Overview
overview
10Static
static
896afe1c2-c...ce.eml
windows7-x64
696afe1c2-c...ce.eml
windows10-2004-x64
3Rep_97915979.zip
windows7-x64
1Rep_97915979.zip
windows10-2004-x64
1Rep_97915979.doc
windows7-x64
10Rep_97915979.doc
windows10-2004-x64
10email-html-1.html
windows7-x64
1email-html-1.html
windows10-2004-x64
1image001.png
windows7-x64
3image001.png
windows10-2004-x64
3Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08/03/2023, 08:44
Behavioral task
behavioral1
Sample
96afe1c2-c772-4f3a-bca4-80606734c6ce.eml
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
96afe1c2-c772-4f3a-bca4-80606734c6ce.eml
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
Rep_97915979.zip
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Rep_97915979.zip
Resource
win10v2004-20230221-en
Behavioral task
behavioral5
Sample
Rep_97915979.doc
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Rep_97915979.doc
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
email-html-1.html
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
email-html-1.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
image001.png
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
image001.png
Resource
win10v2004-20230220-en
General
-
Target
email-html-1.html
-
Size
7KB
-
MD5
b571305d4066b0a0af515016ab53fe5c
-
SHA1
894f5d8fde9bea13ba2751e61f77b55b526da2f1
-
SHA256
7ea5ced2ea813b1a4e99e59dca9cd41d4982c3cd2037c5aa45c74006f2dbc547
-
SHA512
cef7c2c3970c0f33febbe5d77e4ffda7e200ff1ca001d811d00b13eabc870eedd506b48c8c6891a846fc6595331ed4e98e19dba4d146ffd7668bb87ab69a02b0
-
SSDEEP
96:/v32fQFMSsSGSdSeS/tSItSgMiS/UBSeS6wGMSrSmHiSCTqH1cM+UqH6SMheofk/:332fQeXNyvoPVquvRIQjCTI3+UmScFZ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "385033782" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0079efba251d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{24856761-BD96-11ED-BB59-EE84389A6D8F} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007837404bb2ac374381d657b4bfd4f9e200000000020000000000106600000001000020000000b330e873d9302154c9b35104589c955b07b55bb170db6acd7da8070155be9a6c000000000e8000000002000020000000ede069cc4bc9f85698a63553b4b4a7d3b3817bab5fc2cb3b98d38838257c1ca090000000a8f19c9278a8b3d754005d326fe4d333e5f359200d30fa46a5caf837fa8259b8fa95cd7f4377f4d7bf02d601d383112bcd400afce265933ca8de8bb247b0a12e5bcde0e4b67a258c2d39288c24a50273c7bc44df7f61424c59965ff6e123fb3c2777304ddcab45b11713f6c495fcd805b99fa949ca78a637022297bda24d2303ba34b8ee471e1bf86d5afe8a62f06ef5400000004abe188e2b74465c3ebcb957a414572b6f6064c90e3ebdf2dd817c133a567d1088edb49f4eb0545eb7812cbfb14a99883dbfc865cf95f88ce2bbb98218e56fc4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007837404bb2ac374381d657b4bfd4f9e200000000020000000000106600000001000020000000e9cdf30bd8a617c219ad7ff28ff2b33594adb190069ae990dd5c29e92ea43952000000000e80000000020000200000004ee9a0365d968897a513634cf4e1cbdba00985f20dfd50ac17e185312162456520000000499ae3c4a08b49dc08ae66e6d6202def885af2628a787d5898e90a876931a9e0400000000559d4f22177716a68b1aba36d1147bedb466a999f0ffdb086255c6a365061a8021f964dd7e4668dedd31d1718f5073541750cfe31f0f0e90b871b9dc6525906 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1052 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1052 iexplore.exe 1052 iexplore.exe 684 IEXPLORE.EXE 684 IEXPLORE.EXE 684 IEXPLORE.EXE 684 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1052 wrote to memory of 684 1052 iexplore.exe 29 PID 1052 wrote to memory of 684 1052 iexplore.exe 29 PID 1052 wrote to memory of 684 1052 iexplore.exe 29 PID 1052 wrote to memory of 684 1052 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1052 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1052 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:684
