Analysis
-
max time kernel
184s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 04:20
Static task
static1
Behavioral task
behavioral1
Sample
b8343fbeab4ebc958ec9d7e954ae192f84645800d9aa4d70e10c509a95453913.html
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b8343fbeab4ebc958ec9d7e954ae192f84645800d9aa4d70e10c509a95453913.html
Resource
win10v2004-20220812-en
General
-
Target
b8343fbeab4ebc958ec9d7e954ae192f84645800d9aa4d70e10c509a95453913.html
-
Size
7KB
-
MD5
bad1eae876af162c065226ae48775508
-
SHA1
13a29a59ca4910da511cdb3022972e57ac447327
-
SHA256
b8343fbeab4ebc958ec9d7e954ae192f84645800d9aa4d70e10c509a95453913
-
SHA512
3540ebe7d0117f41a25df03dbb7fef3f29785b655d36fec6866217410ecbff219c88d6f22ac72c887c6eddc65bdc65850872df9e673e0001d4d3b1ae7b2d4d3f
-
SSDEEP
192:JJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oL0:bSGabMPvLddLXuSwSTLdlLXugfo2Ka0
Malware Config
Signatures
-
Processes:
IEXPLORE.EXEiexplore.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{652E4A14-6DB3-11ED-B696-DA88DC7FA106} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 304ff845c001d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376250268" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008382297c5f93f24f8218f64814263da0000000000200000000001066000000010000200000008b1d26831c1159a8bc0dfbba81f97111b9217b3ce461b98f8b048a8fcce45b50000000000e8000000002000020000000c0d9ec0c5b1c040913db18e884cfa9282e1e35fd2c557da1aba81de01f7e63332000000035e3603e2f94424b97c26ef9f3099bb09411ef712597b5a3e2fc2f9797f2a7d44000000050cd9d29b45d6533a09c77a9b69e0cea7748896d2a8cbf073397d24e2e03e80aaa8e65d5392358bc228bd745161e1fae635cf36766e3ad9325553f3768737576 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603ce545c001d901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e73942c001d901 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008382297c5f93f24f8218f64814263da000000000020000000000106600000001000020000000e271e2fef4b833914f7833ae3edce82dcace0c218d2b472c0fa80f6add33ea8f000000000e8000000002000020000000bf780e450ebe8be3e157052b31069a8dad26434d96463e56f79167fd20bd601d20000000a5ac32c29151848f1a713a3388fd6a03be6e1ae99eb71add54404dc7b513f7974000000092e313cf08aa421b6e1c5c4859345078d18ff4418f007ebac1366230f0e4392decfef0e6425e3b24a961679ad5e5423d62c69f4c5567931d4bce1568de9871d6 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008382297c5f93f24f8218f64814263da000000000020000000000106600000001000020000000cb58dfaa153c27c5243430e891c00a4978dc5db7d21c98d7fedb430d089a21b4000000000e80000000020000200000005159e297fc9695fc1c110669f3d4f92eb1e9bd172a2a0c2656e1a41e7bb93552200000005fd1ad0767990122898a5ce3a4b7b7722b5a7bef948a94030aad1d130aba580840000000611aef0c833f79db551dd0947c6c319e3834086c69f52fff2c716fde985ae5edc17093f620bdaaad729830615bc4e1054d8e96184c8922dfdf7c767022ad1fe1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 312 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 312 iexplore.exe 312 iexplore.exe 4876 IEXPLORE.EXE 4876 IEXPLORE.EXE 4876 IEXPLORE.EXE 4876 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 312 wrote to memory of 4876 312 iexplore.exe IEXPLORE.EXE PID 312 wrote to memory of 4876 312 iexplore.exe IEXPLORE.EXE PID 312 wrote to memory of 4876 312 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b8343fbeab4ebc958ec9d7e954ae192f84645800d9aa4d70e10c509a95453913.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:312 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx