Analysis
-
max time kernel
146s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 16:00
Static task
static1
Behavioral task
behavioral1
Sample
496fe17f34ae1a0534257163b329c4906b444dddb573ff21d43bd7223efb413b.html
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
496fe17f34ae1a0534257163b329c4906b444dddb573ff21d43bd7223efb413b.html
Resource
win10v2004-20221111-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
496fe17f34ae1a0534257163b329c4906b444dddb573ff21d43bd7223efb413b.html
-
Size
2KB
-
MD5
a5d97a51059a026d9da81851bb3427e4
-
SHA1
54785d2de53f27ce0e99e87e9227015ddef5b851
-
SHA256
496fe17f34ae1a0534257163b329c4906b444dddb573ff21d43bd7223efb413b
-
SHA512
b35bd6ef8f9e677eca8f57c53d8fdfd29b8246642b9a362ad6594fb9aef47a33847e5190b156e1cf89e3e2a9814b98c9e993cbcace571ce2490f1485c99e679c
Score
1/10
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B6D492EC-7362-11ED-BF5F-DE8F97E08347} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eef4ddb70fa9964f8bf69d510f57c1eb00000000020000000000106600000001000020000000e506f6ab69f88b7a00f0c60a55fefb7c2daad2d113e42d0309a9f4ece6474ae3000000000e8000000002000020000000c9e9f2100f75397c077b6fe63b7080c9bb37ede41ce31da8d4dde2c1f49b91a820000000400aa499df38ad9620c99805245a59d5af1f6e81f99ac30b7d5e1789a0dfa874400000009930556f0a7f2e9b6d1b12e3c3a423bdd22b99c7768e96bdfae05887ce7182181926717b0c45768b827937a8e786ee4893fa655d565dc051c75289638046e1cc iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d032956f07d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1891415753" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c86d936f07d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000431" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31000431" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eef4ddb70fa9964f8bf69d510f57c1eb00000000020000000000106600000001000020000000b392bf929b0424706cda5f49349ca287eb36dff53db3c75bbd641d1bca50e38b000000000e8000000002000020000000d9ae655081cd6ba574338b1c0e962b6f59fb9f50349a30780767a63bae8e2d2820000000e7f060edb45b39b4e55892616074ceffcbd80a6c51d0217aecab74cbcb558eb24000000097d481299f547bf7eb5f840d36dc098e14916952e4923bc8eb15bd5c10b952e58469984fb711d072e135b5d64b22397263a0996c3a5ff68c390661b1745851bc iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1891415753" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 100 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 100 iexplore.exe 100 iexplore.exe 1156 IEXPLORE.EXE 1156 IEXPLORE.EXE 1156 IEXPLORE.EXE 1156 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 100 wrote to memory of 1156 100 iexplore.exe 84 PID 100 wrote to memory of 1156 100 iexplore.exe 84 PID 100 wrote to memory of 1156 100 iexplore.exe 84
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\496fe17f34ae1a0534257163b329c4906b444dddb573ff21d43bd7223efb413b.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:100 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:100 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1156
-