Analysis
-
max time kernel
88s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
07/02/2023, 02:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://34.75.2o2.lol/XVlhoMVlWVlZOVk5sVVVVeldISkxWRTUwV0dzMGFFSlhMelpoTWpSMmMydEZNWGwzWnpac1lXMWFSak5PVG1kd2IwNXBWM05hYkdOamNqUmpkRFJETTJvd09GUmxUMDl1VURkcFQxcHhWalZJWldsREwwRjJVRTFDY0hsb01qUjRZWGd3Y1VsRFZGZHVUbmxNZEdSTlYzRlVaMW8zU1VRcmRIaEhTakpUTjJScVpqRTJURk5RY1hwSWRsQlJZWFl3VEVobUsxRTJVRk16TDFwUlRtVldNVEp4VW0xMU1rTlJMMnhuUFMwdFVrbEhPR3h1UWl0bVVFNHdOalZYYlRSU1JVaFlaejA5LS0yNjcyZWNiZDcwNzBiYjgzNWFlMzQ1ZWUxNjBlYmEzZGJkZTY5Njhj?cid=1461954900
Resource
win7-20221111-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
https://34.75.2o2.lol/XVlhoMVlWVlZOVk5sVVVVeldISkxWRTUwV0dzMGFFSlhMelpoTWpSMmMydEZNWGwzWnpac1lXMWFSak5PVG1kd2IwNXBWM05hYkdOamNqUmpkRFJETTJvd09GUmxUMDl1VURkcFQxcHhWalZJWldsREwwRjJVRTFDY0hsb01qUjRZWGd3Y1VsRFZGZHVUbmxNZEdSTlYzRlVaMW8zU1VRcmRIaEhTakpUTjJScVpqRTJURk5RY1hwSWRsQlJZWFl3VEVobUsxRTJVRk16TDFwUlRtVldNVEp4VW0xMU1rTlJMMnhuUFMwdFVrbEhPR3h1UWl0bVVFNHdOalZYYlRSU1JVaFlaejA5LS0yNjcyZWNiZDcwNzBiYjgzNWFlMzQ1ZWUxNjBlYmEzZGJkZTY5Njhj?cid=1461954900
Resource
win10v2004-20221111-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
https://34.75.2o2.lol/XVlhoMVlWVlZOVk5sVVVVeldISkxWRTUwV0dzMGFFSlhMelpoTWpSMmMydEZNWGwzWnpac1lXMWFSak5PVG1kd2IwNXBWM05hYkdOamNqUmpkRFJETTJvd09GUmxUMDl1VURkcFQxcHhWalZJWldsREwwRjJVRTFDY0hsb01qUjRZWGd3Y1VsRFZGZHVUbmxNZEdSTlYzRlVaMW8zU1VRcmRIaEhTakpUTjJScVpqRTJURk5RY1hwSWRsQlJZWFl3VEVobUsxRTJVRk16TDFwUlRtVldNVEp4VW0xMU1rTlJMMnhuUFMwdFVrbEhPR3h1UWl0bVVFNHdOalZYYlRSU1JVaFlaejA5LS0yNjcyZWNiZDcwNzBiYjgzNWFlMzQ1ZWUxNjBlYmEzZGJkZTY5Njhj?cid=1461954900
Score
1/10
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3106742347" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4080e8daa73ad901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31013543" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3106742347" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31013543" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31013543" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3108774380" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eef4ddb70fa9964f8bf69d510f57c1eb00000000020000000000106600000001000020000000c96c78beebe9f70f44c61da474e27d46a4aa994f20c0c23218f51aab4d655eb1000000000e8000000002000020000000bdd8aa10bcfd02cea7b803b99fe09ed0f0ea52466db947ded59a932744300b0120000000022352f970ca99d546dbfe553e7e5365a0ec18fcb73a759412a0cc8f77d3dec940000000594391493da7e0d57acbea1329949b13b9ba27575f26d8da52e62ab3a29897afa26696087bea01ad574d4fb6e403b4b5768bae22e60d9b17e0cf8d21ad2de19a iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382506945" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 600adfdaa73ad901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eef4ddb70fa9964f8bf69d510f57c1eb000000000200000000001066000000010000200000001fb7531394b9bbe24d68f6ca97c2853b81916a5b3899299dbc02db1b197604e6000000000e800000000200002000000097921b84f6c73b42fdb3c8bb8d1c0e84778d9348e466b8765a00fd322d7a98bc200000009e9eac507edd666a45436444333eda960fc59cc2ceaaca56e65eee0875ffaf784000000067cb97d15999e35de7909b63079deaed73fcb02ebefd275889b553056e91147625994ebddf8407d7578bccbe2f4ea5343da65ef9c6e68f1eaa3690143ef3d732 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E3D7397E-A69A-11ED-BF5F-66300FA194E6} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3108774380" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31013543" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4664 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4664 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4664 iexplore.exe 4664 iexplore.exe 4944 IEXPLORE.EXE 4944 IEXPLORE.EXE 4944 IEXPLORE.EXE 4944 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4664 wrote to memory of 4944 4664 iexplore.exe 81 PID 4664 wrote to memory of 4944 4664 iexplore.exe 81 PID 4664 wrote to memory of 4944 4664 iexplore.exe 81
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://34.75.2o2.lol/XVlhoMVlWVlZOVk5sVVVVeldISkxWRTUwV0dzMGFFSlhMelpoTWpSMmMydEZNWGwzWnpac1lXMWFSak5PVG1kd2IwNXBWM05hYkdOamNqUmpkRFJETTJvd09GUmxUMDl1VURkcFQxcHhWalZJWldsREwwRjJVRTFDY0hsb01qUjRZWGd3Y1VsRFZGZHVUbmxNZEdSTlYzRlVaMW8zU1VRcmRIaEhTakpUTjJScVpqRTJURk5RY1hwSWRsQlJZWFl3VEVobUsxRTJVRk16TDFwUlRtVldNVEp4VW0xMU1rTlJMMnhuUFMwdFVrbEhPR3h1UWl0bVVFNHdOalZYYlRSU1JVaFlaejA5LS0yNjcyZWNiZDcwNzBiYjgzNWFlMzQ1ZWUxNjBlYmEzZGJkZTY5Njhj?cid=14619549001⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4664 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4664 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4944
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5aee722fcdc90fcfba473126bf8bed12b
SHA1df62a695b671a248b19f76cd6d420d1bcee9c27d
SHA256e759250bcfe36a1a745bc1cc241dea84b6c791141e93b322bd5027d62d3a4807
SHA512e51c09b66f06f247289841147cc6ebf2b70308cfac2c500915ed2b4775813e48422e60779e50351ac668bab548afaccb822a1486ae8242bc37697f16f3a994cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD50715b31255cf5279ea54d66e6bc73f04
SHA1899132279f686e69ad9cc0b08ccc27a71bb35849
SHA256d7dae7c15033e17915210e6adf019890312887d849ec949998844d667dafb30b
SHA5125ebd963d3a4f95b63e4cc7bac18aaf1dcbc601a7885d977ff6c9132692ea2122498259bee5bbd96b8ee96db91c9c9d1e8642027317e2360ca7d3c762fd6f80bb