Analysis
-
max time kernel
132s -
max time network
134s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
11-01-2021 18:16
Static task
static1
Behavioral task
behavioral1
Sample
5268c190b3a6940bc7c8f0361f3a187f.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
5268c190b3a6940bc7c8f0361f3a187f.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
5268c190b3a6940bc7c8f0361f3a187f.dll
-
Size
305KB
-
MD5
5268c190b3a6940bc7c8f0361f3a187f
-
SHA1
56b1b5066f88e07f494e5e97f9a8b791cc9d7bd2
-
SHA256
8e34c697b603788b9baeecfb375c466cb8468a322d6ae9b81fc41fb61472c3da
-
SHA512
c44274ee84f9fdfdce444b36e33b2ca2db265cbc99a9ffb7fe5ebbbc79cb9b82f19cb93477d4211d9122cd7043a5964c115d2bc4adc4af0ef7c0b60b069481d0
Score
1/10
Malware Config
Signatures
-
Processes:
iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30861390" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000e859796766910441c0cc8ef6b1a9b85c236cdd20a72e11344894fa18802d5ac6000000000e8000000002000020000000cb109675aa3650cf20904604a52c9013dfc087e70f492b598f2fadd407789c91200000003f82c2aa55cc609565a8685fe3d7b1bfbbe20e7383c3416f59c9b7a45414fa7a4000000039673ad9705d2400f796f23be0756ec7bf07540af0b5bf2d8262f5182f3a5ff104b67ea2b19fc71679f3a068288f2b7250456cf96add139762e199b72d54f04d iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000004c1818b95f5452f7d0eac94bd4a382d5f1e2813518612639aa09816a497511c1000000000e800000000200002000000047eac2eabbf293e38b431d169f80672b6ead76d87158000167613a3915ea934a2000000012ef86f765b7fd54fb458f29026b79a926a7db5f156269a1741d2a285fab6ba940000000ebe34762ba4d755de947b65a8259149d3762fa60b0dcb83c253dd4b26288c0eb4f76de0b594537e29a00e0ad9ba0ef5f52ee413d95f15718e79065cafdae9763 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E1F462D-5442-11EB-B59A-42CC13A58998} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4074677580" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4074677580" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c02dfef44ee8d601 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d04a76044fe8d601 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{38EA944C-5442-11EB-B59A-42CC13A58998} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30861390" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70981ff54ee8d601 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000b2354d0e80e32681f15ceff2282c315d0968bb912460512eeb6671f8dbf482eb000000000e800000000200002000000046fdefccb1451f87d876f1c81780783f7660d07f5a6b6f24244b97751c8da7ad2000000011edd921b9e1647d37b5d97a65bb819fbb802029887162baf2c6f1856623019d40000000310bedd5c8d97bc43cf9a03b85b0e8fd8ec9ea9dfd682b6724dd02d69e83b4d77e86ff36777812151d7cbc0819b98d00c8ffe8b964be845bc7f53a61b48cedd8 iexplore.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
iexplore.exeiexplore.exepid process 940 iexplore.exe 3992 iexplore.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEpid process 940 iexplore.exe 940 iexplore.exe 676 IEXPLORE.EXE 676 IEXPLORE.EXE 3992 iexplore.exe 3992 iexplore.exe 3248 IEXPLORE.EXE 3248 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
rundll32.exeiexplore.exeiexplore.exedescription pid process target process PID 816 wrote to memory of 796 816 rundll32.exe rundll32.exe PID 816 wrote to memory of 796 816 rundll32.exe rundll32.exe PID 816 wrote to memory of 796 816 rundll32.exe rundll32.exe PID 940 wrote to memory of 676 940 iexplore.exe IEXPLORE.EXE PID 940 wrote to memory of 676 940 iexplore.exe IEXPLORE.EXE PID 940 wrote to memory of 676 940 iexplore.exe IEXPLORE.EXE PID 3992 wrote to memory of 3248 3992 iexplore.exe IEXPLORE.EXE PID 3992 wrote to memory of 3248 3992 iexplore.exe IEXPLORE.EXE PID 3992 wrote to memory of 3248 3992 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5268c190b3a6940bc7c8f0361f3a187f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:816 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5268c190b3a6940bc7c8f0361f3a187f.dll,#12⤵PID:796
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:940 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:940 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:676
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3992 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3992 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3248