Analysis
-
max time kernel
136s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2023 05:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://areaclub.es/
Resource
win10v2004-20230220-en
General
-
Target
http://areaclub.es/
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038902" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008321d41d7d4be64b8b9f0d6d56908d8100000000020000000000106600000001000020000000c093081c05a45302c6b6c01a174df4af3a583304d5b7ba6e4046f6ca048c3cf9000000000e8000000002000020000000b4262a0741c8f12f6867386921f8a4013056f77bb30226a93e26a7cd4b598b742000000088922d0cecedbf2b542932b98c0a16b9f4a8dc2d0faf715aa1ce1b5d09b1fa63400000002d48231637b94ba6a7a2379f2aea55caf51e097055c403cbd88d707df575fb9b0d9bf6068b5f2a08ca3a473df624bf1bdce5449c36761407997f74c7d73ffc6a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "603860764" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "713547723" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40038850b69dd901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30119450b69dd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4E637805-09A9-11EE-BDA1-4E89871AD1F5} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038902" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "603860764" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008321d41d7d4be64b8b9f0d6d56908d81000000000200000000001066000000010000200000001883d6bbb197da792b4bfcf8f825f5ee4905e0042768199dea3eef64f3655ca2000000000e800000000200002000000006cf92b3184136db63cf14ad25b982f46e6d5a7b0e316bbacf9704e7ba0d91e320000000fa4a13fbabc51125165d95510a0c461d40a380ee4d9d60b476c946e1ac93c74040000000aeb653cfdee5793aa7ec419ed256290e9b67ccb09f299f83c3d71401edd4015d00c440d52dc092fdbedf0c94cec47f0244942893916cf3ff05fbec432d371dff iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "393398314" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31038902" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4928 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4928 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4928 iexplore.exe 4928 iexplore.exe 4648 IEXPLORE.EXE 4648 IEXPLORE.EXE 4648 IEXPLORE.EXE 4648 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4928 wrote to memory of 4648 4928 iexplore.exe 83 PID 4928 wrote to memory of 4648 4928 iexplore.exe 83 PID 4928 wrote to memory of 4648 4928 iexplore.exe 83
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://areaclub.es/1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4928 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4928 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4648
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5f00c651bd023e439cef538cb61938602
SHA17e49f7ce3c00bde7692a5fd85497e1f60b1f616e
SHA256ac671834dcc3d8ef96272da936597334cccd7c1106beeac5919e6cb308f9bb66
SHA51291ddece9b7c3fe2ab0d9b4891fbe522f344b58fedf99b5eee0f06e573770dfb96d69c0727102b94a22d34a671fa28cd51d90e4fd35b28443b260195a9ce53de6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5f1711f73b3340a2287ec68c9c7ac7402
SHA1089d7e1831aba3e7f638ff4a7920621ee6da68b1
SHA25613e2107d688c1ea2b5225a6f055ae1c72dbf78ce5ec73ff48bfa4341c3e18edb
SHA51228c01c3d7bcc7389658a188bab12f57f2fd63d700586cc6956b6b9c6ce9005b4c6081a9c33108eb21923ad031dc75ff01f36740e2d4953def364432fb428f722
-
Filesize
13KB
MD5e90279f65b48b34848983a37b53c6ebd
SHA12fec73df5a66bde77f34828a69ddf3f07f761320
SHA256a0bd115ef1265d229d602a308d893c46d42eeb86e16ebbb1e64892ca91dcd449
SHA51226c384c6b6eac9ed7dbe6593a90506fcb237568f08628089efb1a719c334219d8ccb7bc85aba61b89919905c765075a68bdb62fe5f28e0122df4ab0abc729ff2
-
Filesize
27KB
MD5ae55f24399c656d969bb12c491264fa8
SHA1a11ff16dbcbcfc1d71a38cbab41dafb69af8cc60
SHA256e43ba591914c5fb3916bcbaf7a9612e0c12d2634be5a0f20bb50acc4c7541cfa
SHA512cac5c3819b0610cbfd2f2890d2fde5ad908e976536b70972f719f6dc603203fc8e7eb6a99ec8ee3dd2e0d627edb271731d6281e279d36594cf25093a081972ab
-
Filesize
28KB
MD5c988fe4f09a5c979d465c57f16f56260
SHA1f34d7ec9fa8aefc36c2fe959688dd208b02cb78b
SHA25624aeefefe68aaefdbff53da259e4d058ecb4116b347d6d500ad147f254556595
SHA5124ce114457c7f407162e1dff73620bb17164340c188070eaf9970fc02a52910c1edad73b59348d0e5dcb244f6909de499e9c20ebeac66cc18db845ed04d0269a7
-
Filesize
27KB
MD5ce0611fe3d7749bcdafa25875f5f175d
SHA1550d01a6902542ed18dc5923cfe4887cc5b34167
SHA25668c1b0f2196e2c2950f62692a0863321e036856d31d3f007fba0a24e2c646b59
SHA5121c3506c7a341d1cca345cf579c1f74e2364f83f766bcef315e6b7adf701a390fda27065dc1be98ebbc6351bac8b8dac9078f250f8184e8d293fa5ab53775a035
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee