Overview
overview
10Static
static
102022-06-16...ts.zip
windows7_x64
12022-06-16...ts.zip
windows10-2004_x64
12022-06-16...ke.txt
windows7_x64
12022-06-16...ke.txt
windows10-2004_x64
12022-06-16...LL.dll
windows7_x64
12022-06-16...LL.dll
windows10-2004_x64
12022-06-16...ff.bin
windows7_x64
32022-06-16...ff.bin
windows10-2004_x64
32022-06-16...bs.txt
windows7_x64
12022-06-16...bs.txt
windows10-2004_x64
12022-06-16...gv.bin
windows7_x64
32022-06-16...gv.bin
windows10-2004_x64
32022-06-16...us.txt
windows7_x64
12022-06-16...us.txt
windows10-2004_x64
12022-06-16...ry.bin
windows7_x64
32022-06-16...ry.bin
windows10-2004_x64
32022-06-16...LL.dll
windows7_x64
12022-06-16...LL.dll
windows10-2004_x64
12022-06-16...px.txt
windows7_x64
12022-06-16...px.txt
windows10-2004_x64
1SCAN-016063.html
windows7_x64
1SCAN-016063.html
windows10-2004_x64
1SCAN-01606...le.zip
windows7_x64
1SCAN-01606...le.zip
windows10-2004_x64
1SCAN-016063.pdf.msi
windows7_x64
10SCAN-016063.pdf.msi
windows10-2004_x64
10SCAN-016063.html
windows7_x64
1SCAN-016063.html
windows10-2004_x64
1SCAN-016063.pdf.msi
windows7_x64
10SCAN-016063.pdf.msi
windows10-2004_x64
10SCAN-026764.html
windows7_x64
1SCAN-026764.html
windows10-2004_x64
1Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-06-2022 12:52
Static task
static1
Behavioral task
behavioral1
Sample
2022-06-16-Matanbuchus-and-Cobalt-Strike-malware-and-artifacts.zip
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral2
Sample
2022-06-16-Matanbuchus-and-Cobalt-Strike-malware-and-artifacts.zip
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral3
Sample
2022-06-16-IOCs-for-Matanbuchus-and-Cobalt-Strike.txt
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral4
Sample
2022-06-16-IOCs-for-Matanbuchus-and-Cobalt-Strike.txt
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral5
Sample
2022-06-16-Matanbuchus-DLL.dll
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral6
Sample
2022-06-16-Matanbuchus-DLL.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral7
Sample
2022-06-16-extic.icu-empower-type.tiff.bin
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral8
Sample
2022-06-16-extic.icu-empower-type.tiff.bin
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral9
Sample
2022-06-16-notify.vbs.txt
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral10
Sample
2022-06-16-notify.vbs.txt
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral11
Sample
2022-06-16-reykh.icu-load-hunt.jpgv.bin
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral12
Sample
2022-06-16-reykh.icu-load-hunt.jpgv.bin
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral13
Sample
2022-06-16-scheduled-task-for-Matanbuchus.txt
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral14
Sample
2022-06-16-scheduled-task-for-Matanbuchus.txt
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral15
Sample
2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx-converted-to-XOR-ed-binary.bin
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral16
Sample
2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx-converted-to-XOR-ed-binary.bin
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral17
Sample
2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx-decoded-DLL.dll
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral18
Sample
2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx-decoded-DLL.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral19
Sample
2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx.txt
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral20
Sample
2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx.txt
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral21
Sample
SCAN-016063.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral22
Sample
SCAN-016063.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral23
Sample
SCAN-016063-from-html-file.zip
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral24
Sample
SCAN-016063-from-html-file.zip
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral25
Sample
SCAN-016063.pdf.msi
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral26
Sample
SCAN-016063.pdf.msi
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral27
Sample
SCAN-016063.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral28
Sample
SCAN-016063.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral29
Sample
SCAN-016063.pdf.msi
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral30
Sample
SCAN-016063.pdf.msi
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral31
Sample
SCAN-026764.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral32
Sample
SCAN-026764.html
Resource
win10v2004-20220414-en
windows10-2004_x64
General
-
Target
SCAN-016063.html
-
Size
936KB
-
MD5
3e757306c45b710d739a802fbd1fb69f
-
SHA1
60c1dc0b885ac77b8f670b636c8d404654362354
-
SHA256
d0e2e92ec9d3921dc73b962354c7708f06a1a34cce67e8b67af4581adfc7aaad
-
SHA512
71d63e20f20658c87cb22da1f8e8b90251384fa3b193cf19e7ea438c4d0d825784baa03d40f6c4b9f3df0f75fd69c451009f0b05608c26fb8849caa1749bfa3c
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{EAF81BE8-F097-11EC-AD90-F23C9496A3E7} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "362494557" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30966948" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30966948" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3210323756" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0a931c1a484d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 901f3bc1a484d801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3210323756" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30966948" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce10000000002000000000010660000000100002000000005ade055be91892ab3f6171a33328f7cb1a5d1ec1fc9473628e268aefba3ced1000000000e8000000002000020000000966abd209126b9c9bb98d46020fb9b64b586af817135dd080b9de004d7ed504120000000f9751dd1938b1a5b7021eb4ee24e600ece9ed182617cbd88143ccc71b42be145400000009a321bdb1cb5dcb79b3a87b6b48c2b8eafd96c7c9db4b098a731c5ba72adcccbe8decbb915155cfe84beaa920921b48fe91bb74cf1ab84ece3f9aa5217616faa iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce100000000020000000000106600000001000020000000dbf96cd7bb1a070a77cfe37e8dbe39618e2a70cc07a6d2f2dd796004a53c387d000000000e80000000020000200000009febeaab638836354c8871a10ea360ee4510560f3c36b8fff4f8296cfdfcb25d20000000a028b42d9c36ad910f47fd4527c9f6981e56f4725fc301a94a7f899f082ed65f4000000093b14e2ca2a227a04350ecf4f73f7725cf561327c4654f0f5bc3a149c0c11e037bc85ec6f21360e768487cbb89a7961e230bc2a3703c84432a51317edc5d633f iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3225636108" IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4388 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4388 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4388 iexplore.exe 4388 iexplore.exe 4868 IEXPLORE.EXE 4868 IEXPLORE.EXE 4868 IEXPLORE.EXE 4868 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4388 wrote to memory of 4868 4388 iexplore.exe 81 PID 4388 wrote to memory of 4868 4388 iexplore.exe 81 PID 4388 wrote to memory of 4868 4388 iexplore.exe 81
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\SCAN-016063.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4388 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4388 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4868
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5da3ee152a5c31850a1d3b179e494e578
SHA105b49d337fa6f227f91bfd37674579219a15b80f
SHA256a9bb0e8aa256d407651238239817c62fe52bbd75abdcbbff147765d0eae344b5
SHA512b49def7e58211a1d121badb50464ffe57d1617a60019ed6a2b2c87376b0b276da3c063ecec37f1dfee7147cd7dd748ba8ed7ff5b9de7cdd9673e735d30ef1833
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD57d6c67ec2df1d01eb2245d491634166c
SHA17049251ca4fc7fde01fcecc4b753bb5d5e4f1852
SHA25607d9f0f0475f9122d1f1640f1b83ab68cb20e69bbcd08995c97b99f95ab32438
SHA512e6940d718a9b379b932a713f0293b47d821ecf23997e35a36c0dc72cacf1299af504605128f134f0a827685a413ef6b0db31e4bf1988dd75f9ad46dabf9e12c2