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5e71c8443ae0bc2e282c73faead0a6dd3
SHA10c110c1b01e68edfacaeae64781a37b1995fa94b
SHA25695b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589eaf8bd9107a7f6a33c744f659357c0
SHA1495fd0ab6434364c9fc62d84a610999f94e71c23
SHA2563adbf3a37d7c98a6c46b97194e9f60bfc27c66e6751438663b578231264f09dc
SHA5120089cb33aee149cfb0593380a30271c57b56583e4865a9a97841e0c635f0e84fc0e920d6c414e49cdfba1d662f4239ff8b0e426c910cf6765fb262ffd361b4dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507a15a37c1364f5848c60dad195a96f4
SHA165062bfb9b36229a50a50548f7f3a59f8b97f329
SHA2564607a38ebb4aea26f143d2ecec613352a1ca826e6bfc2b3e4cfda300533096c9
SHA5129ae473513dda458ff1f6788f63fb2cc2b9c363911fccf828aa8b5db85ea7b752f717968850671470f29e36a906e677413ca1b13387aaab26081642d534941e42
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5960eb7a1bcf98c16f6f34f4d1de06c
SHA19c12bf81ee1fd9180a7f7134d22c801fd718efeb
SHA2568d054f11b19e3cd269f430c1debd8f42b2992a02c8764ed74d2284e683ad8ec0
SHA51294820b19f70b08c688591ddd0162128e0d56a6208d53ce9d6758c2d60bbf62830c00ce94189e6bc1fa21af0eb787d368f7a8d45d5f1af8c42ec7cfb17ed96d1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b2500d68dcbbc6d4aaf1d8ab7f686bb
SHA105deb48e5f5b20485fe20b88a74025f57c3d4bca
SHA25612d22cc717894de9a6ee88141a216d55578349fdc2ded3320411b2b93730c15a
SHA5122b69e8326ad1713147ca80fc8ab25d56ec36ccf25ff39674fa3bbb9ac56cc2c0eb1ad34261c1bd1e92f419c1de5046cbb8f904a63a224e5fc8773ed55dd26fc9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a039dae7785baf837624173b118b59af
SHA1bcaa26726c1c30d794c2affc4785c03b491dca0d
SHA2565e3f3e4e45acb8aeb9d5eec39d543451940b6494d56c2a0106228905168b84d6
SHA51252028e9969545a4fecdfcb6f197a6da048e10a02a3a27b7c0d39889c0b83a1778506c66a1891d4c4c9bc1559770c18315fc3ce01ed029d42dadb4c6c38e1b571
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c19aff12b3dca15aa4e8bc30f97256be
SHA12b0b5c14bb5c23f86b122874ddc5d8b84f800b02
SHA256bdd9c25a0c21c8f248c94a01a97974b4bfad6ccc5f9de35392d3bf1a800e7771
SHA5124d88ea9253c142dcc679abc8cf437253be6969526c2ec3cfdb54d57d4231358b75536a1d96690a1cf5a8fe49e12304a4f72d3a35f22cb002ddbe2b5a004fa5b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a0f66ad55108dde9fd3fa595d0d2a72
SHA1260bbef511d67392feb0b491139e128fb31bb62c
SHA2563b9196cc50d5ac0ae5f1f62d3db2eb8f237189806f0cd2ed3655bd220915cbbd
SHA51221feba869458f910222f1b8fa21b87b0634bc57c104ddb59a51baa501b589a08b6c21cf10f6e59f41131ccde70b9a5364808e5f6ee53031c2d9b2a80106bbdb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51fd4fa200a91b162022d362186497b52
SHA18e705f7053c7943d7d3271c3a9f0d8a3155cb4b4
SHA25698cfc337b98bcb57f9684271aad2eaa1ec4e56681258d147c22de338cfef0556
SHA512b2a205dee493090443be7837d6ee5c8e6280ba1316793d10e3223f15d8d5c8e9079c4b21e61e50d58c860eff5caed5eeb0e6f75021f17a53a2b25dd1b0ad187d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
161KB
MD5be2bec6e8c5653136d3e72fe53c98aa3
SHA1a8182d6db17c14671c3d5766c72e58d87c0810de
SHA2561919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA5120d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff
-
Filesize
601B
MD54bf27cf657b2c6b9023e08f5b90cab0c
SHA14ed2d91e408e9e8c00fae8cd2d17e6445e995dc8
SHA25649492d8c2de4914df81fe79ae93834096c35c5642f00f967bb386d7ae60230bc
SHA51219776a54694a7883166df8413a1c2fa0fd6121f17389d6895c619c0c38b5d1169d77a9206e075665868d7db034af9736bc3052a236983accad4dbd2d135067ef