Analysis
-
max time kernel
295s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13/09/2023, 21:34
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://1.1.1.1
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
http://1.1.1.1
Resource
macos-20230831-en
General
-
Target
http://1.1.1.1
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400802752" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000777d2c7f47302afc9b17fd6e072206069d4433a4bc6e8e80553bf11c71724aba000000000e80000000020000200000005df2d8d8ae9afba50009987495d9d5f55e02c0ffb1a664b924f4406041d397fd9000000045bcbb302362e07a570c360f4922b12f5103620aedde24dc7829fd9dda88b5bfe9e058ae60c4b54dc5f225b8625fd6937d7c8723cdd546912e5b8f19b56832c1a4cd45435940dbf24c63a2fe29c1512e8d334d2d1ee836955a199a1a85a89bdc74ffa038d5b070b19663079ba27c974cdf1a97e71ce0d4f16d06726e97ac57155ffd8ffd5e4747e85d5abb3f1874b6f040000000b015bbbc3680aa53327a636eb4b8a38e39dcab17f282e2d8508b43722894cebc437f507c96980a9114ad7f0ffd5f343f633261e3102d73c746af62732dac413b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e070bc2d8ae6d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{573FD1F1-527D-11EE-B57E-DE7401637261} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000006e19e22f2b59bddf141eea5dfe8544f82184198ce941ea4f77d727465e6fdce5000000000e80000000020000200000003336fb7f759046b125a37ac3b2715f98bb19603f3b1a68165095a0a93b264ece20000000993a0a85be20333fb0a5f09500e6a157ffe2151354a7e7fedf84a824d7eeff32400000005827fc287c0fe9a213561f67a6e7a07479b17861b34bc21666a53e2ead8f1d3d7cf983586466b577b53162bc23235a08aa7cf60a6281a8ed9afcd2facc252cfc iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2200 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2200 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2200 iexplore.exe 2200 iexplore.exe 2652 IEXPLORE.EXE 2652 IEXPLORE.EXE 2652 IEXPLORE.EXE 2652 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2200 wrote to memory of 2652 2200 iexplore.exe 28 PID 2200 wrote to memory of 2652 2200 iexplore.exe 28 PID 2200 wrote to memory of 2652 2200 iexplore.exe 28 PID 2200 wrote to memory of 2652 2200 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://1.1.1.11⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2652
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b8821b4e5b4e16cc32aa8e543f43384e
SHA1bcfbf15ef2b2da861765e16b1c4018a02a65c413
SHA2561ad83f54f20a30f963f3e8ec458389a6f7649c2d096712635135224014ba6f93
SHA51257e30fb4c4ed4cbf03c917e68c9f56ce10a7eb5cb83c056fbe71013cd8c74e58c305b1d7c7b915f1d91a8877e5ce4139f69d434ff76ce6678e860e56147d2f29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD598b266c3ed636970eeec0f0b2a24acfe
SHA12e17ec3ecdbb732cbeb31e70634406e1bec80d23
SHA2567452de8de9910f958dccded288263d1685bfa7ccd36b671b1cb6b0402dfa23c9
SHA512570b712cbb786f06855e670e065b12beed2f7cb3f02c5803b2249ac525c3d048117152e8a229fa61f4ebf80486ea8f3da421e272c66bc592bc403a773559f4ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD569c3f7ccc6e343e251316fc0a1b31205
SHA154fa995ebf0d0f566da317a6d898a43e3f066453
SHA256409ab51debcc9580192b85aa14bd6cf876ab2bff8094dc41f32f3ac4ca3b0024
SHA512db4de7c56f5457c5ec362496faf7f569ae8a1e06754965fabb60777827240f3a3643e69db9563ad13a19db11e9588d9022510573585899c7c4c2abf982ce5c8d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD540e41e67c5e3ea7851309374a8ec0f81
SHA1b7978717d2de064b10905eb7b5545933091233cf
SHA25673c4c1eeae49ae7b0911a65d8714a92adbd6afd0a0b15dc667fc7ca873f00bec
SHA51280cbd1ea9c21716c2167d80ba81352bbf3a9c8fcd4fea2c06a7863e9ab444a2a8c8d0af45bd1961f9149eda327e84373a524038ec677cc01b9c4f833c4da466f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58f254878c5f7c0439c5749a61ea95170
SHA1d27640de7893c4a10ac956711f68a71a8f74dcc8
SHA2565e42d447026056cbe488a7e975d66d9f49b6e75379e64c9ee119fb4ad801b524
SHA51225a829abf8b2763b418d9f3e2a0dd9a0d20788468f05dcbaa027b26ef246a4f7fabe9d70ed3838f73de6a327a4e16f23e747cbb436ff559e2b7f8c352a036eed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b22e7ee9816f15bac91993ab75261ac6
SHA1478976e512039d2513bfd9b1bec9aabbea06e5db
SHA2565d190a951eda4fb4512fc408245c812678994adbdef441483662c48d348dadc0
SHA51217f9e6fc6468c9a3f608c8f87745450f469bfc5275c1a3aacce564e9c616c878b5eee83f9b2717e97e330d442a8201ea106b2848b163f266a9bf42dcdddf3f62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5051684e65c0dc13212c6136bfa70bfb9
SHA1e601e31a842caebc489ae37603094a76f603ae50
SHA256119ae382c0df6dc92e98c727dc7424faed4b2316a2e37d66db11278bf4cbbe9f
SHA5129213d3cd68a0bb5b4fd16422eaee492ab6f0ea3f2dc11a8783ba8b6c1fcfea06f2c404ee7b40f2f8b5c29e42ec3fc9ae5d89ed470f6a22b75890c4a4870ee0f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54374392a9f98478f576394992971c9c4
SHA1c64e37981ad817803e080b71a3f0f71d4f8141cb
SHA2566e182892b1d1213e36d57fb923ebc1947ba6c1fb762e017c196f16a12916ef86
SHA51296b6afcd9170479be2c454249af5585c6ea507325bbe093a60ae40cb87af2e468389653a07fc1de88979a9b94b7e14114389cbcbd0b21f6b2cb234ad80a5c3ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5a01907a967d6e2d2644fabe8e98e2754
SHA1e31c95b81b674a38ecc00a1e3060b3ccf8c6beee
SHA256261b380e11fdd0c69e46fb3c673005936fb78af8fbf0f6385d96c5cbb61b5373
SHA512d97cbe43ab590279f5e43ead3746448511b24167c19ea21265cd57f52030459784dfeb6bea35054001d1b9cffec5282c6103ee82086bb905b746dfbbdda01d65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57b36e1ea8eeb02752231b9720ab4e55d
SHA17f12fea8a5d3a75149159b4019c9fccfd44ec833
SHA256f027850cbd9912d9746920a7c3ab87ec24b18bd28ba6bdf276d04f0d7e5d1f8e
SHA5125caf0b9f049cc7a27b720125afa63730e81f1d2e3e3445239167edc6768d08cfe952475559a669d3d188c2591b0c77f78deab48063d0e1015a882bb70e6f1c4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58c2d845aaf6c22b844c57347c0f2b059
SHA18410956640d332556a74fa76b406fd7b8a5af1dd
SHA256da3c102e7433018430ed9a94d0e0ca1dd1f4f76edd98586562c4c0699dbc2877
SHA512442cfc5781eedc654fcbf076f470354b030d472f1cad8ba5e1a42fa98dd4a1543dd80c37dc8b1740ea0e1d25e3d4f745a118cf40bf9cce2a1d736dc23dfecd64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d92eed4a4a431060886cccfe12c329c9
SHA1287118ab9dde3ed148092a961411a5255dcc7645
SHA2565da3668bf953fb2cc91724190c3503d4278751759d45bfe52f287ea85144b435
SHA5127daea138740d13aca69b5fb435187f766ff738928a94aa30633517872c5d6f6ed43e20ed116b0906267d6241d5728df877c51cbc3ef5e222c72423cb071deb75
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5895ae13a74aae0b343bd9e097f09fdc6
SHA1e706e1139a7510c5ee4478e70fb77eb7c6bd7fd1
SHA2562da6971ba7477eb1b66343f8848813f1460cb9f67aca6a42bd0969d80db8ba89
SHA512395e5274b8bba457d1dac3a0115eace4e853d8f84d03d7ed1f7bc312f72fa885fd56216c677fd4814999a504f2b426e80c3ec251e7a32fca29fb1175fb6121b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57738b28029b2bf0dbc43e422e636ac4c
SHA102b9bb9960500d0852d9910eb21a899a634db674
SHA256337e91c3216d35107d54f029f2a58bf4d56a28b9149152f901f68995cd005854
SHA512041acedea69eb27bb5ab677faa83b8d009effd2224b10cddfda451b63b7461a435dda5e2bfc8d1b58058ee4e17a7ed1fb0959f7b416acae04a500b79dd199847
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5dac79b31341622b44573a76e704d7f51
SHA1a62cb8b0ba1ebc7af1b852c95f300b8e8b4f195f
SHA25696c07b9a90b253bfe10dafee6c01f012fec963d9cf7572e50c51d35a4dc79673
SHA512a78359228f0df308353e19f0969d748865d66d3703336633782d392dfea1c5b371e5a585f6c1546842230d7c6a394a04283c335ecad3b58bb853ba50688826d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD579d7e906bc1a26ee811ce7d2a68d281f
SHA1c18f7d32fa3c86a4dbbceee27bf656b35cad7563
SHA256b4db7241ed92c16d64d07b23822b8cb0fe0ff2d8c4b46c8a64575ab366861787
SHA5127131f9f7b9eb82a2f6921e2163b7802c72e8555d6ca6ac150e921a91f0cba3b017edc7210cdf9cabfbc89e75382f1fb387955055fc3e6b9b7c1d13d0a9550f25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ec63e8eea2a84c977f412697ecee8130
SHA1dcbd51e3fc5544b3b5909d383f0c62929827187f
SHA256e3fda833f05b9a96ea7b152f91dc030c95eefb679c025764d9e212d687097424
SHA5124cac7d51d969f4edaa7c3ce72d74a0df2500de0a5458c63248f304eee70fc7aab1adcafadfc6d99a0ead7ea9f384263ab2b691a31c3fcb9c964695f06e48e97f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5e56365f28eb794cb4f3fabe830614f10
SHA120b5035d2779213761b76b6fd23b63a67e041e83
SHA256fc31ab31a95eefaf4db946dea928257b77c6959ea2bb664a58701db8f2cc7de0
SHA512fd07ff7e56553592dc2cad174a70d3d6dc72ba42e49e8df7e10aac0c8b96267f0ea1329718cb316f3f58228e1615a1aed9f036945dfce3f9ac2662af23451d4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5706b96bead2c63b7a1f060bd12f5bc0d
SHA19123a2ad245e437d9639d12ae9807549003fbd93
SHA256ef32b5c19134d74f525d91e877d530f7c9bdcf1495ab3d238652ddc25bb9c37b
SHA512d8670f98e204e8b5ecfe7c68b39ac5bd3ec0d2a645cb71ba09d7aa987619055595fc34364504a33ffd84db79bf2bfdb7232ce95e183010fd3450c9362b7fd1e0
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf