Overview
overview
3Static
static
_26FED086E...2.html
windows7-x64
1_26FED086E...2.html
windows10-2004-x64
1_41A9F2838...7E.gif
windows7-x64
1_41A9F2838...7E.gif
windows10-2004-x64
1_44D2A7158...51.gif
windows7-x64
1_44D2A7158...51.gif
windows10-2004-x64
1_478F7B0DE...FE.gif
windows7-x64
1_478F7B0DE...FE.gif
windows10-2004-x64
1_4AC53E452...F5.xml
windows7-x64
1_4AC53E452...F5.xml
windows10-2004-x64
1_5B1FA3360...09.gif
windows7-x64
1_5B1FA3360...09.gif
windows10-2004-x64
1_6CFB3B604...14.gif
windows7-x64
1_6CFB3B604...14.gif
windows10-2004-x64
1_777A5F8A6...30.gif
windows7-x64
1_777A5F8A6...30.gif
windows10-2004-x64
1_CE5482E8E...08.jpg
windows7-x64
3_CE5482E8E...08.jpg
windows10-2004-x64
3_D32A93A0B...3F.jpg
windows7-x64
3_D32A93A0B...3F.jpg
windows10-2004-x64
3_D60D95134...AC.gif
windows7-x64
1_D60D95134...AC.gif
windows10-2004-x64
1_ispmres.dll
windows7-x64
1_ispmres.dll
windows10-2004-x64
1_isusres.dll
windows7-x64
1_isusres.dll
windows10-2004-x64
1agent.exe
windows7-x64
1agent.exe
windows10-2004-x64
1dwusplay.dll
windows7-x64
1dwusplay.dll
windows10-2004-x64
1dwusplay.exe
windows7-x64
1dwusplay.exe
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
01/10/2022, 22:21
Static task
static1
Behavioral task
behavioral1
Sample
_26FED086EE6F476286FE08B8EBEB10E2.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
_26FED086EE6F476286FE08B8EBEB10E2.html
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
_41A9F28384324FDE91E7871F0181B27E.gif
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
_41A9F28384324FDE91E7871F0181B27E.gif
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
_44D2A71587174CBDB18E3449B074D151.gif
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral6
Sample
_44D2A71587174CBDB18E3449B074D151.gif
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
_478F7B0DE6CB4C3D9433AE04DB76FFFE.gif
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
_478F7B0DE6CB4C3D9433AE04DB76FFFE.gif
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
_4AC53E4526F043C487397FB240D97FF5.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
_4AC53E4526F043C487397FB240D97FF5.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
_5B1FA3360FE84FFDB21EB80014410B09.gif
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
_5B1FA3360FE84FFDB21EB80014410B09.gif
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
_6CFB3B60424643FBB8BD1865C7D8E914.gif
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
_6CFB3B60424643FBB8BD1865C7D8E914.gif
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
_777A5F8A6F9848F493C65A5ECB485E30.gif
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
_777A5F8A6F9848F493C65A5ECB485E30.gif
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
_CE5482E8E7C047979604D3B32BF91F08.jpg
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
_CE5482E8E7C047979604D3B32BF91F08.jpg
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
_D32A93A0B5AC4EF5B890A1F372EFB13F.jpg
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral20
Sample
_D32A93A0B5AC4EF5B890A1F372EFB13F.jpg
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
_D60D95134F664F95878A416B8E57A9AC.gif
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
_D60D95134F664F95878A416B8E57A9AC.gif
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
_ispmres.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral24
Sample
_ispmres.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
_isusres.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
_isusres.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
agent.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral28
Sample
agent.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
dwusplay.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral30
Sample
dwusplay.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
dwusplay.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
dwusplay.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
_478F7B0DE6CB4C3D9433AE04DB76FFFE.gif
-
Size
7KB
-
MD5
77f7548c859d335749ff2bdf350aa613
-
SHA1
c2764b9dd05be1c2ec9118e8b6b33240d17ed552
-
SHA256
d03aae703c8dea4980f388fb8d5d9c43ea6e7b3b3345131bd5b6f28cf7fbe8df
-
SHA512
9d36c8563d8a3add3f257a0a208d0d396f46c5d4a3e4bd35c539a8199644ac31e73fa41cc898cfa171bb8f4e91f840a98092732d2e59fd2f3a2d11becef0eb89
-
SSDEEP
192:2JgNFthx3IeqUFSDWxV12ZUK7wzT2g+0bowub:fNFBMUgKxD2Z97wziPXb
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043e2eb2e51ccf149ab640c8bdb0d790600000000020000000000106600000001000020000000a092723e3d566030b335acbf30e8cacea8c2350b81a5270e27df168d1b44288b000000000e8000000002000020000000255bd45af71212c66e0f87b52e46a4fad15945953e2398720296c6b7ce2f28952000000025416de4f521aeff90f0ed24e97de4e7202927d08f20f161e5305e3dd500cc3140000000d9836af4a01da86909419a0f9e791b4814fbfc36b3b7dfa38636f2d609aab66571e38005995e1e9c6fbbf1501b07fd6a80cb9f51f7934bf59cf78b0920059467 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "775931828" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30987765" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "729525745" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30987765" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "729525745" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6088f22ef5d5d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{56F333AA-41E8-11ED-A0EE-DAAB7EF686E7} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30987765" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043e2eb2e51ccf149ab640c8bdb0d79060000000002000000000010660000000100002000000002f0d7ffaccdae4857936028921972c94fd8757e9e0742c5cfe6f9bb0fbfaef5000000000e80000000020000200000000a4305e51f3f32e2269049a89d1e950b2e950df360439242b2b31056b064ab5c20000000b8004d7d07499a86aa750ba79027c08e81300b5ecf610f39b72b8cd6d1dcdcf04000000053c927facd2c364be706d42e273bb174ce1cd203efe9b66e68273f889b49399d4569712a66fd1d9595f010036001b5eb0e253f2096cf2ccc031383cb4f53856c iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c062cc2ef5d5d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "371435145" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1008 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1008 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1008 iexplore.exe 1008 iexplore.exe 4692 IEXPLORE.EXE 4692 IEXPLORE.EXE 4692 IEXPLORE.EXE 4692 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1008 wrote to memory of 4692 1008 iexplore.exe 85 PID 1008 wrote to memory of 4692 1008 iexplore.exe 85 PID 1008 wrote to memory of 4692 1008 iexplore.exe 85
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\_478F7B0DE6CB4C3D9433AE04DB76FFFE.gif1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1008 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4692
-