Overview
overview
6Static
static
OpenHardwa...ls.dll
windows7-x64
1OpenHardwa...ls.dll
windows10-2004-x64
1OpenHardwa...e.html
windows7-x64
1OpenHardwa...e.html
windows10-2004-x64
1OpenHardwa...or.exe
windows7-x64
6OpenHardwa...or.exe
windows10-2004-x64
6OpenHardwa...ib.dll
windows7-x64
1OpenHardwa...ib.dll
windows10-2004-x64
1OpenHardwa...ms.dll
windows7-x64
1OpenHardwa...ms.dll
windows10-2004-x64
1OpenHardwa...ot.dll
windows7-x64
1OpenHardwa...ot.dll
windows10-2004-x64
1Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2022, 05:21
Static task
static1
Behavioral task
behavioral1
Sample
OpenHardwareMonitor/Aga.Controls.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
OpenHardwareMonitor/Aga.Controls.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
OpenHardwareMonitor/License.html
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral4
Sample
OpenHardwareMonitor/License.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
OpenHardwareMonitor/OpenHardwareMonitor.exe
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral6
Sample
OpenHardwareMonitor/OpenHardwareMonitor.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
OpenHardwareMonitor/OpenHardwareMonitorLib.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
OpenHardwareMonitor/OpenHardwareMonitorLib.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
OpenHardwareMonitor/OxyPlot.WindowsForms.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral10
Sample
OpenHardwareMonitor/OxyPlot.WindowsForms.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
OpenHardwareMonitor/OxyPlot.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
OpenHardwareMonitor/OxyPlot.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
General
-
Target
OpenHardwareMonitor/License.html
-
Size
27KB
-
MD5
56e35fd2e011977c42260637515e7e6a
-
SHA1
1285f30ff9048f56e0bf0cb57c81f561bdc8520f
-
SHA256
b14e66270c828c445662328127f68042a1d6b17e7382e150e542a2045b1a9075
-
SHA512
a9e4886710311960367318e4b731f4401e7540b9485f38fd9a0d9abc91e154f06b2a33c7ae125aaa4272c893193cb452c75abb80d6faf6f776a85ac84d02a0d1
-
SSDEEP
768:pr/DB7dhGuEGjR9xCzYO2J4Sv85ZzAVgsq2sUh6pLkbXfrEAbzOU:ps+Ots5sDpLYXfrEA2U
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "513995578" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000670c91bcad40904f832bd075652e643f000000000200000000001066000000010000200000002c4fd70ec4d48748ddbae1fadafcf057894c01528168f9b56c25b35ac7d4e63e000000000e800000000200002000000054e4281d341a0a17e55d602f39b851c5587a93bbb0472a99484c0719c06291ea200000008ab556fc730e0c0b7e03079ea024e5a77f49b9002422f166e3da250094e1931b400000004bd257def75a235870d0b738496a10bd4f6bcb7dd16e1365dac180e7335af91d2eff919aa0eebf20a3264893bc58103e00607f263140c7e6c29f3f79d7de1370 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e85b20171cd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "534154528" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "379146305" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31005719" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4A0031AF-880A-11ED-B696-EE6CABA3804C} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "513995578" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90464b20171cd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31005719" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31005719" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000670c91bcad40904f832bd075652e643f00000000020000000000106600000001000020000000ba0efb0954b4e311fe978b90eff8a7c5cb8e6cba261babd239d3ad4a66915259000000000e8000000002000020000000203543abc42f73b169d465bce1ba0c843529da25164c48a88de5ac4970be5e5c20000000b9abe384b2204f384d7250e3b5d291412224ee7329bdde9f47114d4f11dbdf31400000004aecc8ed5579ed4c115133321e0adf164eb57558730172b9b186a54c96c9ccf659605eed111e6368afc13c995e7ff9778f7c7e1dd394b16429ce6e173578b2be iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1688 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1688 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1688 iexplore.exe 1688 iexplore.exe 4920 IEXPLORE.EXE 4920 IEXPLORE.EXE 4920 IEXPLORE.EXE 4920 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1688 wrote to memory of 4920 1688 iexplore.exe 81 PID 1688 wrote to memory of 4920 1688 iexplore.exe 81 PID 1688 wrote to memory of 4920 1688 iexplore.exe 81
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\OpenHardwareMonitor\License.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4920
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD57d11e5a60e89225e9ea4bf14000a6fcb
SHA15203b8fa8b2257d0aca8d1f5fc2e74302e90827c
SHA256215e23557271102ee3148e9237e60e59b001d9c386b0c3673d25b65777096513
SHA512514b460e2efe3d4f299858d6e082f1f86fd3cb47a62fb6b778da9073d2a9a1ea0b8f98e37381ad43f9e2e11f7e1a8968e914b83602b6c1eaac805b39ee885228
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD50fb81e2de3a9f21f4b8d7da51079bbc8
SHA177038ce2d27ab25736a8365f8fdc855560fbe8b6
SHA25645c7e17c70bdc9cfafa9c770352e4d2cbe6f5b3bc57d5afe1f9085866d9d59b8
SHA5128938f5c50536f27ed5955e428e6fb41ee9fdf038461c0767cb21a774b8a9cd212e630a292a9f6df0c4d7c90b26d47daee1aa7bb84d45e27b21b3024b7ba2705c