Overview
overview
1Static
static
20220925 -...�.html
windows7-x64
120220925 -...�.html
windows10-2004-x64
120220925 -...b12.js
windows7-x64
120220925 -...b12.js
windows10-2004-x64
120220925 -...bcb.js
windows7-x64
120220925 -...bcb.js
windows10-2004-x64
120220925 -...min.js
windows7-x64
120220925 -...min.js
windows10-2004-x64
120220925 -...�.html
windows7-x64
120220925 -...�.html
windows10-2004-x64
120220925 -...d27.js
windows7-x64
120220925 -...d27.js
windows10-2004-x64
120220925 -...bdf.js
windows7-x64
120220925 -...bdf.js
windows10-2004-x64
120220925 -...787.js
windows7-x64
120220925 -...787.js
windows10-2004-x64
120220925 -...f0e.js
windows7-x64
120220925 -...f0e.js
windows10-2004-x64
120220925 -...c5b.js
windows7-x64
120220925 -...c5b.js
windows10-2004-x64
120220925 -...bc9.js
windows7-x64
120220925 -...bc9.js
windows10-2004-x64
120220925 -...45b.js
windows7-x64
120220925 -...45b.js
windows10-2004-x64
120220925 -...b74.js
windows7-x64
120220925 -...b74.js
windows10-2004-x64
120220925 -...f33.js
windows7-x64
120220925 -...f33.js
windows10-2004-x64
120220925 -...eb0.js
windows7-x64
120220925 -...eb0.js
windows10-2004-x64
120220925 -...265.js
windows7-x64
120220925 -...265.js
windows10-2004-x64
1Analysis
-
max time kernel
181s -
max time network
203s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25/09/2022, 15:21
Static task
static1
Behavioral task
behavioral1
Sample
20220925 - 检查2_2/美军网络安全 _ 开篇:JIE(联合信息环境)概述.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
20220925 - 检查2_2/美军网络安全 _ 开篇:JIE(联合信息环境)概述.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
20220925 - 检查2_2/美军网络安全 _ 开篇:JIE(联合信息环境)概述_files/appmsg.l8e0wfp7002b2b12.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
20220925 - 检查2_2/美军网络安全 _ 开篇:JIE(联合信息环境)概述_files/appmsg.l8e0wfp7002b2b12.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
20220925 - 检查2_2/美军网络安全 _ 开篇:JIE(联合信息环境)概述_files/polyfills-legacy.f6b70bcb.js
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral6
Sample
20220925 - 检查2_2/美军网络安全 _ 开篇:JIE(联合信息环境)概述_files/polyfills-legacy.f6b70bcb.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
20220925 - 检查2_2/美军网络安全 _ 开篇:JIE(联合信息环境)概述_files/weui.min.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
20220925 - 检查2_2/美军网络安全 _ 开篇:JIE(联合信息环境)概述_files/weui.min.js
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/aging-tools-c67ce70d27.js
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral12
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/aging-tools-c67ce70d27.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/aging-tools-pc-1e5afe8bdf.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/aging-tools-pc-1e5afe8bdf.js
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/all_async_search_142d787.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/all_async_search_142d787.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/bzPopper_7bc4f0e.js
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral18
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/bzPopper_7bc4f0e.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/cd37ed75a9387c5b.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral20
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/cd37ed75a9387c5b.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/compatible_ipad_input_6f6bbc9.js
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral22
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/compatible_ipad_input_6f6bbc9.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/content-info-b0c0e5245b.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral24
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/content-info-b0c0e5245b.js
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/core_26c4b74.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/core_26c4b74.js
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/enhance_16f8f33.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral28
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/enhance_16f8f33.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/enhance_f636eb0.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/enhance_f636eb0.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/es6-polyfill_5103265.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索_files/es6-polyfill_5103265.js
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
20220925 - 检查2_2/美军网络安全 开篇 JIE 概述_百度搜索.html
-
Size
808KB
-
MD5
258a14654092cda3afdf55f4a204fd2b
-
SHA1
d8759eac807e2e71e61f1b9a9a34e1dd8123504f
-
SHA256
ac6175574c6bc5b5415ebd1f5c707130a522ae04e28434350b22921809e35da7
-
SHA512
8981960533f03a0217edd4210e9f8fb407810248d1c1f3aa59dd1868c3c84033bcabe38e1855cbf3bf8742cc2a50d2b4f9cb2cef9f645917c53e55e251e0fa7e
-
SSDEEP
12288:rAPUnYDaatiDTyTNv7FC1kdQeYDsa7iDTyTNv7FeGYMSX8qG:oiDTyTNv7F+iDTyTNv7FDZ
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0bd1c8503d1d801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "370891507" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f3d159765a7f43b6bf060b4b70c9a3000000000200000000001066000000010000200000006cfb68eadb6e3381d769827d0aaa318425add96b64bbf7644060ee0bcc78c9ae000000000e80000000020000200000000430e82eb359544230947566c04afae26d63261721de01737fa892ea804e67f32000000069a057fb80fb509921461129e8981d77f99b0625173d727271fb45f8c8f7087040000000e5f55b6c3e65e72a95e7b3598ce913d732961884ef2ed80f0e1cd0a61814320b60bbcbb8b983dac3c5dc5669872393758d16e9c0656c31c082dbbbe19394dd48 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f3d159765a7f43b6bf060b4b70c9a300000000020000000000106600000001000020000000883cf712b96bc7111533abf514b2ca6848dcdc7422db898a30358e17d0a7d99f000000000e8000000002000020000000c8d373b936200854e7944059200c69d83807733cbe32ef912c50f2393e45cbaf9000000012911d9ab2e82842bcf90627a731f40a080bd9236b625b3c2ad6556d83ecae569b22ba5c01ff2146c33f619d945b623075404638e1f69e57767b8e005bb152acc627d6cc955954172c5a755539273ae891ded217d7156fa028497329a1761cfabe689e00e0e840d5b0e300c0c46423a551bf153492c4e30dc88b12fa6508b5d7ab823642763a31aa29aa2d5b7e82ad05400000004ce479525cc4a7947ea59fac0f7806791333e593df8e96cbb92bfd4930763565bc3cddecabc0731b9bff590dc68c1a2e5ea9a6f9349ad69bdc6f2e5e9a362422 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{970CF6C1-3CF6-11ED-8DB1-7A3897842414} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1320 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1320 iexplore.exe 1320 iexplore.exe 1348 IEXPLORE.EXE 1348 IEXPLORE.EXE 1348 IEXPLORE.EXE 1348 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1320 wrote to memory of 1348 1320 iexplore.exe 29 PID 1320 wrote to memory of 1348 1320 iexplore.exe 29 PID 1320 wrote to memory of 1348 1320 iexplore.exe 29 PID 1320 wrote to memory of 1348 1320 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\20220925 - 检查2_2\美军网络安全 开篇 JIE 概述_百度搜索.html"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1320 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1320 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1348
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize340B
MD5f303ecb0141c3c4bf20e1f8785785635
SHA1e6f597c80f01ea34c8fe2ec82b9a56d782764dcb
SHA2560fc816b4b14ec284de0d0fcfec029c64ee90ba250e6a12739b34c0827bca9801
SHA5125847e2295a883f6f5b623a8fef40b964085ef4c688cdd6401baa30aa337ae94eacad0de902f791232b78a81d1af22fa321ff248e6ec64ad0dfdba84ec8077364
-
Filesize
608B
MD539e34d5662588e6a844ae32c87b76ce3
SHA189933b21d37934deef5c611d85215945502662a5
SHA25632615a9d4b5d47d3adb3eb021ff2e40d07ad8ab2844c6e38094bfe7dc51e75fc
SHA512511305f48825cd11f11088fc5d9404745e7b658f04c4dc8bc78fdc8d0023fcc3bd8c12cca9db70072118e86a36e59bd14a515f17f2229a175ee336477b66a4e4