Overview
overview
7Static
static
1LICENSES.c...m.html
windows10-1703-x64
1X Minecraf...er.exe
windows10-1703-x64
7chrome_100...nt.pak
windows10-1703-x64
3chrome_200...nt.pak
windows10-1703-x64
3d3dcompiler_47.dll
windows10-1703-x64
1ffmpeg.dll
windows10-1703-x64
1icudtl.dat
windows10-1703-x64
3libEGL.dll
windows10-1703-x64
1libGLESv2.dll
windows10-1703-x64
3libcrypto-1_1-x64.dll
windows10-1703-x64
3libssl-1_1-x64.dll
windows10-1703-x64
1locales/es-419.pak
windows10-1703-x64
3locales/es.pak
windows10-1703-x64
3resources.pak
windows10-1703-x64
3resources/app.js
windows10-1703-x64
1resources/...ker.js
windows10-1703-x64
1resources/...ker.js
windows10-1703-x64
1snapshot_blob.bin
windows10-1703-x64
3v8_context...ot.bin
windows10-1703-x64
3vk_swiftshader.dll
windows10-1703-x64
3vk_swiftsh...d.json
windows10-1703-x64
3vulkan-1.dll
windows10-1703-x64
3zlib1.dll
windows10-1703-x64
3Analysis
-
max time kernel
305s -
max time network
1608s -
platform
windows10-1703_x64 -
resource
win10-20220901-en -
resource tags
arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system -
submitted
14/02/2023, 19:55
Static task
static1
Behavioral task
behavioral1
Sample
LICENSES.chromium.html
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
X Minecraft Launcher.exe
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
chrome_100_percent.pak
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
chrome_200_percent.pak
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral5
Sample
d3dcompiler_47.dll
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
ffmpeg.dll
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
icudtl.dat
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
libEGL.dll
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
libGLESv2.dll
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
libcrypto-1_1-x64.dll
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
libssl-1_1-x64.dll
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
locales/es-419.pak
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral13
Sample
locales/es.pak
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
resources.pak
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
resources/app.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral16
Sample
resources/app.asar.unpacked/dist/encodingWorkerEntry.worker.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral17
Sample
resources/app.asar.unpacked/dist/resourceWorkerEntry.worker.js
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral18
Sample
snapshot_blob.bin
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral19
Sample
v8_context_snapshot.bin
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral20
Sample
vk_swiftshader.dll
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral21
Sample
vk_swiftshader_icd.json
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral22
Sample
vulkan-1.dll
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral23
Sample
zlib1.dll
Resource
win10-20220901-en
windows10-1703-x64
General
-
Target
LICENSES.chromium.html
-
Size
6.3MB
-
MD5
6e638956244aaded2c92b77f9d421a81
-
SHA1
f5269556b6fe04cfca5a1da21af718641708a666
-
SHA256
652457f1b5ec60a81c8aff095366bcc068402c21eb380ba8286366bc4e9a029e
-
SHA512
f0e173761a6acd13b6c1b5eb896c361487a770a54f1842ffaa80c8ff780b37a1e801169786776c4afa7d9c75cd968dbaddabff082de55cf75cc4f9d871d08bc1
-
SSDEEP
24576:nPVZ5W5WS95zHIlGMmfu626s6W6a6q5AHOeQDph:SMn
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31015086" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "383169702" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3532504829" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000069d88f768c0c7b4381a25e0a422840d100000000020000000000106600000001000020000000545b55a8b915b8ce9566b12e38b9c47fbce26cf5f1d072e8ef17ca689db7791e000000000e800000000200002000000086a92d1d94600ea3d9787e666f8799f1c0889121f8b2f5da761a852902215c26200000004e8e8a6409524767873e271ef4896af4d96748bfab4354d837ac71b6ec452bf240000000273f05f26961e73df9066d2e54897045691e5a909cb0adc7780b7a02319ab01e6d8d4e2c04fa6f05b913b9d89f9fbf39e0d4f6cf3f093cea0c5ae8c1a2e5bb5e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 108b20d4ae40d901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "383186296" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FCFCE7DB-ACA1-11ED-9424-4E6CE2C23889} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31015086" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3547193391" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "383218288" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 509f0dd4ae40d901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000069d88f768c0c7b4381a25e0a422840d10000000002000000000010660000000100002000000066f49b4fd4a2d1b416e7b2297c596b745b636c0d0b854fd41c831ca4abc1ad97000000000e8000000002000020000000e32879cd5d622e080c820d01d8b60404ec9a1d71afc34a306d63e290b969203d200000004274bfed466cb52a091e004b7a69379991b9a9ae8440fb879d2092f46b38ee804000000030419f77b7426825a96cf5f5d6b8f911e96d12e709b2504b3ca96749425005a773e1004627138a147a94f4534b6c8557b0c868e9546edba6d9b142a5a626d698 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3532504829" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31015086" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2448 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2448 iexplore.exe 2448 iexplore.exe 4548 IEXPLORE.EXE 4548 IEXPLORE.EXE 4548 IEXPLORE.EXE 4548 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2448 wrote to memory of 4548 2448 iexplore.exe 66 PID 2448 wrote to memory of 4548 2448 iexplore.exe 66 PID 2448 wrote to memory of 4548 2448 iexplore.exe 66
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4548
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5dd3762c0e3e884c5b1810e000d348bae
SHA1a5c25fc58e5f1ab11c2eae9fb8fd640b35ea6e1f
SHA256513f96d78d0b4e87981ab4764943bc623fbb5bd28afc86fa8c259c590aa42514
SHA512df20a18964229e3101d4769cd8696e92cb9246e91538d6b0ecf66363e55f1466370613074cb98a28c00b478087d594f247591e1988ccbb25f5d331b4157cb245
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD51746b4354c4e53ad3981c0ce723b4df0
SHA153702b33c8e3b2248f99f607a088fc282123e5a3
SHA2569c819df235cf15f6ecb552d9d2e31fb183d7ab8bda51660a815bee468bd6aa76
SHA51266ad5db17a4e5dfdfa0205c49e64c23377b6fdda71fa69aad26b27886c33fcbbc889244102755865d1ee4837e5805caa0982795e921c01f1238f5f47258dcb70
-
Filesize
611B
MD5b64d0e33f6e48aa59bc091e7cf71ee29
SHA1d41f3a3f1c50d5556c060630a2fb5b560d0f350a
SHA256eaa46cdfc0f5a82cb96be9ec5b1df4db4bbc4164527b26d9c496054b4ed6bc68
SHA512a566fba171396f67a2ebbc2f208d6ac1fbe0b62926fc46223991fc0a53cf1ea19d868fdbcdb47bd92ec9f9c5afa370ef4ae659ba8e3a94708d749f0e73e75d0f