Analysis
-
max time kernel
91s -
max time network
142s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
25-02-2021 03:30
Static task
static1
Behavioral task
behavioral1
Sample
notification.do.gif
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
notification.do.gif
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
notification.do.gif
-
Size
43B
-
MD5
ebd4c7248ac9be0c41d02060e3430a5d
-
SHA1
eabc59bee6a7ff007a1dfc3da3b5493143c0d087
-
SHA256
e1da5cd02d74bb5ba944e3ce44037860ac9f42392eec6c99b9543910e1a3a5fe
-
SHA512
0f3b6529892aff05bbddc7614faca83f3651f4b14c107853d2cd502391c35f5e26a41af31b5503d68c77264cda24f616aa9f9655fe8a79e975090365ac38ea71
Score
1/10
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{41A0A560-7719-11EB-BEBD-5649AA4EDE66} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30870310" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "370594421" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "321005161" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a97717260bd701 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "320988568" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "381531960" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30870310" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f867beb1fec544b90e0d73cd785c5b7000000000200000000001066000000010000200000009fa9b9e79f1f71928858142e22d90f0df25698877557dd51e233f5d7972d25e3000000000e80000000020000200000009d6f94628001a9d0ee24ac449dfd1fc08e4235c3170af11d94e0b28ec421b7b320000000932a945e83bd356a2c6cc1c3fa0df5c239a9703727ff96af6963c566c30e3346400000002d0316028e969c454512b63392efe78d41248890f71319064ea3b02f8ecaec3b0baec22a875d4e446665dd4101a61d1cdcd3bd265423520b779dfa97e73eb7e0 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "370594421" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00526917260bd701 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30870310" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f867beb1fec544b90e0d73cd785c5b700000000020000000000106600000001000020000000a53b10fe2fa9d52a1ed3837054cd25a79c26831bbde56be3c77337dc476675ce000000000e80000000020000200000007239eff2fa5e8fc0007c5961e87fc6a4643ae8399a809f96f7da21044af5da1d200000009691fb3c6cbff98f5ad4a874a721872d0c908c03fd4e97744eec3b8d1dccd69a40000000db29aeb02284ac956ef3cb2434176f9ace8e6c5d582547ef1084926aeff61b57cf6fa132fedba5dda4d67d247cbc9e720d2c362bd6f1374387b71389be208d00 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "321037153" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid Process 1036 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid Process 1036 iexplore.exe 1036 iexplore.exe 1580 IEXPLORE.EXE 1580 IEXPLORE.EXE 1580 IEXPLORE.EXE 1580 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid Process procid_target PID 1036 wrote to memory of 1580 1036 iexplore.exe 74 PID 1036 wrote to memory of 1580 1036 iexplore.exe 74 PID 1036 wrote to memory of 1580 1036 iexplore.exe 74
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\notification.do.gif1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1036 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1036 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1580
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5812d6b4d19ece68dae838cc759719a5d
SHA1f380617d65191cbe87db3e0c44cf8f8f40e91496
SHA2568c80cf70265eb4bc5388216202263044ee9c0dfb93d90f5e9136bb3a7b8cef86
SHA512e858ce6ff3b48db149d79689d46b92a2456836db00b1bd8a9f42e191690c4c3cb72cb1653ac65219bfc9fa660f59ca1a4b4e605430b0ddea817f09c27eed8018
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5884b0c7449d5081b50a0b63cc7cd318b
SHA1820a87ab6b547f0d631ce23111a1a01f90776ef5
SHA25656b1d5aec26f3a360852d8c6d834b63610dbb09401ac15737715b4d6e427b819
SHA5128161b57f3186abd6a1ae46c332b144ab75f2615b9b175ab982b90377e59d5437037811921c8a0a8f2d1d9c9bf5224d7f270403f7a941f574698dbf965db26784
-
MD5
90552bf19ce72636cc52336e9ab46cf2
SHA111b22f78a306f0e5026a75883fe576197d9d48f5
SHA256107b1053d6a2ed6e05cac3d3ebeae04632ed55d566c51d3d7d6c9656db8bfcff
SHA5124118ff35bbd97102a17c1e29c533cab1abb3670fbac45b415a510a02b888b7a87aa6e9930ba2a3527da1904e31a521a0f59a34a048ccce65a266fe336865746a