Overview
overview
3Static
static
ZealotAlli...lp.chm
windows7-x64
1ZealotAlli...lp.chm
windows10-2004-x64
1ZealotAlli....2.dll
windows7-x64
3ZealotAlli....2.dll
windows10-2004-x64
3ZealotAlli....7.dll
windows7-x64
3ZealotAlli....7.dll
windows10-2004-x64
3ZealotAlli....0.dll
windows7-x64
1ZealotAlli....0.dll
windows10-2004-x64
1ZealotAlli...��.exe
windows7-x64
1ZealotAlli...��.exe
windows10-2004-x64
1ZealotAlli...er.exe
windows7-x64
1ZealotAlli...er.exe
windows10-2004-x64
1ZealotAlli...��.htm
windows7-x64
1ZealotAlli...��.htm
windows10-2004-x64
1ZealotAlli...��.url
windows7-x64
1ZealotAlli...��.url
windows10-2004-x64
1ZealotAlli...��.url
windows7-x64
1ZealotAlli...��.url
windows10-2004-x64
1ZealotAlli...��.url
windows7-x64
1ZealotAlli...��.url
windows10-2004-x64
1Analysis
-
max time kernel
125s -
max time network
168s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25/11/2022, 21:48
Static task
static1
Behavioral task
behavioral1
Sample
ZealotAllideoConverter/All Video Converter/Help/Help.chm
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
ZealotAllideoConverter/All Video Converter/Help/Help.chm
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
ZealotAllideoConverter/All Video Converter/libavidd-1.3.2.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral4
Sample
ZealotAllideoConverter/All Video Converter/libavidd-1.3.2.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
ZealotAllideoConverter/All Video Converter/libfilefmt-1.4.7.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
ZealotAllideoConverter/All Video Converter/libfilefmt-1.4.7.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
ZealotAllideoConverter/All Video Converter/libmcl-4.3.0.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
ZealotAllideoConverter/All Video Converter/libmcl-4.3.0.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
ZealotAllideoConverter/All Video Converter/soft2cn.com汉化说明.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
ZealotAllideoConverter/All Video Converter/soft2cn.com汉化说明.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
ZealotAllideoConverter/All Video Converter/videoconverter.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral12
Sample
ZealotAllideoConverter/All Video Converter/videoconverter.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
ZealotAllideoConverter/All Video Converter/必看说明.htm
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral14
Sample
ZealotAllideoConverter/All Video Converter/必看说明.htm
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
ZealotAllideoConverter/All Video Converter/河源下载站.url
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral16
Sample
ZealotAllideoConverter/All Video Converter/河源下载站.url
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
ZealotAllideoConverter/All Video Converter/用firefox浏览器上网包安全.url
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral18
Sample
ZealotAllideoConverter/All Video Converter/用firefox浏览器上网包安全.url
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
ZealotAllideoConverter/All Video Converter/金山毒霸2007 无限升级版.url
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
ZealotAllideoConverter/All Video Converter/金山毒霸2007 无限升级版.url
Resource
win10v2004-20221111-en
windows10-2004-x64
General
-
Target
ZealotAllideoConverter/All Video Converter/必看说明.htm
-
Size
6KB
-
MD5
3a3dd6a8121fbb4e4f1181e3b73bf01b
-
SHA1
6faccc6dcb27fbde623b91d877f4732127dcf8be
-
SHA256
05e6f40288872e4adf72a685297d6462c832401c945bf63b7e244a281b967f01
-
SHA512
3e0f55dca36b4684a6853bc8c59e6bf2b4a2e699ef76620c4197bb6b39fd0fe732de7d83d3efba0e64d0269ef7a1f2bc69c571355b6f9784e65db81cc3025eeb
-
SSDEEP
96:eygWlXZktTuDndkYWuokAbVXHISaQN1exgemaQNA5FaQ/APUgJX/kh8rW3H6aQNf:ebiXFDzeXdxfx2Fxh8rW3H6x9xQWn
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 203e36937401d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da00000000020000000000106600000001000020000000eb0eaeac71cd7097e11f281abc3ea067b0fab34f790cd2605f1b42c1c8c60029000000000e800000000200002000000026d29814766543a60af94545b9f8d3585d339c6781fa753a6735a4da4d879508900000001f9c52b47917a4b735c227e3c83efedae3bef6464b5955b94cba7dddedae1366b2fb8277e34f1c67b032e4f426f64b6032b5cb34be4dd78e7a9bfb55e70ef3fc718f42c36fc678f3f18610af3b47f8b2aa3cfa2209836364dd4da725689a538378667dc22dcf59d7de5d0afd836f116db19b7c5b533c815d080c182a8862a2e92e73ce8ad9d06c7fb549d989ed40c68f40000000c14d0a6d476be1b7f53e4b7984104258506f03d86048e1680085b75712919d951a475f5a23bf1972c4e0c000af074b845be316e3bd267f6f1e1168a01dfb3e0e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376217729" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da00000000020000000000106600000001000020000000bf83b4ae71cb02a468f0346a0792c933f3ac90639221cf47a15a0a7f9bc943e1000000000e80000000020000200000005ded44c601d669a450d44972c037e250498e675df1f948977345d82c8ece967c200000000f5b91b09488c5aab374617cb77454ec050747f6b783e919dafd3d2ac46552b640000000e8aa604dd6b7e7cf95b574f587f4e972de4f0fdf87198b52ca47c4734622d9c96f4a68796860e00bf75007f0ae555bdd68fc563b53adb4c2c9f89a777b348bd2 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AA099840-6D67-11ED-AD3F-4EFAD8A2B6A5} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2008 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2008 iexplore.exe 2008 iexplore.exe 668 IEXPLORE.EXE 668 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2008 wrote to memory of 668 2008 iexplore.exe 29 PID 2008 wrote to memory of 668 2008 iexplore.exe 29 PID 2008 wrote to memory of 668 2008 iexplore.exe 29 PID 2008 wrote to memory of 668 2008 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\ZealotAllideoConverter\All Video Converter\必看说明.htm"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:668
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608B
MD58214759191788dcd4e35c1147252885d
SHA13be2eb1aed249f4684bde1b94840e08a7f0fb6a0
SHA256990f2b4e9433d80f8e76f29ec5dbe4c8b73a2b4e94c8423a7ca48c9a3345b699
SHA5122bb57dc40de1296a2a426e92efff2abb04e57a3941167666c44bd706464d79da622e2d957fb99d99d1fda87f514a291452d06d567431d84396021c13b365a264