Analysis
-
max time kernel
61s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21-09-2022 09:03
Static task
static1
Behavioral task
behavioral1
Sample
0PSv-K6S.html
Resource
win7-20220812-en
windows7-x64
5 signatures
60 seconds
Behavioral task
behavioral2
Sample
0PSv-K6S.html
Resource
win10v2004-20220812-en
windows10-2004-x64
4 signatures
60 seconds
General
-
Target
0PSv-K6S.html
-
Size
821B
-
MD5
994262b501985e88257b9a1b0a422c14
-
SHA1
5c5c67d529c0365ebe2790145fb284e80acdcad1
-
SHA256
b805707ca31ad1fdf86038931ab8aa8b2ef7665661a2eabc7f2b2441e1d17357
-
SHA512
3329e6f1deac06bb505ec19351395ec70074c82b243cd0b77d474fcf6dd1ae13237a3fd034f45d317451872c3937a3ae4d1b1c47ba0537d192c3d80505fed637
Score
1/10
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09071061-399D-11ED-9C90-C6457FCBF3CF} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c01277e6a9cdd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d3b98f5693c0d24b85f349229339c59c000000000200000000001066000000010000200000007c11903082dbe2e457e311de444a53f03332ba76e4e411b2edc52174f04d71b9000000000e8000000002000020000000fe16fd7f77b0cc70674c2352dfafd0cbe70cc92d821c5e46d310b0c5d46efea02000000059f23ca9989edcea72fe08780e8478753d28608bebdf139d02d4f2a6419f854a40000000142510fa4bcdf1396bafcef255b3c1212cf95e1f570ac1c4ab07869e688d6759afa831c785c1c098ab5dd93f6259769afbb8e2f971fcb98c3835c4dea3df411f iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d3b98f5693c0d24b85f349229339c59c00000000020000000000106600000001000020000000834b98ec8a016fd5a0e1a19afd3759a5275dcd91b52bd1f436a5789c46e86aaf000000000e80000000020000200000004b3c8796be82a3de01385fcd0f2b0661fe3f556ba043ea6a37b849c2b544892090000000c3952d2cf2af925344c6b1d99a3d7c7f3eeef94dc562fd84cffb4a799f149d5801c8e8956ce4168df3d37dbe211e73f7c1ea7599eeacb0579cb04c24ad8bff5b8d445cd62ec3cf7191eabc45fe505443478d71997333f93b9e9cd32843dee063b906e821de3f514bddd3342341e5e953cc28f7252af0aedeea2e767a341e5cee26fc73e550fd935594a7e288650e9a8f40000000c365fbc903640103ae925fd7861915edb3eff58731d48131981d18d56af90f9f54f731979f672e6c2b0b069ca991f41493391393a66930575804bc05f2564f10 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1532 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 784 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 784 iexplore.exe 784 iexplore.exe 1532 IEXPLORE.EXE 1532 IEXPLORE.EXE 1532 IEXPLORE.EXE 1532 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 784 wrote to memory of 1532 784 iexplore.exe 27 PID 784 wrote to memory of 1532 784 iexplore.exe 27 PID 784 wrote to memory of 1532 784 iexplore.exe 27 PID 784 wrote to memory of 1532 784 iexplore.exe 27
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0PSv-K6S.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:784 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:784 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1532
-