Analysis
-
max time kernel
83s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07-06-2023 02:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://mediolanum.natflix.ca
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
http://mediolanum.natflix.ca
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral3
Sample
http://mediolanum.natflix.ca
Resource
android-x64-20220823-en
Behavioral task
behavioral4
Sample
http://mediolanum.natflix.ca
Resource
android-x64-arm64-20220823-en
General
-
Target
http://mediolanum.natflix.ca
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "392868830" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1563677583" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1563677583" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31037669" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1575866455" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10309d5fe598d901 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5062855fe598d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{88622CBC-04D8-11EE-9156-6A8031F758F8} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31037669" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31037669" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b2782364d6ec3948a4a1df3f16f73ba400000000020000000000106600000001000020000000d5ca57f221e01775cc1429ddf8d98c75e64a9e5ec053af6d4283b22bf30a078a000000000e80000000020000200000003195eb637a64316a98bae0b67934a19114cf2cbaf8282f247decc0b89250c4ad200000002479d076b40ddb22f880d9edb7ee204246be3a61f5612533a679e25aab8ecd0a4000000044b3c039779bf2e0f42dff2c5be64c01a38837943d6b0ad02f1db5a392e89521aafa963c2adb64b578642aadd41ee730ad44d8cc8098317dcac6fae3d1c97b63 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b2782364d6ec3948a4a1df3f16f73ba4000000000200000000001066000000010000200000008aab1f7526390c508767fdaeddff519535e866b724f0c338464e79fb5260c347000000000e80000000020000200000007a5f42492ba5c748b300998c7a3aa83b7a04610f5675ea0cf329180b643f2c8c200000006e7310f4bc7189321eed049aaf3d3284178b5cbf7eb49c217aee956ce5ee69d440000000c8890a15f603b456df2118eb606b8d3868bc6293cb3eaf0eff990e2198c449f0f0297d424ec95aff8e39f1a4a760b5cb83d63f880a7d50f4397847f54ba254e1 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4556 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4556 iexplore.exe 4556 iexplore.exe 3968 IEXPLORE.EXE 3968 IEXPLORE.EXE 3968 IEXPLORE.EXE 3968 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4556 wrote to memory of 3968 4556 iexplore.exe 83 PID 4556 wrote to memory of 3968 4556 iexplore.exe 83 PID 4556 wrote to memory of 3968 4556 iexplore.exe 83
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://mediolanum.natflix.ca1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4556 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4556 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3968
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD50a18c4e5d48519f11d47e21d48beb4c1
SHA1ef72edf3da93c8438e33829542296d86b9608d48
SHA256572990d6df4be97a68222158083b64bc4391b26347069435b00407b3fd1d0e0e
SHA512d6b78a5a080d0339a58a490122c80165dd3cce9ef1aad17e6363814859116c91a05142a5b8a7de4cbae658c9cc754dbbc1c99f96f139a17303db3f749ab6b7d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD53d039b1fb5315e4fd33d752b30881b8c
SHA10dd9e56f65129e135912005ae34e415a274891ea
SHA256e86699f8f3cc9c05c2f9ae76543a302eb230b7f912568f0b3c45ae49b3281fef
SHA51216f7dcac37afecca41e2a7437bda90f8b8243eb5ff31ec9f9b220b8d2ff00026a826d0a30bbb9c7df0f65eecdf67252c521e33924a961c13f8ef64b9da4645db
-
Filesize
16KB
MD592a725f14336af62be0de6e39fb8cffa
SHA130ebde9b69f0f85d1c5bfcc45a29fb484e6af0c7
SHA256acdb3369f4fad74e3654968e37b96a9aa6502150e0fbe5a8319537bbe37e09c6
SHA512043a2fa0d01eed3ddd5af5b326b6a8a6384e760ad5962ea0e782c28c89094cb98e485d1d9eab871cbcb053a3a15b8c851e82484ec7f80635c2eb15f178138536
-
Filesize
16KB
MD541b45fdce09bd6acd07c7a8949da675e
SHA1931e18dfc6e7d950dc2f2bbdfe31e1ea720acf7c
SHA256abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd
SHA512a650426e681161f3673d5e56c1f6c45d609715f07e85b3a3b2c610d293fbcb04a882ac9f92e65977a7145ef45035d08870de3ab6ba331daa2ee2fb4b1ce83296
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee