Overview
overview
10Static
static
101060/0763d...ac.exe
windows7-x64
101060/0763d...ac.exe
windows10-2004-x64
101060/2b2bd...38.exe
windows7-x64
11060/2b2bd...38.exe
windows10-2004-x64
81060/2c062...34.exe
windows7-x64
61060/2c062...34.exe
windows10-2004-x64
61060/364fb...ba.exe
windows7-x64
11060/364fb...ba.exe
windows10-2004-x64
11060/a4c4f...4b.exe
windows7-x64
101060/a4c4f...4b.exe
windows10-2004-x64
101060/a50ef...ab.exe
windows7-x64
11060/a50ef...ab.exe
windows10-2004-x64
11060/a5d4b...16.exe
windows7-x64
11060/a5d4b...16.exe
windows10-2004-x64
11060/d71d4...2a.exe
windows7-x64
31060/d71d4...2a.exe
windows10-2004-x64
11060/eb417...9c.exe
windows7-x64
101060/eb417...9c.exe
windows10-2004-x64
10Analysis
-
max time kernel
149s -
max time network
116s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
17/01/2023, 10:35
Behavioral task
behavioral1
Sample
1060/0763daa2ef0dfb890d90bfd3f21e7a4252fb5c30a51e49904344a36012a79bac.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1060/0763daa2ef0dfb890d90bfd3f21e7a4252fb5c30a51e49904344a36012a79bac.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
1060/2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538.exe
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
1060/2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
1060/2c062e6674533b55f8fbcb316674ecd2a1ce8f71dacb55a2cebe248fc7445334.exe
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
1060/2c062e6674533b55f8fbcb316674ecd2a1ce8f71dacb55a2cebe248fc7445334.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
1060/364fb9545112672897e074456abf73a6031b313b2939d8eecec0813a5f096dba.exe
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
1060/364fb9545112672897e074456abf73a6031b313b2939d8eecec0813a5f096dba.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
1060/a4c4feb3d6679413553f96ab310e0a6d62f56a84b252a22d9d406f39cea5ea4b.exe
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
1060/a4c4feb3d6679413553f96ab310e0a6d62f56a84b252a22d9d406f39cea5ea4b.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral11
Sample
1060/a50efe1f4ff14d891c56d3d15d60954945d3cfdac28d893ea14806ab17a147ab.exe
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
1060/a50efe1f4ff14d891c56d3d15d60954945d3cfdac28d893ea14806ab17a147ab.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
1060/a5d4bab6184ba63aedcdbcb97666630f2b134de4a39ac0bcbcfe37b7a21b6416.exe
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
1060/a5d4bab6184ba63aedcdbcb97666630f2b134de4a39ac0bcbcfe37b7a21b6416.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
1060/d71d4f7a18e93069f0ad7c6631f49e122710fd4c66e4e91aa8c7c03dd4bc0d2a.exe
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
1060/d71d4f7a18e93069f0ad7c6631f49e122710fd4c66e4e91aa8c7c03dd4bc0d2a.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
1060/eb417ff8f23a6f69a05e39264cccd83c38e44cbdf4e90c5a6455800eb3d9c09c.exe
Resource
win7-20220901-en
Behavioral task
behavioral18
Sample
1060/eb417ff8f23a6f69a05e39264cccd83c38e44cbdf4e90c5a6455800eb3d9c09c.exe
Resource
win10v2004-20221111-en
General
-
Target
1060/2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538.exe
-
Size
415KB
-
MD5
552911a7b0d4b3839ff7c63e5974b440
-
SHA1
03fe3f86ebf2116f4f0ca22eb61432a6c02c2011
-
SHA256
2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538
-
SHA512
dd9b020d73f70721f677c916f1d2801a0f0bcf510d9eae58f61e9afba3492b92a4e606db075fc35d3a4ac63ca9c2008c364b8c561be1f411161178bea626b3ce
-
SSDEEP
3072:KWymqz02O0zEr4cMwDqZ+wDqZ4wDqZHpP:KNrBuIZ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb80000000002000000000010660000000100002000000070924646b9ba013ba33d910ef5d63eb41c4a393dbfebc2051042e7a3bfb7d5d4000000000e80000000020000200000009eb126d8e7d5b29d77ed7c0206ec982b0eed006edcaec48ffc82774ac8b5f88c200000008897ae8fc2840258ab00d2e3e10352af44244c340d577824ec4d3a3decd44cb740000000ac8d1e6f6fca1bacd471483c38092b0882335a07b37c75e098e367541d642abbee03554bc73f8b62a6e9d433351ae509d10ab80a58cd8c01530e91ce62693a51 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20aecf0d682ad901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "380720381" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39216E61-965B-11ED-A1D9-72598884447E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb8000000000200000000001066000000010000200000000d983ffbc4499aa634927db574430d0bcc36a24b5a368678e7ce3702b58e3ca8000000000e8000000002000020000000a2925bbe1a69e43f32dfdbfa06c0a11477235f947475a81c772fe04d9966148d9000000013ba776a2c6de7678713e45335361389a4b1e253113c2d289d11c4d31ee9885455c3e3781f968f6c31ad6e5e5945aebad4583c5bc3120b4de794a0ea4f388b9044bc86838ed598dbbd10b7c12da12c2884a9ea01c2a52196f5edc2d37353b2f41853f2b11a36ccb8b5f8cd394917b78e8213379b8b055d85311a3c309103d6aa4f90f00084580f973586aafced9a8927400000004e7fd2f924a4b260adc0992b85ff05bc8f8ee6de2c7051719bde2dc24b9bb005b6d4052fa095f06068aefe42e0c017ec462735cdd114836c5b28bc9b8891d235 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 996 iexplore.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1724 2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 996 iexplore.exe -
Suspicious use of SetWindowsHookEx 14 IoCs
pid Process 996 iexplore.exe 996 iexplore.exe 916 IEXPLORE.EXE 916 IEXPLORE.EXE 916 IEXPLORE.EXE 916 IEXPLORE.EXE 668 IEXPLORE.EXE 668 IEXPLORE.EXE 1964 IEXPLORE.EXE 1964 IEXPLORE.EXE 1964 IEXPLORE.EXE 1964 IEXPLORE.EXE 668 IEXPLORE.EXE 668 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 1724 wrote to memory of 996 1724 2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538.exe 28 PID 1724 wrote to memory of 996 1724 2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538.exe 28 PID 1724 wrote to memory of 996 1724 2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538.exe 28 PID 1724 wrote to memory of 996 1724 2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538.exe 28 PID 996 wrote to memory of 916 996 iexplore.exe 30 PID 996 wrote to memory of 916 996 iexplore.exe 30 PID 996 wrote to memory of 916 996 iexplore.exe 30 PID 996 wrote to memory of 916 996 iexplore.exe 30 PID 996 wrote to memory of 1964 996 iexplore.exe 32 PID 996 wrote to memory of 1964 996 iexplore.exe 32 PID 996 wrote to memory of 1964 996 iexplore.exe 32 PID 996 wrote to memory of 1964 996 iexplore.exe 32 PID 996 wrote to memory of 668 996 iexplore.exe 33 PID 996 wrote to memory of 668 996 iexplore.exe 33 PID 996 wrote to memory of 668 996 iexplore.exe 33 PID 996 wrote to memory of 668 996 iexplore.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\1060\2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538.exe"C:\Users\Admin\AppData\Local\Temp\1060\2b2bd717ef276aa3be519cb31fb4e498bb10242e110892bde18e28174bee5538.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://paste2.org/DWeAUtKE2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:996 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:996 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:916
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:996 CREDAT:340994 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1964
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:996 CREDAT:668694 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:668
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e46b4c4b873c7833a31c81e380099197
SHA13b6af59c435fad022dd8856b741d880f9e5b54e1
SHA256b05699ba87e43a46b03027cd0a3f74029e5055a2d7e146f8aaaf589721c68b4c
SHA512d280c20bb49f6beda727a7b9c6520ffb0ea3281f5b6f3ed10d90b64dd5071b5a6b783a682eddbe9795367c6e17ae7fec795d205e25345a415bb8700780780757
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4155480a3c1ba1fb59057fe99424b02
SHA10bcc9c513e557f6e82fe0dc078696eeb408e5b1f
SHA256e46b3f0ab5c00f37aa6f5699d51ce93616dc49469b7947c68be341611c993235
SHA5127721e1060b892070885b5686b0acb2bb01431aeaebd3cc0e7de22a761d125839405ab84b9817349b7322a3bfa167c8a29cedaea160ec907e411f27f3cb31626d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46XILC9P\4Z9E626S.htm
Filesize38KB
MD52db16f6f35ed28e938c5c153a3a6297d
SHA144aad1c754462a3c9cb4dfb21e8eff04f6201b65
SHA256f24abc7a4de62c178793b1d060ffbff65912e860b5b05886641ff8ac1e3107a3
SHA512561d8fc3d54caf1f2e010ce01aad0b85c3384db65a6da9a1bff1211001aba7c50a74c5c2d45f682333177de1057390b3f7a7c56794c463edad2748ce638c6434
-
Filesize
346B
MD580decda3273101d973768f6952d3c738
SHA197d8ee05dd569df2c0f840562d13c3dfd21b3018
SHA2561c2970b4c2f8c61a7812e08370d2968e06f1bc9c86839c03c0a6b967b13a7e47
SHA5123a63c85d664d4c6fd908dccbcd71f98cbcee74d096c21d74d3d76ffa6715b6a0d9d04653a6b54f428339ccb801caf89c383a15b58b6dd1cf9dcb251d8a888fe5
-
Filesize
601B
MD54d3655f3e035c90bf68ca70b8a37f8b5
SHA118658b0d4c4b9e60e5a90ca2ec5a3a2dbb2b4851
SHA25650c9e329fc004ddbd12268f37f541ad464bedafbf7d8cea10546d681fef7c247
SHA51211c92d5807763de2bd4ebe011910da58292ed8b16a5aff7c2efc2324b028ed743af4b05741fb88639d2bf3385291b161645dda1269b58878c5c500309325d400