Analysis
-
max time kernel
246s -
max time network
303s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 09:34
Static task
static1
Behavioral task
behavioral1
Sample
02b7b99179b309f2796f8ff1273eca5d7e940f017151e8191a99c9b66ce88370.html
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
02b7b99179b309f2796f8ff1273eca5d7e940f017151e8191a99c9b66ce88370.html
Resource
win10v2004-20221111-en
General
-
Target
02b7b99179b309f2796f8ff1273eca5d7e940f017151e8191a99c9b66ce88370.html
-
Size
7KB
-
MD5
7ed93b6610552cede91cc64f09a27e9a
-
SHA1
440f56d12cd7f29e3c0e1b5cfdd3b0c9bed322d5
-
SHA256
02b7b99179b309f2796f8ff1273eca5d7e940f017151e8191a99c9b66ce88370
-
SHA512
02c92242c63e22be840dbe1c9499a031b7f7895f34ee0ca857c917b986301f62dc8c4ab55a06cf0c166801c8da2967a77761386cd5cb6ad52927552f0c14a885
-
SSDEEP
192:1JSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLs:XSGabMPvLddLXuSwSTLdlLXugfo2Kas
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 502ee9bc29ffd801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055e705317208724f818ff84de6ddc69d000000000200000000001066000000010000200000005f6bd2a51113a16d5ac1c56ab4d5a5994aa250f917a593586052b171f33c0b16000000000e80000000020000200000002f063df4a5c5f3ec9623b48b8d859de22fab9080dfe1b62ee93622a82434bcd4200000008aba46a17d79a111d9bdb34ad5bd39050c1a4e20ad2b0ec4c355de51c298b9d94000000039e23bfbe8614b1fbfc3e566e01da29ae7c67d473615ecad2470ab07a5cc96e8ce9695759e892bfd6ca69554f1e70bbb302d725324033c29a65b3183d1bcf5e0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DC5847C0-6B1C-11ED-B5DD-66CD4AA2E676} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1872 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1872 iexplore.exe 1872 iexplore.exe 5044 IEXPLORE.EXE 5044 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 1872 wrote to memory of 5044 1872 iexplore.exe IEXPLORE.EXE PID 1872 wrote to memory of 5044 1872 iexplore.exe IEXPLORE.EXE PID 1872 wrote to memory of 5044 1872 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\02b7b99179b309f2796f8ff1273eca5d7e940f017151e8191a99c9b66ce88370.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1872 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx