Analysis
-
max time kernel
72s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
21-06-2023 01:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://ipfs.io/ipfs/bafybeidtyfrjzjnxzkv4bykjyj7sxpakv2rfoepstukmukstoylnrqnpvi
Resource
win10v2004-20230220-en
General
-
Target
http://ipfs.io/ipfs/bafybeidtyfrjzjnxzkv4bykjyj7sxpakv2rfoepstukmukstoylnrqnpvi
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31040483" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00251135e3a3d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31040483" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "394077360" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "791566846" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31040483" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4075f434e3a3d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "839226012" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5A635DCB-0FD6-11EE-BDA1-FA48AF8140A7} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "791566846" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009c7be84c36520b4481c2c8f726ff1e5d00000000020000000000106600000001000020000000e4294259cf875866e5bf1722a6b0ac798c860c38ea3a2cbc19caedbca7bb7453000000000e8000000002000020000000caab1f42399efbe3030bdb9ff4e90476a37b4e5b1ab8ca023c6f674e13b914fc20000000fa0fe79abbbb9a0a6e09216e99cdb9612a4de5a28d01ed3013e3a83fec3ab0fe400000008e860acc933431578df074f631a92c681eda634ee434eac1c3fc8b8b925ac34545f20af0cf1fd420295483bb277c65ab00c67f3b5828845e986b112357769d26 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009c7be84c36520b4481c2c8f726ff1e5d00000000020000000000106600000001000020000000a325031b50110ab076129ca42303b24143d00fe4b87ccb82a93d6b7411cbecc3000000000e80000000020000200000006883084043d86ae688bcfe9c70cc43c74470fe051211e4cd2abe4a6aac72681f200000000d1394db3e1bcc78d0bb79af0f6870d5fbaab72321aaa290dda2d196e30cce57400000001a1b69ba824b46b389b58cff4940a596d039153d92c11fb39ba19b49f0919650cfcb163630cd84e299cc39a867a1374db1304c0c311b6c9df56ab0edc8acf512 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4260 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4260 iexplore.exe 4260 iexplore.exe 3512 IEXPLORE.EXE 3512 IEXPLORE.EXE 3512 IEXPLORE.EXE 3512 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4260 wrote to memory of 3512 4260 iexplore.exe 83 PID 4260 wrote to memory of 3512 4260 iexplore.exe 83 PID 4260 wrote to memory of 3512 4260 iexplore.exe 83
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://ipfs.io/ipfs/bafybeidtyfrjzjnxzkv4bykjyj7sxpakv2rfoepstukmukstoylnrqnpvi1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4260 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4260 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3512
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD557cdf6110f9169470652840b9ad5174a
SHA163ff540f9c2f154b5b8ab3ca0912a573732ff8ad
SHA256e735be26082eaee491597b63ae68b20a2fb1ce4a580369357525a4df60629fa1
SHA51211fdfdaa384e7e7d11a68e3b2ff4986c82ec06be6e7e56fd6e1be01994c8bf3d4578382756b72728b72bb3d0fe9f143faa2521fa5bcca6f6e719fed81f9fe96a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5e09313205611e55a9a723ee53f8a0339
SHA124bd00488c562b72bde055fa6bf239b65f6470c7
SHA256dfe910dbea87aa37d0570347746c34a94f7e9ec9e8ceff6ab4aab1e60c515e67
SHA512f6025e8063b050d585df6b056d017a8593e86b427dad218e3f6909b7de7ac18f1b8deb2198c2767473aae4f4e9303b37e49d29a3de864825fe9923dd05a694a7
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\bafybeidtyfrjzjnxzkv4bykjyj7sxpakv2rfoepstukmukstoylnrqnpvi[1].htm
Filesize196KB
MD512b0ff7bfec017f0d1aab88493547317
SHA16f82eb22f832532af389bd403d9cefbc1c321f41
SHA256e699957fa2a53eb818fdd3e611978f84e9e1a494113b4d5c2f856c2e9abb66f2
SHA5123786c63fd9e6b043d14c37f91496d6a4a62b4c156763f536da31b1f76c2ab1d3773b0414f25df9f418144dfd854dff6bb2bfd2736d9c819d4d038a672634f674