Overview
overview
5Static
static
4var www ht...api.js
windows7-x64
1var www ht...api.js
windows10-2004-x64
1var www ht...a.html
windows7-x64
1var www ht...a.html
windows10-2004-x64
1var www ht...x.html
windows7-x64
1var www ht...x.html
windows10-2004-x64
1var www ht...g.html
windows7-x64
1var www ht...g.html
windows10-2004-x64
1var www ht...3.html
windows7-x64
1var www ht...3.html
windows10-2004-x64
1var www ht...e3.xml
windows7-x64
1var www ht...e3.xml
windows10-2004-x64
3var www ht...ase.js
windows7-x64
1var www ht...ase.js
windows10-2004-x64
1var www ht...b5a.js
windows7-x64
1var www ht...b5a.js
windows10-2004-x64
1var www ht...b5a.js
windows7-x64
1var www ht...b5a.js
windows10-2004-x64
1var www ht...b5a.js
windows7-x64
1var www ht...b5a.js
windows10-2004-x64
1var www ht...b5a.js
windows7-x64
1var www ht...b5a.js
windows10-2004-x64
1var www ht...b5a.js
windows7-x64
1var www ht...b5a.js
windows10-2004-x64
1var www ht...b5a.js
windows7-x64
1var www ht...b5a.js
windows10-2004-x64
1var www ht...b5a.js
windows7-x64
1var www ht...b5a.js
windows10-2004-x64
1var www ht...b5a.js
windows7-x64
1var www ht...b5a.js
windows10-2004-x64
1var www ht...b5a.js
windows7-x64
1var www ht...b5a.js
windows10-2004-x64
5Resubmissions
19-07-2023 21:16
230719-z4frlabb95 419-07-2023 21:13
230719-z2sndabb89 511-11-2022 04:56
221111-fkt1bsbcbk 5Analysis
-
max time kernel
118s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
19-07-2023 21:13
Behavioral task
behavioral1
Sample
var www html kemhan/alfacgiapi/.alfacgiapi.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral2
Sample
var www html kemhan/alfacgiapi/.alfacgiapi.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
var www html kemhan/wp-content/themes/menhan/css/fotorama.html
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral4
Sample
var www html kemhan/wp-content/themes/menhan/css/fotorama.html
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
var www html kemhan/wp-content/themes/menhan/css/[email protected]
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral6
Sample
var www html kemhan/wp-content/themes/menhan/css/[email protected]
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
var www html kemhan/wp-content/themes/menhan/css/grabbing.html
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral8
Sample
var www html kemhan/wp-content/themes/menhan/css/grabbing.html
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
var www html kemhan/wp-content/themes/menhan/fonts/fontawesome-webfont93e3.html
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral10
Sample
var www html kemhan/wp-content/themes/menhan/fonts/fontawesome-webfont93e3.html
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
var www html kemhan/wp-content/themes/menhan/fonts/fontawesome-webfont93e3.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral12
Sample
var www html kemhan/wp-content/themes/menhan/fonts/fontawesome-webfont93e3.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
var www html kemhan/wp-content/themes/menhan/gallery/jquery.aw-showcase.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral14
Sample
var www html kemhan/wp-content/themes/menhan/gallery/jquery.aw-showcase.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
var www html kemhan/wp-content/themes/menhan/js/accordion6b5a.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral16
Sample
var www html kemhan/wp-content/themes/menhan/js/accordion6b5a.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
var www html kemhan/wp-content/themes/menhan/js/fotorama6b5a.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral18
Sample
var www html kemhan/wp-content/themes/menhan/js/fotorama6b5a.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
var www html kemhan/wp-content/themes/menhan/js/jquery.bxslider6b5a.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral20
Sample
var www html kemhan/wp-content/themes/menhan/js/jquery.bxslider6b5a.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
var www html kemhan/wp-content/themes/menhan/js/jquery.min6b5a.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral22
Sample
var www html kemhan/wp-content/themes/menhan/js/jquery.min6b5a.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
var www html kemhan/wp-content/themes/menhan/js/main6b5a.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral24
Sample
var www html kemhan/wp-content/themes/menhan/js/main6b5a.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
var www html kemhan/wp-content/themes/menhan/js/modal/js/basic6b5a.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral26
Sample
var www html kemhan/wp-content/themes/menhan/js/modal/js/basic6b5a.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
var www html kemhan/wp-content/themes/menhan/js/modal/js/jquery.simplemodal6b5a.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral28
Sample
var www html kemhan/wp-content/themes/menhan/js/modal/js/jquery.simplemodal6b5a.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
var www html kemhan/wp-content/themes/menhan/js/owl.carousel6b5a.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral30
Sample
var www html kemhan/wp-content/themes/menhan/js/owl.carousel6b5a.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
var www html kemhan/wp-content/themes/menhan/js/zozo.tabs.min6b5a.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral32
Sample
var www html kemhan/wp-content/themes/menhan/js/zozo.tabs.min6b5a.js
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
var www html kemhan/wp-content/themes/menhan/css/[email protected]
-
Size
242B
-
MD5
60a91b6c17c166f9df9fabe704a94dfc
-
SHA1
6372dabec5d08f1a7d75a3994c1ad7decd1153cc
-
SHA256
4221c95ff4501a4b53cfbc73ba20004a65ca83ca6c64ce99b57982c93d2314a7
-
SHA512
17df4452440f955523f5a13d058df5602e7d327c87a338783348d1195c728788dbcbecfeae51f169cfb9ed3c323afd4a55d6ea9a35588808c96f13c2a952da4a
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "506767931" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31046278" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "396566262" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4966FB3F-2679-11EE-A61E-D2D73DF841E5} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3026542086bad901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31046278" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "527861927" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a38821470000000002000000000010660000000100002000000009d5c49cd51b43a1e8b570dc36834c6fbee3b5b419e8da5de46ad4df5cb68740000000000e80000000020000200000001a589a44b8b72ca28ce13d586f16ad561b7cd2acc53e742c33a80e4a49b1daea200000000634a433cde3fd6392df4cc0ad5cfc269c949c48d859ac35269dfe0346dbcb1840000000079e26572d7102592c964684b0826bbda9f5f2d76bc0b0a34127c9d6eebaad42022cb095943094106987b15ac117f19684446f1a2be18d9c6a99b8cc8f8578d4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31046278" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000d94307ef4e1b3876adfb35160e054c39b6f8ac718f99b1c362cb7dc31a0d9b5c000000000e800000000200002000000098d267223aefb192a69115c4d31fb04eeba3577f07ddc095c63ca54dff48c8b62000000038a4d010bdd7498c2cadd29d1002ecef6562421e6883eaeaf94decd28856724840000000cffd5be78feac97ae7a490782100659c048cbb78cb2f627d152fc174aa22ae648f924692cc74227e4e48c6818390c4c1cb1258dd134cad998c2b957b61a6aa58 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c93e2086bad901 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "506767931" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 884 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 884 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 884 iexplore.exe 884 iexplore.exe 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 884 wrote to memory of 2236 884 iexplore.exe 86 PID 884 wrote to memory of 2236 884 iexplore.exe 86 PID 884 wrote to memory of 2236 884 iexplore.exe 86
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\var www html kemhan\wp-content\themes\menhan\css\[email protected]"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:884 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:884 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2236
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee