Analysis
-
max time kernel
150s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 09:09
Static task
static1
Behavioral task
behavioral1
Sample
f39618ed9da4e76b29f8987d5b562c78d1779b517a0dea05b6ab488c611338ab.html
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f39618ed9da4e76b29f8987d5b562c78d1779b517a0dea05b6ab488c611338ab.html
Resource
win10v2004-20221111-en
General
-
Target
f39618ed9da4e76b29f8987d5b562c78d1779b517a0dea05b6ab488c611338ab.html
-
Size
7KB
-
MD5
b8387a81412d196fb2d818a02d46ad97
-
SHA1
6a59df7d13815fc00cda2213e7effff011da8efa
-
SHA256
f39618ed9da4e76b29f8987d5b562c78d1779b517a0dea05b6ab488c611338ab
-
SHA512
7b6c6b952b15ca6ca4c1ba63971576e9591294b683ce3119d8e1b445563bca026a3189af10d26342cd1de160841e14eb68a91a6627772e86b5c07963f100384f
-
SSDEEP
192:fJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLt:BSGabMPvLddLXuSwSTLdlLXugfo2Kat
Malware Config
Signatures
-
Processes:
iexplore.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "269775130" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30998308" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "269775130" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{53171797-6B17-11ED-BF5F-5EDCA19B148A}.dat = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{53171795-6B17-11ED-BF5F-5EDCA19B148A} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30998308" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
iexplore.exepid process 4288 iexplore.exe 4288 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 4288 wrote to memory of 2264 4288 iexplore.exe IEXPLORE.EXE PID 4288 wrote to memory of 2264 4288 iexplore.exe IEXPLORE.EXE PID 4288 wrote to memory of 2264 4288 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f39618ed9da4e76b29f8987d5b562c78d1779b517a0dea05b6ab488c611338ab.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4288 CREDAT:17410 /prefetch:22⤵