609f061fd24d0e2ea17083dab3c
SHA1

91f80a1c71972374c1d53da767b4a131fd0e9e33
SHA256

e80adb56740076bacaf8ac81f4d115c4d758cdea8cc52e56a8a031092b8b4e3e
SHA512

78760b90f27e61af49562fc532f5f9aabfa34c1f23b0d518d619d57789468b5d20c38896c38b2518b57bd2ab0b755361f99125a1380babff239132692b7ee0d0
SSDEEP

192:JClehF5jc7X4Iq4R1msx/zjS3VBkAVKd0p0wAbLAq20IjZWOp8YZo4kFbR3JtZ7E:JR5cZq4Kc/GVKdbwM2nUYEblJtlmk2V

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B0491168-AEFD-11EE-9963-C6E29C351F1E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4888	iexplore.exe
4888	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 3656	4888	iexplore.exe	16
PID 4888 wrote to memory of 3656	4888	iexplore.exe	16
PID 4888 wrote to memory of 3656	4888	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4e93c609f061fd24d0e2ea17083dab3c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4888 CREDAT:17410 /prefetch:2
  2⤵
  PID:3656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\W8GFU86S\www.hugedomains[1].xml

Filesize
116B

MD5
319994565159c98da7faf58ea643f549

SHA1
18e5de3afb3836b2781c74001db50d3eb6cd934e

SHA256
1206c853a930cd6dedda8c446c21e92b23d1b86ad9f952a4130e17c223744c13

SHA512
ce9cbff6c85ecb1a2ccd58ba21f32e36e273b0cc445ece852827aa4c5889ca6200ff9744dc063aea3e3fc33119dde2bf6770601637ccc30236cab967c8215ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC5B1.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\recaptcha__en[1].js

Filesize
60KB

MD5
3de809fadaecdb04c23101c7ecbd0321

SHA1
7d959731447c227f1acde384fe173de2808dc39c

SHA256
bdd9f04351260d427308f20d916722dd30cf19ba6d1f0bc3e71605cc11433aaf

SHA512
e18ebf2bcc9d7285178198267434867c85961ecf8d00a1f5895379dccc26805af99d333d4acaa6adcdb8367be971d0a3a4454fefe08ace74ad0688274da28352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RVXHSNZG\styles__ltr[1].css

Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit