Analysis
-
max time kernel
134s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08/03/2023, 06:41
Behavioral task
behavioral1
Sample
2d9e4dd3-3ed4-dc8e-67f5-857831686eea.eml
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2d9e4dd3-3ed4-dc8e-67f5-857831686eea.eml
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Gmail.zip
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Gmail.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
952786590042030229132__2023-07-03_1900.doc
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
952786590042030229132__2023-07-03_1900.doc
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
email-html-1.html
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
email-html-1.html
Resource
win10v2004-20230220-en
General
-
Target
email-html-1.html
-
Size
721B
-
MD5
7fefdfcd443aa22909f65e6c5d1cd945
-
SHA1
e31d2a416a266710fabf1ae44a6dde86eadf7fe8
-
SHA256
71bf725486ed6565075b8cfb2ecdaaf91123d1f6070ff5971855bacf3c3136a3
-
SHA512
3f0b35d2573af9d1ea86431594b439066829d9f014aeb895aa94182346f68757e8e6065694cb1a0f3f4ab5d05215f931aae397c6080952d36ab9d940f417ff58
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007837404bb2ac374381d657b4bfd4f9e200000000020000000000106600000001000020000000c31d5bec6d7bb402f031e9c8da35365acea931ff73c2b849098c3e00b10ba483000000000e800000000200002000000068a9f524b57ba2176d107b57eea968b47edb6605d4139a5f8f45ab6908c1a918200000005d39572e5423e8930bc79f1d7fde561453f81f0615df784305e695e01e3bc0824000000066fa12d1522c4d022ec0e1e9dcc5b6d1cfdd0edbec037ab8dfcaa0d36a2b8992ab409b0c492275d2c4ee88d7ec543ef2ef8a25ec2aa7d34f990e7ef7d245078b iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B54B5821-BD84-11ED-9A18-C6A949C40DC2} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "385026296" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3068548c9151d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007837404bb2ac374381d657b4bfd4f9e200000000020000000000106600000001000020000000d5e27c2b343888e682b22e31a8d42f58bb7ef871812b82443f900868abe211d1000000000e8000000002000020000000620452fe1892f2df330aab7d13b08cd8a1cf59b357c816b467f2cebfaccae8e9900000007f415b4392a25f698bf763ef6c21fa169dec24452131d616e77730656693cbf3c5303f5399d9728b92e8a6707faa9c849d590fb818dcc203f14f94759b67b5d052d863699665264881565750fbe9d0d68cbf4f5be62e1b3ffbcd24a89d6af1add7b686178cea2edb784df651276cd61bc493842866d2e608a54922146c9267a5bcafa6e9449bed2e19641b7f462dab64400000009b1d5d4eb689ccaf6f07aefb6fb3e11bf0e9bec64b702c25f3f4ad2e1594e02f82f7930b54dcf11f66ac6c96b8b0e8a4acaae4d57a28f465558f06d8ae539046 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1392 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1392 iexplore.exe 1392 iexplore.exe 916 IEXPLORE.EXE 916 IEXPLORE.EXE 916 IEXPLORE.EXE 916 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1392 wrote to memory of 916 1392 iexplore.exe 29 PID 1392 wrote to memory of 916 1392 iexplore.exe 29 PID 1392 wrote to memory of 916 1392 iexplore.exe 29 PID 1392 wrote to memory of 916 1392 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1392 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:916
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5e71c8443ae0bc2e282c73faead0a6dd3
SHA10c110c1b01e68edfacaeae64781a37b1995fa94b
SHA25695b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f336ddd84af768f0f0ef92395bf7bae
SHA16faba305843545d685fd0cba635eac67e2a35484
SHA256e77303307a84e2a21524fe49cb3e7564eedf57484ecb69fa7cbaf3c86b81494c
SHA512e30d816681de95712312e9b016c1971ab0d98d6e57b0e2ba94bb4b13e680cf9728bcbcc0f875c82e73c647edb88c4da42888c87e6301638752aaf7ac8e2c9378
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52bfbe5b51fecb9f4399cbed9aef573c6
SHA1e341d3bcaccf38dfbc460ba55df530b804b1b236
SHA25630d8d517b5d2ceb8634e49a890616aa8cb75c7676b26da86e005a08a04039337
SHA512799a2393dc4a873f790c7219146b96007201ca8444fecd754d6b783cfec6a00fa67c1800f990d0962abe54ae8b65760492a2ff54b5a6a4db8d66652aed90b4fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536aa69724c993f2bd354508ea7326c40
SHA148b4a42f7b3456684e810d0e75a9bee9358847b5
SHA256f0c2ffb2d78ce3ae4875e29daa25ac87a2ec7deb9a7d14170d74371b0ee1d743
SHA512f95e5e611e8e80c4e0baa4ad50e7522e96d2315a4725351cc2cba550ab595a1af0b1becb2b2f5c06d4246b3ca561930ed9fbacbba04d10ff0f31af68ab94bf60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51fc169a29794f222796b2b91b5a4d69b
SHA147bb99f2cced260fb8245c70be0380295c55503e
SHA2566e0c18204c951ee8577114f1ecf497df5e92f788edb3ca9c1b08f993a07f3d5b
SHA51297f1b8b668817db51cff1903856c63529438939e9c2c747029f64f739aa0108a6d8af6c8c92ca1f5530f833fb6101c931ea01b3855138f7c8ec10b40b4560421
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a0cc297fd8fb1b685877bffa94752155
SHA15104d802fb242375966c812242573f42f2117e48
SHA256d56ae6b80473837768c26804362150d0f2ca030a355c98edbbe0e2103c2e9f26
SHA5121fb41f31b5ee5c678ede226a9b0a93413a91c8044c6c585b8b0fcbf26b27a4276c5333837f285231ba5a49ab53f3a4c8192b41bba3de3a6cc1516ecf8337aaf4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53066fd262cdce7296d76f0d0a81ea705
SHA14a7736282ae3603d02529e1f249806ef977732b7
SHA2567a1c82b206d8ac6c2e5bac2370d8ebb3724c3c8ab268b7986d35908a5455a0af
SHA51216a41008e5e48d40ebb868d90dca876257c3811bad98e5f7c93cde203473c037160cb2b01c373f6617a4a119470265bc5dc548916412005531ea05d0cd4a9ce7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8fcc15d44907ba29505b4234b6f12de
SHA1f08266d009291c76e961d6068388b1d4e7179674
SHA2563f8b4d3bbbb95d1d475ffa7aa30ecbd48c96dc847901e34e78da74716697f571
SHA5123e3c53c95f806834245dc32f3e1df1fc39316fd83c335c4ed2b3316157557b412dea4446b77e39fe4743a0fc70962dd51a2b071843353c8826246d48362b5b05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5103db54cd4f766c3b417831ef7eb1d5f
SHA150278c050dfd844020ab401f0e7044aa051f3743
SHA2565f66b8ed759132a52f6355f0301deb0b0962b3b3916f5a0c89026b69eaf9e3c2
SHA512e3f197e6be283e76bcfa29db06903de05898ccf6e14860ef028c2e03f7b6ddb1a889c3e34b6eef86ca9acf16dc2a685d51a4c0f4d082b62beba073a68e00f2a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588ef6a71c8fc74e207023afe3b3112b7
SHA14f5d2f1dd3cb673a0ab75f7f43a145a73dc74c00
SHA256838b9699b4e56fe567acbbe9ca9dadb7c7242c8c0fa99fd0f26e475a34ae43b2
SHA5121f1620da1efbc6fb6619781ccf3aa62e0895a4162da98b12ab51d4cd9d082b8e0fe04ad296df82433967bfce6be8262475461987a6eaa13b20cff9d95d208a2d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
161KB
MD5be2bec6e8c5653136d3e72fe53c98aa3
SHA1a8182d6db17c14671c3d5766c72e58d87c0810de
SHA2561919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA5120d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff
-
Filesize
606B
MD51ccb3f10d080413f498879f0989421c7
SHA19e6e02e8e31c2d143b2e3b79310b24699dc88848
SHA2565458b44d0634d1f133a7c9594c84dacd720c62ce563db5fe9f4ec48877ab4d3b
SHA512e732102d5e41087d0168631dc796a2bb040b845fee313bcbaa12cd0cdf311ef63ec9704edb24c6edb421b309d61fa1769fc31586b1366d3980c5002ee09a6fae