Analysis

  • max time kernel
    138s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 04:34

General

  • Target

    6ebe5c4800d13a2a701864d917997f29.html

  • Size

    67KB

  • MD5

    6ebe5c4800d13a2a701864d917997f29

  • SHA1

    8085ff1c1dd59a486c4b6588826e110a06d0be27

  • SHA256

    f96cb0111112d0992988c271388066bb8244d70a519f3e34566cf59e7ee3814f

  • SHA512

    fff4a2f1bb42b42a9b4e6503d02edeb982c5bd511b7970be1f3a8bd8328011d7e3a145869bc6c9a9a5e3da6079a1b23b0676739d38c66367e40fcddb3a3843f1

  • SSDEEP

    1536:WxO31RVx5e884987jumcvy/MFef3Y8dtV:Wx2nVx5d84ev/MFef3YK

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ebe5c4800d13a2a701864d917997f29.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    ecbee8be1b3e68b8e56274a975f204a9

    SHA1

    1f1c78785a4971aa3f1bb35fe28417795ecfd6a4

    SHA256

    39266a7cfcf244879b79c5d99dd6b259063f954bfc47640558e773810eab1be3

    SHA512

    eabc00ddaa5d31c3b80515f9923ff193e89c1561e3f65dadde2e52d91ad249f6c215d34971b58e54d2643368e3712a01c1dfd7ec362f651f8ac3cb4bc8aeea3d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    a6b269407fde4b349d27202e2bdd1e6d

    SHA1

    76d9c35d53207d35b9c01112ee37737d1ee2deab

    SHA256

    34e7f9478a84bd40b14cc302c7c5820081f2926a6ec9e426507aaa4957279013

    SHA512

    0dbc0b5232d9a60ae2a91292eab3d57eb1da0d8ccf5e9a16aa0a75c7e79209bd4931f9002e7c20fcda4dc3df28930845654b7e94f96f2f151facb694c850dfd4

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\R4PI6SZC\www.youtube[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\R4PI6SZC\www.youtube[1].xml

    Filesize

    641B

    MD5

    5f296a2f5fdb6a15d763393ad01da567

    SHA1

    2e3606663098f34c66f59f29235a9919c1314e8d

    SHA256

    afea2e5ab1db805a24d885a5e8a13643dde81c9ff66614f3b9cc2145c9c0eaee

    SHA512

    8707aa7b0f4b78259f76e2a7dcd6285a6547ed462e949c4be21b852bb0fb13f07d4ce4565174aae4f8782ee58e9157261cfd0cd43545d5c01958c3425c9a7242

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\R4PI6SZC\www.youtube[1].xml

    Filesize

    26KB

    MD5

    972e0e380f6b9360b8db8ad9d9e193a2

    SHA1

    ca5d5c9aad29f9283828065714c6d1de865886b0

    SHA256

    6cbf19b2d23f05a09cffad3a2d694e75b2662f4c453a3a2584085697f0c78f24

    SHA512

    4e6e143f1bb055624a0a4831edff0464aa491f1b1200bcd843f9fd662ddc164a0e7c3bda12ef429808a4513027ba4ab888b9fa4d2200ed00728c3e06eb412e64

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml

    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3T8W3B4\f[1].txt

    Filesize

    36KB

    MD5

    b346103dbcb5498b0b284f8af6fbc6bc

    SHA1

    f808b26060513f751f0d6e43cd5ad927f4303238

    SHA256

    cd39df47b7ffbd4d17bea4d842f47fabe5e5984df1485c74bf2a924929619faf

    SHA512

    479733f1ccde7eca16112e36c10589562f3a04466c3e435acec04a7d1dc75ba496b80484c8827e641c5306803df60ffef2e91eb8ea7a196f6be7a7992b270fed

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\platform_gapi.iframes.style.common[1].js

    Filesize

    56KB

    MD5

    f6140cf2e81a9d5b9bc96970fe1946f6

    SHA1

    e18cb20a08d0c13d44b72e36e9560aec2187abce

    SHA256

    68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

    SHA512

    1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z0UNWU5J\cb=gapi[2].js

    Filesize

    133KB

    MD5

    288c5ba5b7001fe841c32f690f62cc93

    SHA1

    29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

    SHA256

    c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

    SHA512

    e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f