Analysis
-
max time kernel
105s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
27-07-2022 17:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://1lu0-udjf1k-kkm9.utah.edu.acrssd.org/#.aHR0cHM6Ly9zdG9yYWdlYXBpLmZsZWVrLmNvLzg1ZWM5MTA2LTkzYTQtNDhkYS05ZmU2LWNkMzc5NjYxMGY1ZC1idWNrZXQvZXdmd2RmZWZld2Zld2Zld2Z3Lmh0bWwjbGF1cmllLm1lY2hhbUB1dGFoLmVkdQ
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
http://1lu0-udjf1k-kkm9.utah.edu.acrssd.org/#.aHR0cHM6Ly9zdG9yYWdlYXBpLmZsZWVrLmNvLzg1ZWM5MTA2LTkzYTQtNDhkYS05ZmU2LWNkMzc5NjYxMGY1ZC1idWNrZXQvZXdmd2RmZWZld2Zld2Zld2Z3Lmh0bWwjbGF1cmllLm1lY2hhbUB1dGFoLmVkdQ
Resource
win10v2004-20220721-en
General
-
Target
http://1lu0-udjf1k-kkm9.utah.edu.acrssd.org/#.aHR0cHM6Ly9zdG9yYWdlYXBpLmZsZWVrLmNvLzg1ZWM5MTA2LTkzYTQtNDhkYS05ZmU2LWNkMzc5NjYxMGY1ZC1idWNrZXQvZXdmd2RmZWZld2Zld2Zld2Z3Lmh0bWwjbGF1cmllLm1lY2hhbUB1dGFoLmVkdQ
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3130120713" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30974444" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "365714056" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E627A864-0DDF-11ED-BFB6-726F482620DF} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30974444" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0081b9bbeca1d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b1c7bbeca1d801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3130120713" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30974444" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3140902985" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecbea742cdd51744a22318f0bb77b68200000000020000000000106600000001000020000000fe83874a8030736d371279a14c495b24241614be50dfab02a516aa78876eaad3000000000e8000000002000020000000022c5da4b28fe78ea3d9a98e7fabeafe80ef456747b6944d2906239f0bf0e27220000000888530cbf42da6b00c2b759c35378d0abdb14e4a602b043819f47ddecdc335ba400000003ede706329d2792fce17bda092961a0ede463d985d9c91f76180c583e497f45ca7351fa981d88050ee4d828984a7ffe7705eaec04b77e4edf6ea89216efcc4a7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecbea742cdd51744a22318f0bb77b682000000000200000000001066000000010000200000008718bab11ee022fa4fdd5e95183cc33617116ce5adb45ad01f78393b0dede166000000000e800000000200002000000062cbb8488c25a8e43417eb1557df6a0c47102cdaa8db0426183c88fb69a6b48f20000000ced75a55f485f91a7946bd15420ef7db8c7ed4e19174b35c9731a8a2e4def8d84000000026d4681f989518818db097f0b1d9e12b9d07b57d9e79afe29c02bc86f51a400e4a3dbb3faf200bc05c008a8a721c5cc6b3ef225f1699ed0484057f7f03e6f3c0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 2844 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2844 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2844 iexplore.exe 2844 iexplore.exe 2440 IEXPLORE.EXE 2440 IEXPLORE.EXE 2440 IEXPLORE.EXE 2440 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 2844 wrote to memory of 2440 2844 iexplore.exe IEXPLORE.EXE PID 2844 wrote to memory of 2440 2844 iexplore.exe IEXPLORE.EXE PID 2844 wrote to memory of 2440 2844 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://1lu0-udjf1k-kkm9.utah.edu.acrssd.org/#.aHR0cHM6Ly9zdG9yYWdlYXBpLmZsZWVrLmNvLzg1ZWM5MTA2LTkzYTQtNDhkYS05ZmU2LWNkMzc5NjYxMGY1ZC1idWNrZXQvZXdmd2RmZWZld2Zld2Zld2Z3Lmh0bWwjbGF1cmllLm1lY2hhbUB1dGFoLmVkdQ1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx