Overview
overview
1Static
static
Contact-Cu...ore.js
windows7_x64
1Contact-Cu...ore.js
windows10-2004_x64
1Contact-Cu...rap.js
windows7_x64
1Contact-Cu...rap.js
windows10-2004_x64
1Contact-Cu...een.js
windows7_x64
1Contact-Cu...een.js
windows10-2004_x64
1Contact-Cu...x.html
windows7_x64
1Contact-Cu...x.html
windows10-2004_x64
1Contact-Cu...ght.js
windows7_x64
1Contact-Cu...ght.js
windows10-2004_x64
1Contact-Cu...ain.js
windows7_x64
1Contact-Cu...ain.js
windows10-2004_x64
1Contact-Cu...zr1.js
windows7_x64
1Contact-Cu...zr1.js
windows10-2004_x64
1Contact-Cu...ge.xml
windows7_x64
1Contact-Cu...ge.xml
windows10-2004_x64
1Contact-Cu...ie.xml
windows7_x64
1Contact-Cu...ie.xml
windows10-2004_x64
1Contact-Cu...x.html
windows7_x64
1Contact-Cu...x.html
windows10-2004_x64
1Contact-Cu...ipt.js
windows7_x64
1Contact-Cu...ipt.js
windows10-2004_x64
1Contact-Cu...in1.js
windows7_x64
1Contact-Cu...in1.js
windows10-2004_x64
1Contact-Cu...ore.js
windows7_x64
1Contact-Cu...ore.js
windows10-2004_x64
1Contact-Cu...rap.js
windows7_x64
1Contact-Cu...rap.js
windows10-2004_x64
1Contact-Cu...een.js
windows7_x64
1Contact-Cu...een.js
windows10-2004_x64
1Contact-Cu...x.html
windows7_x64
1Contact-Cu...x.html
windows10-2004_x64
1Analysis
-
max time kernel
153s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
23-05-2022 21:06
Static task
static1
Behavioral task
behavioral1
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/before.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral2
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/before.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral3
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/bootstrap.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral4
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/bootstrap.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral5
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/fullscreen.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral6
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/fullscreen.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral7
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral8
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral9
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/light.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral10
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/light.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral11
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/main.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral12
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/main.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral13
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/modernizr1.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral14
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00FF888Error8/modernizr1.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral15
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/edge.xml
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral16
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/edge.xml
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral17
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/ie.xml
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral18
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/ie.xml
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral19
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral20
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral21
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/js/script.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral22
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/js/script.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral23
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/main1.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral24
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00MA888Error8/main1.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral25
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/before.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral26
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/before.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral27
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/bootstrap.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral28
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/bootstrap.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral29
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/fullscreen.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral30
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/fullscreen.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral31
