Analysis
-
max time kernel
152s -
max time network
195s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 09:27
Static task
static1
Behavioral task
behavioral1
Sample
4ad842308d1287cb9f34f271b3f7cc060637a5e17e5bd498515f024fcc029b6b.html
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4ad842308d1287cb9f34f271b3f7cc060637a5e17e5bd498515f024fcc029b6b.html
Resource
win10v2004-20221111-en
General
-
Target
4ad842308d1287cb9f34f271b3f7cc060637a5e17e5bd498515f024fcc029b6b.html
-
Size
7KB
-
MD5
b6f001c703891537211bcc0797051e40
-
SHA1
3738f102992f6f5e0dda7a07037fc379aacdb839
-
SHA256
4ad842308d1287cb9f34f271b3f7cc060637a5e17e5bd498515f024fcc029b6b
-
SHA512
2e62c508d75ddedd06e2552c32ecff598446ed2180727cdf2fe96dac286d123e9c31bed66caf22a251b88848f0272cfd40cacd72803cf0ae3403790fa03d358e
-
SSDEEP
192:DJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLr:VSGabMPvLddLXuSwSTLdlLXugfo2Kar
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C1863033-6B1A-11ED-BF5F-DAD30C974647}.dat = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C1863031-6B1A-11ED-BF5F-DAD30C974647} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
iexplore.exepid process 2088 iexplore.exe 2088 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 2088 wrote to memory of 864 2088 iexplore.exe IEXPLORE.EXE PID 2088 wrote to memory of 864 2088 iexplore.exe IEXPLORE.EXE PID 2088 wrote to memory of 864 2088 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4ad842308d1287cb9f34f271b3f7cc060637a5e17e5bd498515f024fcc029b6b.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
PID:864