04d0a43f5e5c16a8e51f2da8748be16a5b4c6eec8ddff48a98d35f7d11d8b6cf

Analysis

max time kernel
0s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ae738a26db8139368c387fde03dbe7c.html
Size

56KB
MD5

5ae738a26db8139368c387fde03dbe7c
SHA1

7af727d95f2a785bcfa8874a417e09f6aa073bad
SHA256

04d0a43f5e5c16a8e51f2da8748be16a5b4c6eec8ddff48a98d35f7d11d8b6cf
SHA512

64e6b0b0341e6245b9a1d41796f7d94e7a7bdcdcbef7a2fe938c17d3d81fd932d286031fcc3947538afb789b57efab67b676a62804e3a67df0af420c8a6394a5
SSDEEP

1536:EiXwgr8VSeO3Z0qunrP4Li62aS6cgRrY0pQW7GyP:leO3ZRODii6D+0pQW7GyP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{68949433-B2C0-11EE-A0B6-7E9BDE81EA77} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1624	iexplore.exe
1624	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 1528	1624	iexplore.exe	16
PID 1624 wrote to memory of 1528	1624	iexplore.exe	16
PID 1624 wrote to memory of 1528	1624	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5ae738a26db8139368c387fde03dbe7c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:17410 /prefetch:2
  2⤵
  PID:1528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verD513.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\platform[1].js

Filesize
56KB

MD5
0d25af623d803b10050b53a7b218c652

SHA1
2dd71fa961b5df37134bc6eb987ee7b7e5861488

SHA256
0bcb6531cb0967359e17b655d4142b55d1eac2aed3fe5340f8ce930a7000e5d3

SHA512
919b48cabd548ae63a6b89dd3ac4df919b630b0cf75266d21b35ea3a6b54eb1ea5ed7371e80bb6611e105f2d994abf9f76f6dd8b6915dd2b8fda09edd263c139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\cb=gapi[2].js

Filesize
32KB

MD5
fc3ad17f1e276346c1ba7f16a408d665

SHA1
c4e768152ad95ed9eae3f5c953467a12c9428b25

SHA256
193cd05923dc8c015b0ddc1856416c2de25445f86bdf81db0247f228e0250c2d

SHA512
c5b075b21ecfb802eaad7c41558776d5b01ae1fe9e44288c6e1e3e119b6ea782a4f5ce14963c7bae7751ddca1d526b9c61fcae774b95fc2d2a6b3843e2de3043

Download Submit