Overview
overview
6Static
static
This Is Th...me.zip
windows7-x64
1This Is Th...me.zip
windows10-2004-x64
1This Is Th...r).zip
windows7-x64
1This Is Th...r).zip
windows10-2004-x64
130ixfbbf.jpg
windows7-x64
330ixfbbf.jpg
windows10-2004-x64
3Iron Man.mp4
windows7-x64
1Iron Man.mp4
windows10-2004-x64
6LivelyInfo.json
windows7-x64
3LivelyInfo.json
windows10-2004-x64
3g4q3xdz2.gif
windows7-x64
1g4q3xdz2.gif
windows10-2004-x64
1This Is Th.../1.png
windows7-x64
1This Is Th.../1.png
windows10-2004-x64
3This Is Th...10.png
windows7-x64
1This Is Th...10.png
windows10-2004-x64
3This Is Th...11.png
windows7-x64
1This Is Th...11.png
windows10-2004-x64
3This Is Th...12.png
windows7-x64
1This Is Th...12.png
windows10-2004-x64
3This Is Th.../2.png
windows7-x64
1This Is Th.../2.png
windows10-2004-x64
3This Is Th.../3.png
windows7-x64
1This Is Th.../3.png
windows10-2004-x64
3This Is Th.../4.png
windows7-x64
1This Is Th.../4.png
windows10-2004-x64
3This Is Th.../5.png
windows7-x64
1This Is Th.../5.png
windows10-2004-x64
3This Is Th.../6.png
windows7-x64
1This Is Th.../6.png
windows10-2004-x64
3This Is Th.../7.png
windows7-x64
1This Is Th.../7.png
windows10-2004-x64
3Analysis
-
max time kernel
105s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
17/12/2022, 17:29
Static task
static1
Behavioral task
behavioral1
Sample
This Is The New Best Iron Man Theme.zip
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
This Is The New Best Iron Man Theme.zip
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
This Is The New Best Iron Man Theme/Iron Man (Apply it using Lively Wallpaper).zip
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral4
Sample
This Is The New Best Iron Man Theme/Iron Man (Apply it using Lively Wallpaper).zip
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
30ixfbbf.jpg
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
30ixfbbf.jpg
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Iron Man.mp4
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral8
Sample
Iron Man.mp4
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
LivelyInfo.json
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
LivelyInfo.json
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
g4q3xdz2.gif
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
g4q3xdz2.gif
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
This Is The New Best Iron Man Theme/dock_icons/1.png
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral14
Sample
This Is The New Best Iron Man Theme/dock_icons/1.png
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
This Is The New Best Iron Man Theme/dock_icons/10.png
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral16
Sample
This Is The New Best Iron Man Theme/dock_icons/10.png
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
This Is The New Best Iron Man Theme/dock_icons/11.png
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
This Is The New Best Iron Man Theme/dock_icons/11.png
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
This Is The New Best Iron Man Theme/dock_icons/12.png
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral20
Sample
This Is The New Best Iron Man Theme/dock_icons/12.png
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
This Is The New Best Iron Man Theme/dock_icons/2.png
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
This Is The New Best Iron Man Theme/dock_icons/2.png
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
This Is The New Best Iron Man Theme/dock_icons/3.png
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral24
Sample
This Is The New Best Iron Man Theme/dock_icons/3.png
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
This Is The New Best Iron Man Theme/dock_icons/4.png
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral26
Sample
This Is The New Best Iron Man Theme/dock_icons/4.png
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
This Is The New Best Iron Man Theme/dock_icons/5.png
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral28
Sample
This Is The New Best Iron Man Theme/dock_icons/5.png
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
This Is The New Best Iron Man Theme/dock_icons/6.png
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral30
Sample
This Is The New Best Iron Man Theme/dock_icons/6.png
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
This Is The New Best Iron Man Theme/dock_icons/7.png
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral32
Sample
This Is The New Best Iron Man Theme/dock_icons/7.png
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
g4q3xdz2.gif
-
Size
3.6MB
-
MD5
df1833df7f040b2e3c8df95d2f840a61
-
SHA1
58563327795484c7e3cda54b15c8c06d6cb56527
-
SHA256
43f4f92ebf5a5dd48cbade54e309097fea3aa4d282b871af01327d097c41fd71
-
SHA512
f8ace3fb8a6bcef0063eddf3de6ac62e454f24d2538df63bab16a4389c9ade94b51896e295b8014b2e58456cf14530401092a8de181550aec97f6f25df44d28f
-
SSDEEP
49152:ux7zToKuO4Z+/jHpneJ5eWVaMQ0PIr8n6N2AK5s4y/NHGGE9A1/JwxDEcFb0WqL:udTKgHpeXzVaME86eSv9Z1/uxQWgWG
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dcdf1566de37754e8b4161b444c0562100000000020000000000106600000001000020000000ae304ee1ebb4d6daeb14d0144eb11b03e96ce36ede15743029eddca9a76309b8000000000e8000000002000020000000fe77f07445143a19c10d08bc0c004219a2591bf37c03627702e6d25f7c0adfc6200000008b233a2fdceda9e0f72b123c5564d8733f3a522407e08f2cbdf5279bb0b10eba40000000c3e138ea56e09809ec6fbcfba72658422d5b310ae7986e7def7c5c3e4ae7a6e30eb694e1b664b5ce7d5289b54f469aab565b4600ccd19137fceac6c494177a4c iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1024eab34512d901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dcdf1566de37754e8b4161b444c0562100000000020000000000106600000001000020000000066122a27cf97100f63fe83dd514b63b6df19fec6e6a53c5870f3f5df90f0827000000000e800000000200002000000030a6057edaa363a6dcda45c69d64df2e08f8150d8520f760e339a383eaff438590000000b76ef003e9cfa47a427a6f10b0e612e024560b642320b676f08660ab3b538a56627b634fba6fd162c78800d0e62ad0686c30dfdf147153574d24e39fcae1d6a663fd1e04bb5f9590e119a9c70c7ab2eab692fd564cd5876d93eddf64531b1d63e8c4d3faed50056a9043bf9c8d331e6e86496d561cad49d8bcfa952dd76dea07c2448476655b3132ec337179a9af073340000000ad69b128ad7df7ef79086e3c49c8085f141d63b979d8d3c1c9caa26955f6ca3edca0634af5f72550547e1a3e1a3ea541446bbf422514af6451c2f03d127ba4ee iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "378066805" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DDC49631-7E38-11ED-A6AC-DE5CC620A9B4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1504 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1504 iexplore.exe 1504 iexplore.exe 2028 IEXPLORE.EXE 2028 IEXPLORE.EXE 2028 IEXPLORE.EXE 2028 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1504 wrote to memory of 2028 1504 iexplore.exe 28 PID 1504 wrote to memory of 2028 1504 iexplore.exe 28 PID 1504 wrote to memory of 2028 1504 iexplore.exe 28 PID 1504 wrote to memory of 2028 1504 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\g4q3xdz2.gif1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1504 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2028
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
601B
MD5b34849952ad8b368ef1e0957ff458e8c
SHA1c864568fa681b609142580757f3da1f3f32ea46d
SHA2560bd9e156b709f21e68ae7d40fd714f965dad2b534360da1b8b14b2f8c3748817
SHA512f9f5492f9cd438297219e10226aee710485ee6d5fe1b1325a7b2297ac253f967ccb43b4bb9bb959e2f21fddc8ab5a4c101da71edd6efb7ac1d1c50542c17c156