Analysis
-
max time kernel
133s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2023 21:02
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://ipfs.io/ipfs/bafybeiebvrji6sipvpmfs5mfwn4hqeuds7hqqitij327v4biuchxty4x4e/mikellybox00_cham-eyu.html#[email protected]
Resource
win10v2004-20230220-en
General
-
Target
https://ipfs.io/ipfs/bafybeiebvrji6sipvpmfs5mfwn4hqeuds7hqqitij327v4biuchxty4x4e/mikellybox00_cham-eyu.html#[email protected]
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3326211375" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31034608" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001e935f507510d40a7474bdfd0defe2000000000020000000000106600000001000020000000d56dc376cd572e3c4bebe0a37e584a09a53e4d95f9e57af1c1247d4bae33eff6000000000e800000000200002000000057a859d051874b64f995fe0d160961f5b1e71bc685bed0ed6774445cac7da2e220000000c4f4e5a81868902f2b2649c84caf885ba7e216e833898469122668689d4417d64000000056b669844beebf99c50a72779c5c8c240e3e5b46815b36596d8a23ccfc9620bb5cb92abee8b0b188e7ea94922deb3bc79a684860d0d839106cb9683a589ac12c iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0d37ac9f08cd901 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3351681965" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3326211375" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 805c97c9f08cd901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F16D1885-F8E3-11ED-8FFF-72EDBB006969} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31034608" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31034608" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001e935f507510d40a7474bdfd0defe2000000000020000000000106600000001000020000000b4c592ad7807f05e967cc74580fcf95e52359e2dae7fd878c6077da73876c152000000000e8000000002000020000000add2f4e5f3ff52b95bb1d54c152a4e07c58ff82deb3e5aaa84aa634523d8c5d3200000009f092a3c75d8f89b7d95f34240cf5966bcf996f4c17420e12cf17d3efd62759a40000000bfba71cf746f95fcdea9b7ccb5a7e103b8d3eddb1a49e928dc1f122b6e1bb031949859b228c4a07a09efaf75019e83f5402f9895a6106b719537983c3b8cc2a6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "391554318" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1404 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1404 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1404 iexplore.exe 1404 iexplore.exe 3112 IEXPLORE.EXE 3112 IEXPLORE.EXE 3112 IEXPLORE.EXE 3112 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1404 wrote to memory of 3112 1404 iexplore.exe 90 PID 1404 wrote to memory of 3112 1404 iexplore.exe 90 PID 1404 wrote to memory of 3112 1404 iexplore.exe 90
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://ipfs.io/ipfs/bafybeiebvrji6sipvpmfs5mfwn4hqeuds7hqqitij327v4biuchxty4x4e/mikellybox00_cham-eyu.html#[email protected]1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1404 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1404 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3112
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5931ac31f82e01c4a5ed27d29ed4ac208
SHA13c0e857f02516e94d3086ec277790e5c2c4bebf4
SHA25625f80b41222c619107eebc45f57f927f46cdd4fc8370183857e6893015437a60
SHA512a21065c11a9054ae76793859dad589aff47cb98ed0557bdb334ef1c216038635c3b5841406a21969af77775334e316989f29195beb415f7fdd409f53b6589ec9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD56ea3975b626d7417dccf5a008055d19b
SHA17d8a37d87806177b20f0f3b3f177a7529bcfb745
SHA256e0ed94ba33705f727a0eb3005b7c374e402d0bc593e9554256755bdffabf893d
SHA5121c1835781c51da89cfb898963de6cc1a29407d3bf9c36311a022c40a8347bcf8eabb405d78e854b11331594e195a138c27dedee2cf84b22d655ca617dc4e100f
-
Filesize
15KB
MD5a83c72b64b8390a4028436f49ff9e013
SHA17f83ea4ddd19dc6870f23eaf2e43fa8d86ec11fd
SHA2569f99292d1d8b706e4ea454d244f3eb9f9a9657ae01d5ca2e682640f4ed5e1c12
SHA512c1bd82cee2a7d2ecce383a9ffd12e754e6bd2d989d8a5631566e6c169ddf7b4e5aa68ebaba4b1f53f60f4b7e37892cbb4757e0f3dadf0152c8054da44c82438f
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
14KB
MD5ea7d143efe3c01de298f9f1130e8bce5
SHA14672164fab3870dd901034abcf3d35998ac94dbe
SHA25694a9fefbbe42310c03ff1e52c1f753c21038805f632867ea78930a52c445a456
SHA512b9b76ee9964e836ea720828e77952e89ecc318d55ef5107f89c11f666c1bc0742d1bdbad0bc1cad853d93d1e150664056705ba3688544220759e9f4977800a8d