Analysis
-
max time kernel
305s -
max time network
309s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
21/09/2022, 22:16
Static task
static1
Behavioral task
behavioral1
Sample
63b8479bd76dda6d8319bfe64fc22f157ee81a659452fa027ba18b96322eca90.html
Resource
win7-20220812-en
windows7-x64
5 signatures
300 seconds
Behavioral task
behavioral2
Sample
63b8479bd76dda6d8319bfe64fc22f157ee81a659452fa027ba18b96322eca90.html
Resource
win10-20220812-en
windows10-1703-x64
6 signatures
300 seconds
General
-
Target
63b8479bd76dda6d8319bfe64fc22f157ee81a659452fa027ba18b96322eca90.html
-
Size
609KB
-
MD5
86e1e8453d6de39c66bc68d1aeec1243
-
SHA1
8c96c704c8637633262bb6642ee6a65fe3c66871
-
SHA256
63b8479bd76dda6d8319bfe64fc22f157ee81a659452fa027ba18b96322eca90
-
SHA512
d4259583e2d493c635b48359b978d22f7e90477d04f3c00de5c4a4628f27d314228fcebc0e98677ff67bb86bc0c73c59e991b8a5dc61eacd4aa37973264f4306
-
SSDEEP
3072:0ClpGTetRqXgwRsviV1ytjVswRuzl84NebWCUkPDlJtLn6CVhJc7MwaMyFeqmqDb:0ClpGTCRqXtRgRQcSvLF2RPthZpWMH
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7091e3a918ced801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2941202843" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "370570775" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "370619360" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30985752" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000012068ee23372fe41af7eabde7907acf00000000002000000000010660000000100002000000049a970f60f3a28363b1e1399f9309049fa3776f1916137be90ffe3b6a1e67680000000000e8000000002000020000000a88c85c89d2a8c5554fd808cb1c6945307acff52b17e00026bf4030ec7d7d8c120000000b348de689bd6113e6fd121eb81565c04e28af8d69a2d9b2d3a132547e8d7478d4000000076ad823bc84d5dfbecad7548f8050bde24b007c3023693876ec7c4074e2da9762503dbbbacd215756932f8a27b603c6812ea12121108b178590344ce32e07454 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2941202843" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEBE499E-3A0B-11ED-A7A3-FA105A7C9F51} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000012068ee23372fe41af7eabde7907acf0000000000200000000001066000000010000200000009e9f12bec06fdaad3689de797afa4eaecaad36fead73cd60f928588801c2dc45000000000e8000000002000020000000488313bec7e96c37b24ceba1c7bdacd069cfe80de33e452c2c5dc0b6765f0f982000000051c472a00e7e3a2e0ac710f04f00154f1d3db2569edd057dd16b0dd71dc6d086400000007da36a428a316075e8d12cb5294f1561d245e0d15f3130ab0825c51b74878098542d16ec20884fe7e6d21bad6cd08ed95a4e0478708f5fcddabaaa2b5ed5bc10 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "370587369" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40c2f1a918ced801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30985752" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2684 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2684 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2684 iexplore.exe 2684 iexplore.exe 3772 IEXPLORE.EXE 3772 IEXPLORE.EXE 3772 IEXPLORE.EXE 3772 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2684 wrote to memory of 3772 2684 iexplore.exe 66 PID 2684 wrote to memory of 3772 2684 iexplore.exe 66 PID 2684 wrote to memory of 3772 2684 iexplore.exe 66
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63b8479bd76dda6d8319bfe64fc22f157ee81a659452fa027ba18b96322eca90.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3772
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
615B
MD5a473f241c295433b3df64dee3cf109ee
SHA1c321dc2c92cfbaa5f3e035e5f096d798cad69d40
SHA256444116d6d5c992886a0c37a01763fbcd3a1d9fb374d468985c475fc169acba85
SHA512b4f4449b5758f77e412212fd6d2e08c851aeefbb9a2b6770cca49a1342668424df86b267f5745013a854030769ec3250e884f1e09b9a428a0c96a5e678154b34
-
Filesize
614B
MD5862c79eac98f0b8a3b5c002bbf4188b0
SHA1274579b32b9e7657b35633705fd2d4aa40084026
SHA25687147eeae0a10783d6cda8900c96801e6f4b02e3517e95a11e547a1b8ddc1cce
SHA5122cb0c822f277e317fbed02ad9e8438200d853fe9c0a4a1b61bf77a2ad90a5274ca4be8ce3c090c772877d0c7c36412fc7b327067476f0f3540defda2a9726e57