Analysis
-
max time kernel
131s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 09:31
Static task
static1
Behavioral task
behavioral1
Sample
23ae885a7c4a3c1c47c9aa7623134a64151ea0905ebad70693217f79127716c8.html
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
23ae885a7c4a3c1c47c9aa7623134a64151ea0905ebad70693217f79127716c8.html
Resource
win10v2004-20220812-en
General
-
Target
23ae885a7c4a3c1c47c9aa7623134a64151ea0905ebad70693217f79127716c8.html
-
Size
7KB
-
MD5
115b16a7715d4727b822075552674be8
-
SHA1
7c9465fdd9cc779f8243919bc30af0e6358a2a46
-
SHA256
23ae885a7c4a3c1c47c9aa7623134a64151ea0905ebad70693217f79127716c8
-
SHA512
ac19462549e6e99f52b6c5a1f01fb2dc57438aeb048f797e9f2e49edf7cb84a0e45a238b2a646138b0d48dd503eeef3af86ab33cb6fc10b4aec51ab4293ab948
-
SSDEEP
192:BJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLc:TSGabMPvLddLXuSwSTLdlLXugfo2Kac
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375965134" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001accc879baf2b540b062c8b0b139bacc000000000200000000001066000000010000200000004579d7c07756f94117fe72e081dd062c6c9ae4d9410d4bdb0b0722134a70f0be000000000e80000000020000200000003460204ac21df12d2e7b5728b3ac9d7bdedd5ffe23dcc59e6c90d85086d349e3900000009ea36f291d1b10f8d5d2853e6e6b1b0d7a119272ab015029ad99cf56cd0e3b693648494d7a2df13b6ed13ad8106dea32fcf423bcfd96de443440c9f71c0b60d85308131963fc08c0db6a112779edb818c1772179a9a632a2536d7ab2089b8484169e5f28843969048c88b2400bd2ba6875016edcdec2b7cf76b0083a9214880caedb690513ffd519618155214e1c17874000000089af21ceff460cfe3bd1ee4ef294e47080d3be39b333d6bc33f64fa751fdcd751d4f08147ff024f7db142905cd9168b85e21303b85efd549016ab640b1e870b1 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{860C3771-6B1B-11ED-84FB-6AB3F8C7EA51} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001accc879baf2b540b062c8b0b139bacc00000000020000000000106600000001000020000000b445885cb7c5c05ef4d84b3b96418e0ba2a57c2504c6eaa6a810254fd5349a7a000000000e80000000020000200000007508e45ef7a560e1ca7f2632ab13d0b6a07ee596f45eaf60ae663a604450ea9c2000000013dd9e4b722fe3a7f0d0a9beede43579004e5299e86bd9667b7993ccda9ca803400000003b504ba044234b99a7e9e05f94a77653d2ba50298a0c08249a3d4ab25b2114afa63ef44aadae2dad63d4e324a534de3a10591af904f72b5343cad48c69226d1a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8028b85b28ffd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1672 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1672 iexplore.exe 1672 iexplore.exe 1644 IEXPLORE.EXE 1644 IEXPLORE.EXE 1644 IEXPLORE.EXE 1644 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 1672 wrote to memory of 1644 1672 iexplore.exe IEXPLORE.EXE PID 1672 wrote to memory of 1644 1672 iexplore.exe IEXPLORE.EXE PID 1672 wrote to memory of 1644 1672 iexplore.exe IEXPLORE.EXE PID 1672 wrote to memory of 1644 1672 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\23ae885a7c4a3c1c47c9aa7623134a64151ea0905ebad70693217f79127716c8.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1644
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608B
MD5cc6e157c9332889c0854c62cfe1a53eb
SHA129fc3eb27e9b90cf647a2276bbeb86ca71871429
SHA256122296f8088cbf6c82569f1c7b26fd12102cf50035f75b69490cae0a79019bdf
SHA5121777171fd6c45f2fa50d62a1a5db0959281583d48526da2bea19c26a92cdb8293abd33550523d063ccfae8c441efe312ae97931a05fb9820f01091d90afb5ade