Overview
overview
10Static
static
10Applied In...g).zip
windows7-x64
1Applied In...g).zip
windows10-2004-x64
1OPS/b01.html
windows7-x64
1OPS/b01.html
windows10-2004-x64
1OPS/c01.html
windows7-x64
1OPS/c01.html
windows10-2004-x64
1OPS/c02.html
windows7-x64
1OPS/c02.html
windows10-2004-x64
1OPS/c03.html
windows7-x64
1OPS/c03.html
windows10-2004-x64
1OPS/c04.html
windows7-x64
1OPS/c04.html
windows10-2004-x64
1OPS/c05.html
windows7-x64
1OPS/c05.html
windows10-2004-x64
1OPS/c06.html
windows7-x64
1OPS/c06.html
windows10-2004-x64
1OPS/c07.html
windows7-x64
1OPS/c07.html
windows10-2004-x64
1OPS/c08.html
windows7-x64
1OPS/c08.html
windows10-2004-x64
1OPS/c09.html
windows7-x64
1OPS/c09.html
windows10-2004-x64
1OPS/c10.html
windows7-x64
1OPS/c10.html
windows10-2004-x64
1OPS/c11.html
windows7-x64
1OPS/c11.html
windows10-2004-x64
1OPS/c12.html
windows7-x64
1OPS/c12.html
windows10-2004-x64
1OPS/c13.html
windows7-x64
1OPS/c13.html
windows10-2004-x64
1OPS/c14.html
windows7-x64
1OPS/c14.html
windows10-2004-x64
1Analysis
-
max time kernel
162s -
max time network
198s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
07-09-2022 11:46
Behavioral task
behavioral1
Sample
Applied Incident Response (Steve Anson) (z-lib.org).zip
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
Applied Incident Response (Steve Anson) (z-lib.org).zip
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
OPS/b01.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
OPS/b01.html
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
OPS/c01.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
OPS/c01.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
OPS/c02.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
OPS/c02.html
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
OPS/c03.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
OPS/c03.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
OPS/c04.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
OPS/c04.html
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
OPS/c05.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
OPS/c05.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
OPS/c06.html
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral16
Sample
OPS/c06.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
OPS/c07.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
OPS/c07.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
OPS/c08.html
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
OPS/c08.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
OPS/c09.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
OPS/c09.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
OPS/c10.html
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral24
Sample
OPS/c10.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
OPS/c11.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
OPS/c11.html
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
OPS/c12.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral28
Sample
OPS/c12.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
OPS/c13.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
OPS/c13.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
OPS/c14.html
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral32
Sample
OPS/c14.html
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
OPS/c10.html
-
Size
84KB
-
MD5
d975156624d0a30165a93b2d11220d49
-
SHA1
55fa291309b5f1c04b29a668f057a01382b57aa7
-
SHA256
eec46c62e15ea57be6f77c2fd1a998c9bd396cba5d8e9b2ce965154dd81b9797
-
SHA512
bbd0bd95c3e7dcf4625464551b5c18eee3cf5605a7e4b94e013504a9e7e98ffbd697dbefe6a4e302a1599f58170458f6f9d21375dd6b3c5732351ca43f4d17fc
-
SSDEEP
1536:uJwNqUQRLDm3qCOzYyPtLCXc3O0CIm9oaPV5q64L:u2NtQRvm3qCWYyVLf3uIm9oaPVE64L
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FBC51411-2EA2-11ED-BE8B-FAA138970F28} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048ca5449a4d21846ba8a995ea0abd35a000000000200000000001066000000010000200000000518225864928156fbe04bdd3ea1a2d2721cca16a4454e5a4b8e0e5122215036000000000e8000000002000020000000a863a23a94e6326af922982c1dc2df3ca53b64eda9b1401c52fcef7fd12f76e5900000003b090e922699da658e86eb664536f76a9f2d885071b91c4f0f5a4c0f1ef4f16ed392e5f20ad67a23da23a9cdb1c044e3d0fa049ffbdc786bab252b1017d466c1df528606abd289640d2e7319cdf80900a39b68cc67c3eb147f2f2712fd9779f2ba7546688e1acdf41b9df4f8e57cce10b3c180c15a22d7b34d6c56f3d9e2739e63e59ed5d9d93eb68828a00536caa9f740000000d41b452e09a8a59289aeaeea8f6c4ea07b3cc03c8acb8966b2051c7384c5fe6689f4539ecbb822ba09e827b80295fedb906bf61ace28ac19258c81026feea441 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e6a4d1afc2d801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048ca5449a4d21846ba8a995ea0abd35a000000000200000000001066000000010000200000001dd9c19a9994096ba438404246c41f6eace495862fc3ce633519f18571e168b9000000000e80000000020000200000007dccc603364b82aa13bcdf57da92a29efb1a21d7629c88b4c75c81f94bb3fc4420000000a641265113f3fc914fa1fe10e30aca932a1886566f0b9461437df8e10e6608024000000055e9470c284b1f5506c8bf07935702789997c3534e1325e726b379b5a58df0df2a0f8f6a086f849aab31f47e5230bbe19a4ce6b7cf9903eb13806cf56cd0bc17 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "369316288" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1252 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1252 iexplore.exe 1252 iexplore.exe 1748 IEXPLORE.EXE 1748 IEXPLORE.EXE 1748 IEXPLORE.EXE 1748 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1252 wrote to memory of 1748 1252 iexplore.exe 28 PID 1252 wrote to memory of 1748 1252 iexplore.exe 28 PID 1252 wrote to memory of 1748 1252 iexplore.exe 28 PID 1252 wrote to memory of 1748 1252 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\OPS\c10.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1252 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1748
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608B
MD5e5e60f1f07bb70bf0ae6511ce602c12b
SHA1290b474a57ea4a1622c3303ca8e0d3ed005f6e86
SHA2565107015fc1aadde89b8545c7ae77ef35a2706b9f668a408182dc994de4729f8e
SHA5122120ef0478356de40c65ea24fb409633589cd8da69f0f75c2e34d73ffdb4969a432651f832e3eb81baa1c83bf9694fc9b27a9109105f188014a6a3d97f5200a6