Overview
overview
3Static
static
3Onedrives/...AO.htm
windows7_x64
1Onedrives/...AO.htm
windows10-2004_x64
1Onedrives/...GC.htm
windows7_x64
1Onedrives/...GC.htm
windows10-2004_x64
1Onedrives/...O.html
windows7_x64
1Onedrives/...O.html
windows10-2004_x64
1Onedrives/...P.html
windows7_x64
1Onedrives/...P.html
windows10-2004_x64
1Onedrives/...LO.htm
windows7_x64
1Onedrives/...LO.htm
windows10-2004_x64
1Onedrives/...FE.htm
windows7_x64
1Onedrives/...FE.htm
windows10-2004_x64
1Onedrives/...TR.htm
windows7_x64
1Onedrives/...TR.htm
windows10-2004_x64
1Onedrives/...an.pdf
windows7_x64
1Onedrives/...an.pdf
windows10-2004_x64
1Onedrives/...A.html
windows7_x64
1Onedrives/...A.html
windows10-2004_x64
1Onedrives/...bg.png
windows7_x64
3Onedrives/...bg.png
windows10-2004_x64
3Onedrives/...F1.png
windows7_x64
3Onedrives/...F1.png
windows10-2004_x64
3Onedrives/...ion.js
windows7_x64
1Onedrives/...ion.js
windows10-2004_x64
1Analysis
-
max time kernel
173s -
max time network
202s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-05-2022 22:31
Behavioral task
behavioral1
Sample
Onedrives/Onedrive1/AO.htm
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral2
Sample
Onedrives/Onedrive1/AO.htm
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral3
Sample
Onedrives/Onedrive1/GC.htm
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral4
Sample
Onedrives/Onedrive1/GC.htm
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral5
Sample
Onedrives/Onedrive1/GNO.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral6
Sample
Onedrives/Onedrive1/GNO.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral7
Sample
Onedrives/Onedrive1/GP.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral8
Sample
Onedrives/Onedrive1/GP.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral9
Sample
Onedrives/Onedrive1/LO.htm
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral10
Sample
Onedrives/Onedrive1/LO.htm
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral11
Sample
Onedrives/Onedrive1/OFE.htm
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral12
Sample
Onedrives/Onedrive1/OFE.htm
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral13
Sample
Onedrives/Onedrive1/OTR.htm
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral14
Sample
Onedrives/Onedrive1/OTR.htm
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral15
Sample
Onedrives/Onedrive1/Starting-Business-plan.pdf
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral16
Sample
Onedrives/Onedrive1/Starting-Business-plan.pdf
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral17
Sample
Onedrives/Onedrive1/YA.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral18
Sample
Onedrives/Onedrive1/YA.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral19
Sample
Onedrives/Onedrive1/images/landing-devices-bg.png
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral20
Sample
Onedrives/Onedrive1/images/landing-devices-bg.png
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral21
Sample
Onedrives/Onedrive1/ojomu/OF1.png
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral22
Sample
Onedrives/Onedrive1/ojomu/OF1.png
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral23
Sample
Onedrives/Onedrive1/verification.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral24
Sample
Onedrives/Onedrive1/verification.js
Resource
win10v2004-20220414-en
windows10-2004_x64
General
-
Target
Onedrives/Onedrive1/LO.htm
-
Size
1KB
-
MD5
f52d41429c54062d947584633403fa42
-
SHA1
fa4fd5f7815d47628be56578f9b93db79bf49243
-
SHA256
3cd98d723283dd7d2fb0b73d8b142cb355cbcb1d5feab9a78d5fb0b60f859e1d
-
SHA512
48ab92999f6522ef75f6d963b472d1124c5db9467a6fa7f1857034c5f8c68cad4137ab5dc33113fcff3893ef6513667992421844650e7c9b1149d6c173ece029
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\User Preferences iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0bf3ab84963d801 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IENTSS" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DA2865B7-CF3C-11EC-AC67-7A7C173711D6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "358827062" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000cf55a22fb9f19a73f87bb6cd59f6d34bf6ffdef1b4f45a678ad7d7a0f2273d3e000000000e80000000020000200000004bf83a9518506c48da6d4c552696bbff6011676d0c6188fe71f2b84175b4451520000000bba461fc99e2e87dafb9e040ef84e378d2fb783e20dfe86ad33488a0d28759cd4000000011c78dc478d18392daab071a7ca8e3f91f5583db3f72bf26b42e2500b95e5dc2fb28c0c395b2d8b12341d67fd3846c7f89cd0979fa7cf1abdfcff83285023276 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2995867854" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b09150000000002000000000010660000000100002000000029c2cc1a0f7656e3d87ddad1393f6c2199ddc23ced7e2c86d61e45fcff1c8e0c000000000e8000000002000020000000449f65aa1d10b29bfd69fa689ec7d620b40a6b80eed3bc0fef60508494709e0e20000000ca61de09756866c21925a18c9b61f71a15d7e0237dd885ffd1bda02aa72e21f740000000dde4200be564c67560d20d4f1a6378354867a63b4036556c4fffeb092f46dc0eca76d52ba710a5281d8af1fec0ebaf55033c7cb2bef6aeb3c4a853f004590839 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b07a24b14963d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2995867854" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30958409" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b0915000000000200000000001066000000010000200000004f71a2e20f1287aa66992d3b1c8af1ad993f52c9e64c98e567c798bcf070e30b000000000e8000000002000020000000f5430dea9b7957fbf8bfedce867314a30dc483978460ae4a5a75ac812aae031b50000000e3e864791b098b41051027586f63f77074f9d9553432ca89558422ca8b331e96b38273f1024b8833891c2ba84896e93f44d8bd42ba2ab2e4bb752102b2ab37f4c340d4bd6c0dbfd9a4c29ea128df372c40000000bd9c49080c24e79b96358ead56b78e09d6f8c4dc71afc901fa50dfc855f214a81355d978a560f89f1ee5d80e3f841ce0e0e1b63afaad1a10a02d77b03a3b6e74 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30958409" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = f982cdb29d50d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000212043b25f3d417117b44a8a376270230b06041fa4e87baa327d20c58ce6448a000000000e8000000002000020000000e54870ab1f27b28187d67074b1514726b8ecb24fbef1f47cf193e19e7ec68fe210000000f6e9ba9b1cfff8fdcb99cc375b34c12e40000000857730d3589e4f807bcfc534a20d557601b92dbdb137983d54d440ca4267ba4bc3701259bf30d24645694f22f4ae0d1f9e7175d133dcd48d61e59dadb0b9b055 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2040 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2040 iexplore.exe 2040 iexplore.exe 4624 IEXPLORE.EXE 4624 IEXPLORE.EXE 4624 IEXPLORE.EXE 4624 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 2040 wrote to memory of 4624 2040 iexplore.exe IEXPLORE.EXE PID 2040 wrote to memory of 4624 2040 iexplore.exe IEXPLORE.EXE PID 2040 wrote to memory of 4624 2040 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Onedrives\Onedrive1\LO.htm1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx