Overview
overview
10Static
static
8cd85f250-b...06.eml
windows7-x64
6cd85f250-b...06.eml
windows10-2004-x64
3K-1 03.07.2023.zip
windows7-x64
1K-1 03.07.2023.zip
windows10-2004-x64
1K-1 03.07.2023.doc
windows7-x64
10K-1 03.07.2023.doc
windows10-2004-x64
10email-html-1.html
windows7-x64
1email-html-1.html
windows10-2004-x64
1Analysis
-
max time kernel
100s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08/03/2023, 07:26
Behavioral task
behavioral1
Sample
cd85f250-b0e5-bfcd-24ff-fde4febbf706.eml
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cd85f250-b0e5-bfcd-24ff-fde4febbf706.eml
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
K-1 03.07.2023.zip
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
K-1 03.07.2023.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
K-1 03.07.2023.doc
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
K-1 03.07.2023.doc
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
email-html-1.html
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
email-html-1.html
Resource
win10v2004-20230221-en
General
-
Target
email-html-1.html
-
Size
23KB
-
MD5
dc66858d0ab79d70fb738ff81105ace1
-
SHA1
bd5f9c9bc8f1a0560a1536e48bbe3af06a127339
-
SHA256
c7c781ea2b4571c242c1b631339395e0777b4ccf381f9709d606901639d60c2c
-
SHA512
84261aafc34849b61237a0899a23f867357f9849603ed1160263ee0528f46a8553a093a5e570e74a5331f808c3cf5078438abeff993fadb42312a77cc4b1ebe1
-
SSDEEP
384:i71Ce/fO3AtYVSjJjjTPlKnM4foW08aP3YZYvVFvXmvKD32YoziyI5NCc7dM9J2C:fCJnzlKnM4foW08aP3YZYvVFvXmvKD3U
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007837404bb2ac374381d657b4bfd4f9e2000000000200000000001066000000010000200000004714e99cedb22e70d32e4718c9ad2ad2e7bf24cf1cfa3f9b0db8640baa269c1a000000000e80000000020000200000000e94eea34f63b4104b349ad05f06b51e0ea0e604074070c1f5d2c87633b8650e2000000056cb52eb292c856c0e95701f7297744bb5f0cbdc0246cef380d37ea5631b9c9540000000731f6bc63f9c21c1d32dfda6ab354918b730f1a11dcd429854c04ce5992f637396ac37d68c6e0cdfdbba591c61c2cbbd5565d0d02a513a3ec96a383647d107cb iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 608e29dd9751d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{065C00B1-BD8B-11ED-A558-E6255E64A624} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007837404bb2ac374381d657b4bfd4f9e2000000000200000000001066000000010000200000003fe81c9ba188f6013baf0b317d0c29049cc9a6dca9b7ad1f8a2896f1047ebb19000000000e8000000002000020000000d0c21b59c1bd6bc0f2d6f2b89645a61fc93560377ea788f365b46885fe38f4c790000000d96cf2ff0e91124986ef86368423031f3ad22fdaba5e3d47cf997fbf96fc23105de28908c5b90e0f83d7f4700cf4a614e76852208a140f2ffe0024d040b03a62a7a7e5ca00cf45702fc327f5814b7531c3dfd1c44fac9bdf2527ea20ca395a31d2ef62591cbd883f6d002387f7129bc2e7e9a2c3f8408d29e4b3bb32fc1b027516f2b7319a6936a6e3029751813ae7c540000000971bbaaf7adb75d955dcc6f59eda9e6785ad9eaf39859be63cdaaca7d722ad9052cfc2b39c7d28db208317e9349936c04754f545d247044784df751d9814506a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "385029008" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2008 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2008 iexplore.exe 2008 iexplore.exe 340 IEXPLORE.EXE 340 IEXPLORE.EXE 340 IEXPLORE.EXE 340 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2008 wrote to memory of 340 2008 iexplore.exe 28 PID 2008 wrote to memory of 340 2008 iexplore.exe 28 PID 2008 wrote to memory of 340 2008 iexplore.exe 28 PID 2008 wrote to memory of 340 2008 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:340
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5334123d9288af17eb6941aef45945e71
SHA17baf8d696c6220e31d7404ac7d90415dceafbf19
SHA256028a26a1df4ca342aa21bea610ce11942a92a3546113f3bff7c6486c24e60057
SHA512b985455fd23df8735ad6fe2d6d90621495433b1b88d5c9258fc10801daf4b6357bdbe06569a71431925d313180e9c485177f4942476c2a14417a9fbff504566a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c527c98b557bd2e557000a9e2e7aa23
SHA1ada2bcbe8314925a63bf7ff33ffe62c1fcb27ff7
SHA256ffaccddbc837694ba9c7095d7e38479bfa0197bb293f6fdcff2a6f4e51d14ea1
SHA51253149f753271b6e0a135a28e3a1290ece04df09402420908c95176d96b39a43cc8cfdf134335e4fdb19ddc477c7369143b82e554b9bf9803291d1a596285c695
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6a69c096faca54985da41890437ac17
SHA1ff46cd4c28144c38a758cf2c3b8c77ea84ab3b29
SHA256f0d4e8077bc159b3a8d4a3dd7e184f2791ea3740b23fed7d463ce8aefb846757
SHA51287f840c46e680b9cdf29299b0ad46b1d209e1e413e7b0aa2726c35d53eb7c995cfbd30510407ce46f3d5b4b303bda3f89c13d9c5e17ef0d838facd9b644b11e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588dc9de9076f65afbc4c54bdd9d228ff
SHA13987305dd8a624cf919514081275ad6826988a75
SHA256f781ffcecc7ddb39c4927a5d9fa64730b953caa6bf0e5ea22fa9ee8997857ced
SHA5122b190f361c3f62c3d6fe37b5bddc426f949cd5ad9e53460508fb058d55608dff44c5b18c65b5f336f8ceb3c481ab20211aa4e89a5a59adaae16e9a405c96a3d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dcbb3fb01c8597f89757b72061348f1a
SHA1946244d6798cfc9cc9adde5fae0b070da7d3cde1
SHA2561786a0271e4031dd434f39eb910f11c0db9c8247e9ec1975c64bacb9f23b4761
SHA512bc6a04d234ec1e3b5f0447491b94bc6b4bc0ea8acace45b557a387687952890a8b388f46a2ecabca06ce6feb142c68a8ca40324a8b06620a2bd1ed3d1dba37e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cdc7a08c0ab9754e5d059b133ec1e475
SHA1d94382b4a6ff3889d22852ece01677d2790e1dca
SHA256a311870390562a09a7f74f310ca4de1e39411106c8b8e4403c27ca80c4d39f3f
SHA512593a26769101eca7f17b82651b79d38776b2ac319959138afa1f9ea82463ef1228feadc49f4604b48917dcb6213b88cca1849608788a370189e9c75348e392e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f939c2b217c223ce79f7819ca243bd13
SHA1fd2fb6ff673903ab3ec6fbdbf8c0fd3cce46da19
SHA256065a94dcd06c1137088f12f58e59ac744ead1c4f199398b3f919bdd36cdd2980
SHA512ab164d56836a25e4e950eb11e0849834b1314dcf92e38a33cfdacba16e14341adda49c000c762624292617e1c54e9a86ceb1424c0207e20d483d3515098b9a7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56564c9654c143bfcb6a0857201da6897
SHA187b4ef6b75a11909308c6fcfafad93294f4de687
SHA256b61c0ffd00ab48526212c130ee01b5fc00a0c57339e71b03cf3ccddb42e492c5
SHA512256e95f97d39421b0cc5d62ccc7d1bc08d9015e3828c312b5e527e84d74ac41b97308f4db055de09824e888dc7d0f7f9cc7ce1134f94afc6cbe06b38f2d82c59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD538fc34afaf207a675e4d2d49f8f15bac
SHA1565832be6d38f29c61e6e0b37f60669a141aab31
SHA25601facfe4811f6b144549b86cfa4de03f5880abb9bcd79ebd54fb8b7ee33046ec
SHA5124954d59c3baafd6520d0f73c17394972137fa539a33238535f99a29470e6ace565e0f0cd1e1aded7388b919fc2742eb30ae93685b8e8d13dec9d970c83b34caa
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
61KB
MD5e71c8443ae0bc2e282c73faead0a6dd3
SHA10c110c1b01e68edfacaeae64781a37b1995fa94b
SHA25695b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6
-
Filesize
161KB
MD5be2bec6e8c5653136d3e72fe53c98aa3
SHA1a8182d6db17c14671c3d5766c72e58d87c0810de
SHA2561919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA5120d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff
-
Filesize
605B
MD5d63368d2ee350d6c4de828c0c3c9109c
SHA17d0d937500f4d7ae0d2c5c94f9604846f876448d
SHA256e3cb2b03f83d407a8a19f92fb7c5eaa0548db275eab0e3fab6c509c7ec5baae4
SHA51200cb6f06bed5c4199a92b71482ee48a85199b42cdc697320e19d0222e00f0304ffe4ded4c827aea1e08d28649816d3c0d85a97a597d1bd810948b97fc4e7fe4f