Overview
overview
10Static
static
8bcaa3be9-9...53.eml
windows7-x64
6bcaa3be9-9...53.eml
windows10-2004-x64
3Gmail_2023...09.zip
windows7-x64
1Gmail_2023...09.zip
windows10-2004-x64
120230308_6...27.doc
windows7-x64
1020230308_6...27.doc
windows10-2004-x64
10email-html-1.html
windows7-x64
1email-html-1.html
windows10-2004-x64
1image001.png
windows7-x64
3image001.png
windows10-2004-x64
3Analysis
-
max time kernel
135s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08/03/2023, 09:16
Behavioral task
behavioral1
Sample
bcaa3be9-998c-1804-d50c-a213fe6a7553.eml
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bcaa3be9-998c-1804-d50c-a213fe6a7553.eml
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Gmail_20230308_676926_009.zip
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Gmail_20230308_676926_009.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
20230308_67941_0027.doc
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
20230308_67941_0027.doc
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
email-html-1.html
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
email-html-1.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
image001.png
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
image001.png
Resource
win10v2004-20230220-en
General
-
Target
email-html-1.html
-
Size
7KB
-
MD5
af52b3b43d6a5e8c9fd2b49a1e6089a0
-
SHA1
48d6fa01093120c2f8937bf0d32c17ca3a8de201
-
SHA256
0109ad6284b8c851f80318956877e5aad38db7eed1b346934c13668d41af7f2f
-
SHA512
5e2363cd33ac088fe6a33b1d906f126e7c390eeef95ea77598a1ebeb05e92fe18ffa090d29b03fe1ea0a7b3dd85a674480c546c873e15729678869522b6b29f2
-
SSDEEP
192:9prJ32fQeXNyvoPVquvRIQjCTI3+UmScFZ:Yf3XNyvoPVquvSQjCk3+RBFZ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5A50B51-BD9A-11ED-B3D2-F2C06CA9A191} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c8a3886e844ee04ca528537b5bc45899000000000200000000001066000000010000200000004982c04c16054d7c08ebcc9eaf5490b3cad53a6f23df664c21dbe63575794bbb000000000e80000000020000200000007360ee70057961e0bb88aae2c8f742895f292cce67a7f4515e25b19e3de220a220000000ab699618e3faf689b49a4f29987e4b15404d74d3f8534937769c3ec2e306b11c4000000066e9c783e3add6bfa61a830d8b613e308f9bd7bd37e50f42188323368eeceb788666b947554a6ea8d6231ddb8059020905ce29121088eff72ecdf672314b94d6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "385035798" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a56caca751d901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c8a3886e844ee04ca528537b5bc4589900000000020000000000106600000001000020000000c4c07ec7d4647e070d13a987819ec431f69a6d57fae656f8f7a9f91c349d02a9000000000e80000000020000200000005164af9b1596c443f5d4d7653930a0cf5d74d1ad7cdf1626ec2c37f1e061c4f69000000093c7d933e149743518109e9ee475ea27f7d00afbcf4d91413c647fd941c7940abab2e5d8bf7d18cd3caef661b045a2d57dbe17692dd6e50af5a0adb7222896baee53739ba3f2d75f30375f98a89148687eec9a2621d3886cd5385a7c0f7d52dbe1a18d481ef844eacfdb25a74ff760312278214baf079213dfbe87157f92c4603355ae420142b747eafa836cc051738940000000e86540c37e1d512acd65ac42d1a1c19a87d2c19e16ccbb8b41c92f34ee7add51b71c7cc25b1b2d6ec0dedc85c60c5a1a1df24dc3dba2e8dc2eb56008efb2fbcd iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 932 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 932 iexplore.exe 932 iexplore.exe 524 IEXPLORE.EXE 524 IEXPLORE.EXE 524 IEXPLORE.EXE 524 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 932 wrote to memory of 524 932 iexplore.exe 29 PID 932 wrote to memory of 524 932 iexplore.exe 29 PID 932 wrote to memory of 524 932 iexplore.exe 29 PID 932 wrote to memory of 524 932 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:932 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:932 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:524
