Overview
overview
3Static
static
Admin pane.../1.dll
windows7_x64
3Admin pane.../1.dll
windows10-2004_x64
3Admin pane.../2.dll
windows7_x64
1Admin pane.../2.dll
windows10-2004_x64
1Admin pane.../3.dll
windows7_x64
3Admin pane.../3.dll
windows10-2004_x64
3Admin pane.../4.dll
windows7_x64
3Admin pane.../4.dll
windows10-2004_x64
3Admin pane.../5.dll
windows7_x64
1Admin pane.../5.dll
windows10-2004_x64
1Admin pane.../6.dll
windows7_x64
1Admin pane.../6.dll
windows10-2004_x64
1Admin pane.../7.dll
windows7_x64
3Admin pane.../7.dll
windows10-2004_x64
3Admin pane...x.html
windows7_x64
1Admin pane...x.html
windows10-2004_x64
1Admin pane...x.html
windows7_x64
1Admin pane...x.html
windows10-2004_x64
1Admin pane...x.html
windows7_x64
1Admin pane...x.html
windows10-2004_x64
1Admin pane...x.html
windows7_x64
1Admin pane...x.html
windows10-2004_x64
1Admin pane...x.html
windows7_x64
1Admin pane...x.html
windows10-2004_x64
1Admin pane...min.js
windows7_x64
1Admin pane...min.js
windows10-2004_x64
1Admin pane...rge.js
windows7_x64
1Admin pane...rge.js
windows10-2004_x64
1Admin pane...x.html
windows7_x64
1Admin pane...x.html
windows10-2004_x64
1Admin pane...2.4.js
windows7_x64
1Admin pane...2.4.js
windows10-2004_x64
1Analysis
-
max time kernel
120s -
max time network
170s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
26/04/2022, 13:51
Static task
static1
Behavioral task
behavioral1
Sample
Admin panel v9.1.1/www/1.dll
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral2
Sample
Admin panel v9.1.1/www/1.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral3
Sample
Admin panel v9.1.1/www/2.dll
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral4
Sample
Admin panel v9.1.1/www/2.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral5
Sample
Admin panel v9.1.1/www/3.dll
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral6
Sample
Admin panel v9.1.1/www/3.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral7
Sample
Admin panel v9.1.1/www/4.dll
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral8
Sample
Admin panel v9.1.1/www/4.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral9
Sample
Admin panel v9.1.1/www/5.dll
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral10
Sample
Admin panel v9.1.1/www/5.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral11
Sample
Admin panel v9.1.1/www/6.dll
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral12
Sample
Admin panel v9.1.1/www/6.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral13
Sample
Admin panel v9.1.1/www/7.dll
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral14
Sample
Admin panel v9.1.1/www/7.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral15
Sample
Admin panel v9.1.1/www/App/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral16
Sample
Admin panel v9.1.1/www/App/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral17
Sample
Admin panel v9.1.1/www/Configs/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral18
Sample
Admin panel v9.1.1/www/Configs/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral19
Sample
Admin panel v9.1.1/www/GeoIP/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral20
Sample
Admin panel v9.1.1/www/GeoIP/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral21
Sample
Admin panel v9.1.1/www/Logs/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral22
Sample
Admin panel v9.1.1/www/Logs/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral23
Sample
Admin panel v9.1.1/www/Models/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral24
Sample
Admin panel v9.1.1/www/Models/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral25
Sample
Admin panel v9.1.1/www/Template/FileSaver.min.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral26
Sample
Admin panel v9.1.1/www/Template/FileSaver.min.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral27
Sample
Admin panel v9.1.1/www/Template/assets/js/dashforge.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral28
Sample
Admin panel v9.1.1/www/Template/assets/js/dashforge.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral29
Sample
Admin panel v9.1.1/www/Template/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral30
Sample
Admin panel v9.1.1/www/Template/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral31
Sample
Admin panel v9.1.1/www/Template/jquery-1.12.4.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral32
Sample
Admin panel v9.1.1/www/Template/jquery-1.12.4.js
Resource
win10v2004-20220414-en
windows10-2004_x64
General
-
Target
Admin panel v9.1.1/www/App/index.html
-
Size
144B
-
MD5
83667fe64dc25693d6a95183bd264d1e
-
SHA1
c02f117b8ae2ad965a82b4f68604dea052c84ca5
-
SHA256
d63a65cc2e7c4d99a80e905b159e38c27705ecc4a07b1d733bf5b1d3a4ebeed3
-
SHA512
0e1267310ccdb40266819f44090254e609788718debed5b9f4f3cb682b3a2d46a7a28880bebf58f15c6848c8485eb9f7d30398c0a3de4cb5404aea60de33784f
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0AC50F01-C568-11EC-9EE1-6280490416C4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "357746102" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004863fcdc101a3947b120786fa95ba35b000000000200000000001066000000010000200000009370694da94326030422385c3403f6495342634cd0b6fc4973db43685598ccf9000000000e8000000002000020000000440654862fedece7f9828ba258b0419cc5998ced5ed0ae66806ae3a33551968620000000485efbd3cecd610db62f2dca305e13efd53ff454a26792997eefacefcc3f996f400000001c2aec887d19e1af71d7bc2e5dff41e0024c16aa57acb6483e274fe83f8c2c584585076e6d73cdab007df37662b12caeffe9eb15bc6ad32cb5356b4a2590f1f9 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004863fcdc101a3947b120786fa95ba35b00000000020000000000106600000001000020000000932cd3634212d079d03702b9407d6f752a5092599e96737380ff906fca8de61b000000000e80000000020000200000008d6e76dfe242ff2231c0c2f26dd50c6ff0b791ef9669e6b01ddc6cbc50010f8890000000870e039260d0789e4b856ea64497f4a84b742d61f2e233cdc13b419c53a3885a732d193d60537abffb7946cc13a177992da18b97c8593c0e799fe303df03b866a07105a49154c4dc73dc88f18b7b72c91eaf15d516db8e663977fa98ddfefc644ea05c918eeb5f60b6292c266dd2ba00ec27dfc5dbd3e5f955bd407a3e5aee7e0168c1f69a479dd985ae728013a834fe400000003e0a443b21505d0244c81b90a726a3c93d92be901829222c2cd84770016ec0b5603345bc08a103ea512349aaf4c43dd73834fb4053e737f16fc9d09936cdb550 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b087d4e17459d801 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 904 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 904 iexplore.exe 904 iexplore.exe 1736 IEXPLORE.EXE 1736 IEXPLORE.EXE 1736 IEXPLORE.EXE 1736 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 904 wrote to memory of 1736 904 iexplore.exe 28 PID 904 wrote to memory of 1736 904 iexplore.exe 28 PID 904 wrote to memory of 1736 904 iexplore.exe 28 PID 904 wrote to memory of 1736 904 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Admin panel v9.1.1\www\App\index.html"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:904 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:904 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1736
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
605B
MD590b08b6a051111973c832faa30687960
SHA104dea638aacf3a02c2b4e049973e4fe4cd93ce65
SHA25601e9ac9468105591df009e8bcdebfc9d919dd69b980045a70fcc88707b0626c5
SHA5124ef71e1d81347b3891ea2d6069203fedaaab11e8708b8115cf4afe5304fa1d50ab4497ae1d3641272c749a93b986379d8b705024be5feac199846236423454c5