Overview
overview
10Static
static
10TekDefense.exe
windows7-x64
7TekDefense.exe
windows10-2004-x64
7index 2.html
windows7-x64
1index 2.html
windows10-2004-x64
1index2 2.html
windows7-x64
1index2 2.html
windows10-2004-x64
1index3 2.html
windows7-x64
1index3 2.html
windows10-2004-x64
1ransomware.exe
windows7-x64
7ransomware.exe
windows10-2004-x64
7tekdefense.dll
windows7-x64
10tekdefense.dll
windows10-2004-x64
5Analysis
-
max time kernel
86s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
27-03-2023 09:37
Behavioral task
behavioral1
Sample
TekDefense.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
TekDefense.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
index 2.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral4
Sample
index 2.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
index2 2.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral6
Sample
index2 2.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
index3 2.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral8
Sample
index3 2.html
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
ransomware.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral10
Sample
ransomware.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
tekdefense.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral12
Sample
tekdefense.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
index 2.html
-
Size
536B
-
MD5
d8054b190eeae6c777bb693dc14ce497
-
SHA1
1b7aa7a0b6d0126ed4e2771a89ffbcb0f1e50205
-
SHA256
69392b73c989af987838d132fbe17bfe6b124917074200897197c21f6ff51716
-
SHA512
351ad20ece4d3155fb7045a3a20de33276d76f934c88d538f86aa5e7f419a2bd1253f870e5a9e07a46c4657149dade9b93fc94c3e0d04ca565082c2ad18ded39
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4014ca96a060d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe3000000000200000000001066000000010000200000003bf57bc5063629698415569152dd1f05138279fef5d78d86c07fc6be96db5021000000000e8000000002000020000000057013e8a07af7519e4880be9729c62da59eb25a91bf5edcb182f232db79839f200000000fb555eb61481bb8c0ae8b4db3ce78648685fb798f392f12129e4b4b341499a44000000026fe9770e9bede20495cb372c1ebace3ed280cf11b6b90cc6686e35121b213fb7a02522c4e1cf4f335fbd8e8e976c0273d142146c077b8a8e280a5f0030c9876 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31023264" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2520766737" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31023264" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2501547700" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2501547700" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31023264" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60bcbb96a060d901 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C0138A60-CC93-11ED-9EF6-5603A1288413} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "386682023" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe3000000000200000000001066000000010000200000005e67dcc7d1af34ce931f62f7da723328886338e0191dd9bd833b31ebd9b6d083000000000e8000000002000020000000f7dcf8107e8fb950ac3257c05c7885048967d802996015c7208e6cb9d379290c20000000a78d1bf7c54d110be0496dd01f79d5e17e1e6a2da1457c3fd9f333fdd7b2b4c640000000eb0229950ec93ae16c518b93eeb4612f1bfbe68f79c1b54bfc4b04d8336eacbc2472d90f54d58385ec8c41e9be05d91753ad5a029079248e8d1d6a4cae850887 iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2252 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2252 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2252 iexplore.exe 2252 iexplore.exe 1504 IEXPLORE.EXE 1504 IEXPLORE.EXE 1504 IEXPLORE.EXE 1504 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2252 wrote to memory of 1504 2252 iexplore.exe 84 PID 2252 wrote to memory of 1504 2252 iexplore.exe 84 PID 2252 wrote to memory of 1504 2252 iexplore.exe 84
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\index 2.html"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1504
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5f9eeb08fe84bc838ae6ac49893015c9b
SHA1529791696d3d8044dfb4dc0bbc5df47b4f5ed1a7
SHA2568effa7195753f0aa5c991f18df5866aed1e6688f8e484e47b6ecde0e2916d958
SHA5127f269c53a566998c1e3859eaaf96272224326e8959c86ad381869c2ebc6039518f74f3e4cbb71cb14d476ff4066d86705647fc60a0724f20ae07b0e1a51a3a4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD57de808af0d195d2620440c7fb6c17bc5
SHA143e4dae9a579836c6ab7e4d6e193ef070691d0c4
SHA2560ae76cc27328098f748fcd2118a4c48fe83de7296acfe710077157519474c34c
SHA51216a9463e26ce84139907937a667229a6381a284d5f0b33825b0cd16a33dfc744b81287b26a4f3e7a5b5c8f9e61079f2b07b6b864d84675fee0874cad5158884b
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee