Overview
overview
1Static
static
1email-html-1.html
windows7-x64
1email-html-1.html
windows10-2004-x64
1email-html-1.html
android-9-x86
email-html-1.html
android-10-x64
email-html-1.html
android-11-x64
email-html-1.html
macos-10.15-amd64
1email-html-46.html
windows7-x64
1email-html-46.html
windows10-2004-x64
1email-html-46.html
android-9-x86
email-html-46.html
android-10-x64
email-html-46.html
android-11-x64
email-html-46.html
macos-10.15-amd64
1email-html-50.html
windows7-x64
1email-html-50.html
windows10-2004-x64
1email-html-50.html
android-9-x86
email-html-50.html
android-10-x64
email-html-50.html
android-11-x64
email-html-50.html
macos-10.15-amd64
1email-html-51.html
windows7-x64
1email-html-51.html
windows10-2004-x64
1email-html-51.html
android-9-x86
email-html-51.html
android-10-x64
email-html-51.html
android-11-x64
email-html-51.html
macos-10.15-amd64
1email-html-53.html
windows7-x64
1email-html-53.html
windows10-2004-x64
1email-html-53.html
android-9-x86
email-html-53.html
android-10-x64
email-html-53.html
android-11-x64
email-html-53.html
macos-10.15-amd64
1email-html-54.html
windows7-x64
1email-html-54.html
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
19/04/2023, 05:35
Static task
static1
Behavioral task
behavioral1
Sample
email-html-1.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
email-html-1.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
email-html-1.html
Resource
android-x86-arm-20220823-en
android-9-x86
Behavioral task
behavioral4
Sample
email-html-1.html
Resource
android-x64-20220823-en
android-10-x64
Behavioral task
behavioral5
Sample
email-html-1.html
Resource
android-x64-arm64-20220823-en
android-11-x64
Behavioral task
behavioral6
Sample
email-html-1.html
Resource
macos-20220504-en
macos-10.15-amd64
Behavioral task
behavioral7
Sample
email-html-46.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral8
Sample
email-html-46.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
email-html-46.html
Resource
android-x86-arm-20220823-en
android-9-x86
Behavioral task
behavioral10
Sample
email-html-46.html
Resource
android-x64-20220823-en
android-10-x64
Behavioral task
behavioral11
Sample
email-html-46.html
Resource
android-x64-arm64-20220823-en
android-11-x64
Behavioral task
behavioral12
Sample
email-html-46.html
Resource
macos-20220504-en
macos-10.15-amd64
Behavioral task
behavioral13
Sample
email-html-50.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral14
Sample
email-html-50.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
email-html-50.html
Resource
android-x86-arm-20220823-en
android-9-x86
Behavioral task
behavioral16
Sample
email-html-50.html
Resource
android-x64-20220823-en
android-10-x64
Behavioral task
behavioral17
Sample
email-html-50.html
Resource
android-x64-arm64-20220823-en
android-11-x64
Behavioral task
behavioral18
Sample
email-html-50.html
Resource
macos-20220504-en
macos-10.15-amd64
Behavioral task
behavioral19
Sample
email-html-51.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral20
Sample
email-html-51.html
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
email-html-51.html
Resource
android-x86-arm-20220823-en
android-9-x86
Behavioral task
behavioral22
Sample
email-html-51.html
Resource
android-x64-20220823-en
android-10-x64
Behavioral task
behavioral23
Sample
email-html-51.html
Resource
android-x64-arm64-20220823-en
android-11-x64
Behavioral task
behavioral24
Sample
email-html-51.html
Resource
macos-20220504-en
macos-10.15-amd64
Behavioral task
behavioral25
Sample
email-html-53.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral26
Sample
email-html-53.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
email-html-53.html
Resource
android-x86-arm-20220823-en
android-9-x86
Behavioral task
behavioral28
Sample
email-html-53.html
Resource
android-x64-20220823-en
android-10-x64
Behavioral task
behavioral29
Sample
email-html-53.html
Resource
android-x64-arm64-20220823-en
android-11-x64
Behavioral task
behavioral30
Sample
email-html-53.html
Resource
macos-20220504-en
macos-10.15-amd64
Behavioral task
behavioral31
Sample
email-html-54.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral32
Sample
email-html-54.html
Resource
win10v2004-20230221-en
windows10-2004-x64
General
-
Target
email-html-53.html
-
Size
106B
-
MD5
e44de33b775a6ca866776145aafd3c78
-
SHA1
a9079dab1e89170b39c1da665c53e733b00c498d
-
SHA256
efd4595fecc095473a8a523dc934dfcbc565075ce46a4c662563112f0f878839
-
SHA512
a54a60a1b1f2e04fcff54ccc8641bbe5d0aaa1d1395e7ba515609afe36dbab28a910cc7522abfc8c2f7afd18914f27f0210fc6046aad8a04912ae09bc05a6bdc
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31027857" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3179787067" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31027857" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a97000000000200000000001066000000010000200000001fe7e71ab76d5eec1a11c7d5dda73ce3b8c72348840c4cc80995f4d677274f32000000000e8000000002000020000000bddc855ce76a82cd91f6c5a816d3e5bba432c3a489be1a10b91e6322b69b2a6020000000f6f99a6dde5277f0615ef78d9d9583e8ada301c190406716eeaf2a83cce1aa8440000000ffc7f5c66171772aa63ef73d5bc3e73b833061b6501c171fcf287b149a5ac060d6ed79e73aa3bce6d8d4782f4326078fb2dc5e9f7d590fcb85d6de829263d6d7 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "388654770" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E8A3F5F6-DE84-11ED-ABF7-C2E0088FA829} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0878bbe9172d901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09a9ebe9172d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3179787067" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3193069143" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a9700000000020000000000106600000001000020000000cd584935f3e08a87f5d17cfc1bf457905cdca965f55705adb8e5580e2c1a1cb1000000000e80000000020000200000007270cfa0ebfb55f9a812751df5d003faada84a07eed04262ea5dc517fadb38962000000055abc78faa133a8ad15729ce4a519030890a8962a6b41739ef49d7ae893ad1aa40000000b41fb1d7a455aa43063782421ae88a8bfce13026f5ccf9ca53f2157dfb0dc00a9431e952875127b7c75c65db8a7b336f86dd2f750c247a72a2c4f4c7163e0f46 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31027857" IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1968 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1968 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1968 iexplore.exe 1968 iexplore.exe 5000 IEXPLORE.EXE 5000 IEXPLORE.EXE 5000 IEXPLORE.EXE 5000 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1968 wrote to memory of 5000 1968 iexplore.exe 82 PID 1968 wrote to memory of 5000 1968 iexplore.exe 82 PID 1968 wrote to memory of 5000 1968 iexplore.exe 82
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-53.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5000
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee