Overview
overview
8Static
static
WMV_[WWW.D...K5.exe
windows7-x64
8WMV_[WWW.D...K5.exe
windows10-2004-x64
8IE2EM.dll
windows7-x64
1IE2EM.dll
windows10-2004-x64
1config/antiLeech.dll
windows7-x64
1config/antiLeech.dll
windows10-2004-x64
1config/cou...ag.dll
windows7-x64
1config/cou...ag.dll
windows10-2004-x64
1eMule.js
windows7-x64
1eMule.js
windows10-2004-x64
1eMule32.exe
windows7-x64
1eMule32.exe
windows10-2004-x64
1eMuleObject.exe
windows7-x64
1eMuleObject.exe
windows10-2004-x64
1eMule_Chicane.js
windows7-x64
1eMule_Chicane.js
windows10-2004-x64
1ed2k.html
windows7-x64
1ed2k.html
windows10-2004-x64
1lang/zh_CN.dll
windows7-x64
1lang/zh_CN.dll
windows10-2004-x64
1lang/zh_TW.dll
windows7-x64
1lang/zh_TW.dll
windows10-2004-x64
1Analysis
-
max time kernel
136s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19-09-2022 04:29
Static task
static1
Behavioral task
behavioral1
Sample
WMV_[WWW.DSESE666.NET]_HONGKONG_3296492365FH78FG6GK5.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
WMV_[WWW.DSESE666.NET]_HONGKONG_3296492365FH78FG6GK5.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
IE2EM.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
IE2EM.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
config/antiLeech.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
config/antiLeech.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
config/countryflag.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral8
Sample
config/countryflag.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
eMule.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
eMule.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
eMule32.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
eMule32.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
eMuleObject.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
eMuleObject.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
eMule_Chicane.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
eMule_Chicane.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
ed2k.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
ed2k.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
lang/zh_CN.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
lang/zh_CN.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
lang/zh_TW.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
lang/zh_TW.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
ed2k.html
-
Size
5KB
-
MD5
47191e2d4ac71305c29b07a5305f5495
-
SHA1
b01f3fd634f54f9b73e2959f83cab79f5ecd1a9f
-
SHA256
ff9fff6607207433fc9a4109c25b37ab510180fabc1927e8e77219ee3529eebd
-
SHA512
96d8c7d59d953b2aca52eca9082e50e2cbdae810362abe016ca6a1fd597ae0cf73fd0b0816e5055434e73ef401f75650a132e30b9d9a99112271655844fb51c0
-
SSDEEP
96:HIbUQoZEix0nW+lijlpTWn8vjvAqg/u4UTWYVgI3kwTkdNG7u0WKP6P9JN7GHuva:HIHQ9x0F6pTWncAq/WYVLQmJ36cuvX07
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30985215" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000883ed98174fc174d8e18111dae0d912000000000020000000000106600000001000020000000d55a289ca57e37d994cdffa078ea4d2ef54cb8cc37c774ad09da1af66c0a6b81000000000e800000000200002000000008a6802e7cceddf685b7dd9ceb5d84526effc43bb76929b72a8e6b4ea1299dc1200000009ea69e879b7b2aef902387f8f2a5cf2c46d26105d046f8ff73cbdfce7466808c40000000895757fa686a0bc9f48b5a5067499f19886fa797200bec86852283652beaeeaa008491cd08a28fc6cf9a3d5476c55fb978ab0edee4bb7146ebe6f2c08a68bab2 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e44773ffcbd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30985215" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000883ed98174fc174d8e18111dae0d91200000000002000000000010660000000100002000000027afab8e7e3cfc39b48399b6ae629d4620353ca9e2b9b611913dcd64a71282bc000000000e800000000200002000000078ee1500356f6b9bd54e72a0fc8f8c57014ac342f61d9f59dc8af3a293e2a5df200000006214026787d5a00ea7ad667698a5f4cc6424ff48406415b4966497b550755e8d4000000071127f922af06622a72ec6076db71645ec0c09d0e808f1ae12f3974c15b57cc07fa2c17a0a876659217d7dcca8f5807625d5f91fa720fd8010c41f25b06dfa8a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 506d8472ffcbd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1777693163" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "370340026" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1603474455" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{897EC454-37F2-11ED-AECB-F639923F7CA1} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1603474455" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30985215" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2868 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2868 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2868 iexplore.exe 2868 iexplore.exe 4908 IEXPLORE.EXE 4908 IEXPLORE.EXE 4908 IEXPLORE.EXE 4908 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2868 wrote to memory of 4908 2868 iexplore.exe 79 PID 2868 wrote to memory of 4908 2868 iexplore.exe 79 PID 2868 wrote to memory of 4908 2868 iexplore.exe 79
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ed2k.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4908
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD51520b1f0e8660cc8553264ce46871efd
SHA170c43f2c0b7599f782461590f8e1650a2df5dbfe
SHA2568bb8dd5446da57093db31c10b4093a2378a9324f137d3eaa21ab0027e191c09e
SHA5126ad8d5f620738988286981654070c9a4e2542f629f4e5245381143a2a88c98922145759ff8d90546e1a617639a7dd335ddca4aba5435fb216c01c705bc4f0be0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD51aba87d1cb525dda3cb4718234194d41
SHA1292b96523efb5bd7e3428291b9847a9a7de24d46
SHA2562536545f7711e8704a2be0055b1908afea362ac5ef5d690abf010e2adf857822
SHA512c98b6b1838ac7779b4dcf8debff78c995cd901e16b1d6f8dcc0693811938510f495ab99e8c2117375e75760234c524afbf68701c5ad7453b2898a413656bd820