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5e71c8443ae0bc2e282c73faead0a6dd3
SHA10c110c1b01e68edfacaeae64781a37b1995fa94b
SHA25695b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56c5f4008b7d8d3165dcda6845ebfa4ee
SHA10a5b7f36687585cc1928fc393d511946dfe95992
SHA2565155ef7e86a53da64b721c02ceba61da95b10882fabc111c5531511dcd9aed20
SHA5120cf80211eb02ca563d1c00b4d6da2ebc9bf8bff82cb466e50882063d0926f7a6465d38b5d128fbe4ed91b9ee71b22555e769cfc0a5d8a997fa6bc0e5fc6fd070
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b4f22ead90045d08651f38dd5a3b92a
SHA13c6ef25b4df99060de4fecc83e0ce7514457d8c9
SHA2569d6e45730b1f4fd743d451afebb89041d3fbfa6f463d7485264b5a71382336f1
SHA5127bc18daf957ca530d696ed404aa54dfa225d0d73f7063284e5923e9a97001b2a1d28f2de82d1c311456c380acfb2ce620eb6f86d50da1afbf701eb8b6605616e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573dc40208361fab6971e72fe9e4947e0
SHA1b50b8f134864c29aa5c80542695132228a9f3d7a
SHA256e18adbd155bde1e2883e8326e2bdfcb8c2c64715245e0995325900198b4dce2d
SHA5124983f0a0f8b06d8219713615b21c9e966b373ae8c8a3d44d3733152ce88734eb16adb6ad52c364892b5723e7e796c8291e8d4ed84c47944939f1e03273a9ed6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5901cc0fdee9181c65cd39eff1d941973
SHA17e87657fa4300bf031f5eefe4912313f91a40eb3
SHA256fcce04a0ba43652f094588b3bf58dfa0b940df68ca9fa1b266a741f32049baec
SHA512c1298ab58136ed980ee35e69d71e89edc0a2f7bdc18df4a831a2b1c8439cebf368b4a1c6f6a284567e5a0f9904efbbb601abb096598184425db5c12306240c28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5223f58550766b2a9f2a0c67ed760412d
SHA1f60ae7576002b0ee3df592a5d62cc16ad1be0104
SHA256e9b1eb8d81693e0df49043b5e98835c759e152d50fc65c3f1dd457e150865f0d
SHA5127c75d94dacf2879ca2c4d562c13a51d68da95b5fe7d357c331b7f8b98bb2a13a4fa00cc93411ce71c2d4fb7a18462cdec0cbadaf69f548c20a7c944552a3cd83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51fb8aac7e74a52df80ead7cf74f1e3c6
SHA169d66075a281a665b68af5184064babd2ff0e40b
SHA256a39f335586723d62754f0d909eaf9c98595e34a24304c9a9437d2ea2c064e0af
SHA5125d544a60b2cce4cb9f44a904c9f1d9ca1cd8ce293aec0a8e7fd185981cb4da015c91f8f947ce16afef559f42a98f946f2587524ce7973901431eeaaafc8c16e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5244527499e61d79e8ce975490c420d78
SHA15d6efa6cbe4a393bc981a6d0d18e33fc9f92d63e
SHA256f6a8404b142a0b93695a482c62411d5c555bd6aa40ac200c7ace309286ba1d63
SHA51274a3001f6e4f0eece881aea9fa3034e1cc16eb0b556872226d555b50745afb0ffeec184ebbb2ff42694130e250d2c511f7715d95cf6eb97063975c150108bd7b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a35ab5e65528f332642968b8a8c089bb
SHA118130527279075c8c8193958aba23d72223798f1
SHA2568fdbeb55b02108a0bc4c59b86e5bb98c063b489162881fc7f754cdbfb424a681
SHA5127d7ae56c4fd171b7f8e8f6903f407abc9b99895f82d6b0ba8b32b4234e1d250148c183e1000153f43dde46152f686c919a7a1580ceef9e1c1de9d90f9b9f6cea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da4fccb1f0dae4d7d784dd8750eb50ad
SHA1f7e3ca51cbfb8a17b3b01e6e8f4c0a43cfdb1b59
SHA2562cba16bb572a66039ddf055db4044fbe71aed0c655f3fda0fc918f668ac49aaa
SHA512961afff88b9357a04ec5346c924637eb56ab2c5a7adc3b434394c3437e0beb80e7b74e85e40dbfd50e44f76b967c11447bccaf1e454d240859dda99e575f6bdf
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
161KB
MD5be2bec6e8c5653136d3e72fe53c98aa3
SHA1a8182d6db17c14671c3d5766c72e58d87c0810de
SHA2561919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA5120d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff
-
Filesize
608B
MD554c0e4da06c36bcfa6d80238ba4ab0ea
SHA11dab0140fc0c2fae0872791ef70b06ca435eed68
SHA256156b40eeb4cd593074f50f058b51441b02dd29cefb4dd6db04a5fa6c36471ce2
SHA512844bd5e704a85371ba4e139bb185662057f546a54e2738edc11136b854526d4d019fff79d417709306986f9c1454c9d68cb850e9681a363bb2166344f9ee914a