Overview
overview
1Static
static
Contact-Cu...ore.js
windows7_x64
1Contact-Cu...ore.js
windows10-2004_x64
1Contact-Cu...rap.js
windows7_x64
1Contact-Cu...rap.js
windows10-2004_x64
1Contact-Cu...een.js
windows7_x64
1Contact-Cu...een.js
windows10-2004_x64
1Contact-Cu...x.html
windows7_x64
1Contact-Cu...x.html
windows10-2004_x64
1Contact-Cu...ght.js
windows7_x64
1Contact-Cu...ght.js
windows10-2004_x64
1Contact-Cu...ain.js
windows7_x64
1Contact-Cu...ain.js
windows10-2004_x64
1Contact-Cu...zr1.js
windows7_x64
1Contact-Cu...zr1.js
windows10-2004_x64
1Contact-Cu...ge.xml
windows7_x64
1Contact-Cu...ge.xml
windows10-2004_x64
1Contact-Cu...ie.xml
windows7_x64
1Contact-Cu...ie.xml
windows10-2004_x64
1Contact-Cu...x.html
windows7_x64
1Contact-Cu...x.html
windows10-2004_x64
1Contact-Cu...ipt.js
windows7_x64
1Contact-Cu...ipt.js
windows10-2004_x64
1Contact-Cu...in1.js
windows7_x64
1Contact-Cu...in1.js
windows10-2004_x64
1Contact-Cu...ore.js
windows7_x64
1Contact-Cu...ore.js
windows10-2004_x64
1Contact-Cu...rap.js
windows7_x64
1Contact-Cu...rap.js
windows10-2004_x64
1Contact-Cu...een.js
windows7_x64
1Contact-Cu...een.js
windows10-2004_x64
1Contact-Cu...x.html
windows7_x64
1Contact-Cu...x.html
windows10-2004_x64
1Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-05-2022 21:06
Static task
static1
Behavioral task
behavioral1
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/before.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral2
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/before.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral3
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/bootstrap.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral4
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/bootstrap.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral5
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/fullscreen.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral6
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/fullscreen.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral7
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral8
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral9
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/light.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral10
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/light.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral11
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/main.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral12
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/main.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral13
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/modernizr1.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral14
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/modernizr1.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral15
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/edge.xml
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral16
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/edge.xml
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral17
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/ie.xml
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral18
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/ie.xml
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral19
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral20
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral21
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/js/script.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral22
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/js/script.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral23
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/main1.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral24
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/main1.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral25
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/before.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral26
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/before.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral27
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/bootstrap.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral28
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/bootstrap.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral29
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/fullscreen.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral30
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/fullscreen.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral31
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral32
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
General
-
Target
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/index.html
-
Size
40KB
-
MD5
5c6b0147dfff4bf2a52fb6a221396452
-
SHA1
9bef33d6f6b291b29452dfddc8296d205ace2b7d
-
SHA256
9a8f57e19a0f8809dde17ef711bffead3e2f2d1712fa11b5810fec6bc05a96a6
-
SHA512
2d8f84b50ee7dbac1e1e26dfcf030b38d7df1717608464959fb0fac196c7c04763ad9fa5b00d89bcd55025632d2c8ee820cec4ee7d80c21bf651084b3a8ec403
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 107888e8ea6ed801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0CEC4B51-DADE-11EC-8749-4224C87335A1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004863fcdc101a3947b120786fa95ba35b00000000020000000000106600000001000020000000e2d480d5ad34d17dd98ed18c186e17ce002c54c793f78e43c02cd9eeddfeeccc000000000e8000000002000020000000f2b3f917a2ec00290ba6d73aedb90a0dc34749302b86a0b73647845d41578b0c90000000c070684e27c8c46d77c275dccc59e1ba5a97232f908095a27f8ea20f8d94374085127dde43da0aed183cabcccdb36ecefec748e698154bf8ef01926ece9d66983266e3c1a03c6a1d7c8b51e00e43c1e3902bc6511fb2c088610a03e216b8d5d0ddb2cb56d04ef55699189dd7f725d52f3b9ec4bb1f24125099294adb9d53c69082583d42958be8e60f25e3bd01ee561d40000000e235ed572e89d7bbbd6122ddf94f0af3dddb46d251b8b3d446957fde7dc15545ecaf9f77b2ea5d457a271b7c54124c7a012473ffdeb9bbc0efccd63806b6fa3b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004863fcdc101a3947b120786fa95ba35b00000000020000000000106600000001000020000000c69f4f6c5521ace66078c8d1e66bc1eb764c2c88bd1dd78c385cd86b8b195073000000000e8000000002000020000000bcae72cb57b1fe3e468404992860a72ab2c859292af55719a03178ebd3ee95d02000000025fea4860f0388ebd5033e19e8f5ee05f1213e3dc28a0939f7d1847bdeaa0ddc4000000005278f85e6dd59537633459776d1045dca8b4be1819804e094349d0fa0f44f104cb810812765b8eaca237a2864d8c3704ba438dd1be89e8d378b81d8e79d87d7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "360105752" iexplore.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: 33 1468 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1468 AUDIODG.EXE Token: 33 1468 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1468 AUDIODG.EXE Token: 33 1700 IEXPLORE.EXE Token: SeIncBasePriorityPrivilege 1700 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1312 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1312 iexplore.exe 1312 iexplore.exe 1700 IEXPLORE.EXE 1700 IEXPLORE.EXE 1700 IEXPLORE.EXE 1700 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1312 wrote to memory of 1700 1312 iexplore.exe 28 PID 1312 wrote to memory of 1700 1312 iexplore.exe 28 PID 1312 wrote to memory of 1700 1312 iexplore.exe 28 PID 1312 wrote to memory of 1700 1312 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Contact-Customer_Care_1973-Helpline\ENJdfdfdDEfMnifd00iE888Error8\index.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1312 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1312 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1700
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x27c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1468
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD5b9f21d8db36e88831e5352bb82c438b3
SHA14a3c330954f9f65a2f5fd7e55800e46ce228a3e2
SHA256998e0209690a48ed33b79af30fc13851e3e3416bed97e3679b6030c10cab361e
SHA512d4a2ac7c14227fbaf8b532398fb69053f0a0d913273f6917027c8cadbba80113fdbec20c2a7eb31b7bb57c99f9fdeccf8576be5f39346d8b564fc72fb1699476
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f47c1110208edff6fc922ae39ddd2c98
SHA103e9a04c0a28e50629d26cdcb19641fdf4aed2cf
SHA256c512f53be0ac3ce22c20efdb3aeda1824ad0c2545e25791022a8a1e3d186c93f
SHA512af48469d14cb08d1f1f55f32e7b4e74931d53f332a48908e0b4850c836f98331d6898cc8ec74e93092120f9cb8c81a79ca1a0875e1d5b1387e50e454db85c5d8
-
Filesize
605B
MD5c0d5deddaa170ff5c15cb962cc854272
SHA1f5724bf74f254f83ef8fb4c537a97410452f95d6
SHA25696f52b5ae499b9454d7ef73d9a83bb5d608de76839adf226c7a6a87f446ca683
SHA5123555ba818affd168c5ba4c68609051023ce1c716990cf444547b3adf9165cc37d89170fc0fce1fba7e168ad2c830ede582ac05e27d7ff5ad642ba4f0972d6f69