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/index.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral32
Sample
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/index.html
Resource
win10v2004-20220414-en
windows10-2004_x64
General
-
Target
Contact-Customer_Care_1973-Helpline/ENJdfdfdDEfMnifd00iE888Error8/index.html
-
Size
40KB
-
MD5
5c6b0147dfff4bf2a52fb6a221396452
-
SHA1
9bef33d6f6b291b29452dfddc8296d205ace2b7d
-
SHA256
9a8f57e19a0f8809dde17ef711bffead3e2f2d1712fa11b5810fec6bc05a96a6
-
SHA512
2d8f84b50ee7dbac1e1e26dfcf030b38d7df1717608464959fb0fac196c7c04763ad9fa5b00d89bcd55025632d2c8ee820cec4ee7d80c21bf651084b3a8ec403
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2908081133" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2908081133" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30961403" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2998801633" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30961403" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905671c7fb6ed801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "360112977" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1075acc5fb6ed801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D8645FBD-DAEE-11EC-A58B-4A14660C3739} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000b4a8e24bc0a28b1f8909f0e7e24fac44b652b0037ed11abb7caf9c917944617f000000000e80000000020000200000009495322863c466b3fc19ee1cd6ed583a99b36f810769207291af13937a3cae1b200000001985ff33cb65e64a85fdba5eb16a3cab735583a652926dbab60fa8cc8d23b72b40000000ac368c7d113658db329c80c55790fc860921c99a2333f39d091a03bc41650c8698c90cff285bc336fc97c50d648789ce3ea8ba357a3b1b54560a927fd99ea143 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30961403" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000f3fab7358d0dd857cf70038c4ca358082f0ab7ee08fe49e24251f65cf7d2cc13000000000e80000000020000200000003d17d89a87f32853af95a1d4afd5e4113cda08a53144ab411009d3c741be9fb0200000002513dc4ae61bbde5f1594269a24a958956f82b15995fd4006a72dcf994eff685400000006e05f70e6fa81ae60a56618a491b90f1c590ea9051c61717002ccc024aa154c1e56c961010a6e0301201f316425430620bb67370f8c8efca30b14fe7694bfc8c iexplore.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1081944012-3634099177-1681222835-1000\{F53200FB-0FF5-418C-BCA2-17F590D1AC83} IEXPLORE.EXE -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: 33 1760 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1760 AUDIODG.EXE Token: 33 3176 IEXPLORE.EXE Token: SeIncBasePriorityPrivilege 3176 IEXPLORE.EXE Token: SeShutdownPrivilege 3176 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3176 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4888 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4888 iexplore.exe 4888 iexplore.exe 3176 IEXPLORE.EXE 3176 IEXPLORE.EXE 3176 IEXPLORE.EXE 3176 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4888 wrote to memory of 3176 4888 iexplore.exe 79 PID 4888 wrote to memory of 3176 4888 iexplore.exe 79 PID 4888 wrote to memory of 3176 4888 iexplore.exe 79
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Contact-Customer_Care_1973-Helpline\ENJdfdfdDEfMnifd00iE888Error8\index.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4888 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4888 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3176
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f8 0x33c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1760
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5250ae6beaa18d24f978ab61ff194f33f
SHA118d3eec1d9dcb5fe0d4fb4244cbabe8078959d9a
SHA2568e8a63116aca846f76b38433c211a33c55c0d14d21d22e83503a18a826527bc7
SHA512b4135b9f09c039fdfe0d053642fe24c2f70050cf17369fe6e80b969de629b0cc6c7734b4f1590eeafa4f8559ee0e7506bc36055bd37b6cfbf376d4e4dd2e1d12
-
Filesize
7KB
MD55c1113b7526a7723b64400d44129fa78
SHA1af1b7813ad3e00d4699e5514a77984d5b423b757
SHA2569ecc27c740862ab2712da2c4ff31592e2c0a8643576e64551ee344a73fbe2494
SHA5124b47b9886884bc1eb0651c53eb1805922b2889d42076665bbd9f4b818d54c1bc86956e79cdc254c847b83640373b22a77f9bed9987fbd58c9104bca807a2d2d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD5b463d347dae8625d73a7a1fa98223e71
SHA195dcd659a68cd91b0d3733fd7c11f7fa80ccd7a6
SHA2569353315324ee201e61077a519123103ff5b27fb5edb23d01d7eececf313e411e
SHA51255d0b31a7f5c3d6931dc702ffff9bc0c803b5310ff6b1eafd9f85e73a17bb961099713d4c7c888ea07074d0fafc6bb6b6fb17d572d1801c2cd111478fb443611
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
Filesize226B
MD595430bc68ddfb1d11470081040b4da5f
SHA13781be1b5006d3f6d9507b5660e1d6daa79bfb11
SHA25688bee4287186c896dba678b0f132f5791ce7c22a2571de1b60b5af016e868c14
SHA512ced8da9320c2e4d80b308c559b924e17d97ab2a9f09936250feeedd7fe3b3f42893f02f8f0b32df9d932522d8f2be65b1052f0449d820c865856b3a3f1abb1ea