Analysis
-
max time kernel
38s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13/09/2023, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
Secured Shared eDocument.shtml.html
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Secured Shared eDocument.shtml.html
Resource
win10v2004-20230831-en
Behavioral task
behavioral3
Sample
Secured Shared eDocument.shtml.html
Resource
macos-20230831-en
General
-
Target
Secured Shared eDocument.shtml.html
-
Size
2KB
-
MD5
98bfeb92a94db298f73e81ff7cc4e88f
-
SHA1
c715aa535d5a4b03d6daba268af26fb123f97188
-
SHA256
ccacc08e93cbdb9a8d4286987a450df2c5c2ffef20b6ee53cbeeeca0306bf781
-
SHA512
024fafcd65ec2d40eee8d68dddeece7071582a60b5a1fc937e0a5174b7f7c01cd7f099729562c269d503893975fe361f869c1e36077a5e515e56a68901c774d2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500aa4de8de6d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac20000000002000000000010660000000100002000000069f8858f37dea13759de3183d9e495d033e3ad6db7bfbe1481c751431c2a3b60000000000e8000000002000020000000fb9319327d6b358837535f1b8d5a582d91accdcd9316dfe0d9497eb7982f97f3200000005b2f2951fb6df589a7df35f00a21d409de30fdc6e5fcc3ca2ff170a977af4e44400000009bb1bd5bd92cf226f908ee8e71913ec2192ca9cdaea085ec4c87ba99a727a484205eaa103c45f4d731f2e251b6b7aa0070e3c7fab28204177bc3ca75fb6366d2 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09B90011-5281-11EE-A7F5-76A8121F2E0E} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000ade10df33ab48a975e95eb05cca9177c474272f38aa24cb63733f337f36349e6000000000e800000000200002000000098ccc5529333ae9abebac38585faffe1810ea93b94ce3200727c77d4f8db20cf90000000d9ebcfc0e2e462934faba0546446891ec16b1f796ff404bfc90f7c692639a9089b690dc918b28fd5ab51f23c16d3ea5b7a4f77ded0dc44ed51acb786d4c0b65c5e48f9abdb2fa2255e7d3013d1c3a118d487ba471c7750b1792e24d02ed3a8633c8116da76d5a863c1339b97290d8d68b2324e6a7352e6a5cec971b95bcf989ae4903a0210d43d6caeeeec87f367652e40000000ed7578ca5f93598da23ae86043b17536ac83f67936b63e08a6e1654a4c000d23cc21b44359c1df40c7ced026d987a29534ed921cc4f08f8f8eb063f5adfbc446 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2768 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2768 iexplore.exe 2768 iexplore.exe 2824 IEXPLORE.EXE 2824 IEXPLORE.EXE 2824 IEXPLORE.EXE 2824 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2768 wrote to memory of 2824 2768 iexplore.exe 28 PID 2768 wrote to memory of 2824 2768 iexplore.exe 28 PID 2768 wrote to memory of 2824 2768 iexplore.exe 28 PID 2768 wrote to memory of 2824 2768 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Secured Shared eDocument.shtml.html"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2824
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bf333150ee5ea04a71b32aeca3fb5a64
SHA1a903e1764546dd4811b78d032c1b6dede2c8f191
SHA2569a7f0a30455e2fa840981b400a6d488cec97b66783e4d7e289a0d578b916c9c9
SHA512586d1990c0822ea63e9af44eca0a154e07efb6e92e1d659fbca7bf06f3f60e26dcdcb69ba69a70b6945c86f1200fbaf0b31dbe2c67dabb210ed3dcb44dde22d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58ea995150dde11eb8d3ae20629dddc40
SHA1dc2c3dc43b2c3bae8aac70752c3523577aa1aabd
SHA2563b93157a92a1b9f1b39e7dcb692b5294960a6710438385275cbbead59d52f01f
SHA5124668966300941a3c9a57adea5b9c453bb646e6271056ce73d999cd6cd0515ec17295c62813961e0e42a6b73356c996134c4bdaad6a656bae775785f061a31019
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53b66c195cc92891e76d82b46d5890d96
SHA10ebff4a6fa3499f47fe983880aefca62e01d14cc
SHA25698cdee4f76dff1b539a21f0a92607549d5402622a06f8dc4c039e41dddf6ddd9
SHA5126e69764e5dd0c630381f85f3f2501c0d642b5ac087b1fd9957ce82dacfea3d82dc0a8c9b270e1e16319b26ead4e5329d6cc713b79bd610df0f32b486699c1d44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56ba38b3f79a145792d19358489ff4ed5
SHA18a5e3d33418ea1ee8d951a4d3ab265a6de5cf0ad
SHA256b08e0d9810776b7123310ae704ca881cb88a661a53166edf6d9e86fc645ea0c3
SHA512aff8394f56abe66ea777aa4a35185f96546e7df64946b5c85f2911b2962d549a68295b282274cac0f3d371869d45e0e287fc4feb1961381fa6a498f3e5734504
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51f499b3847d12618e68d3b3a57369897
SHA1c8fab16efa761d51d093ab405dd3e1774cff92c8
SHA2566b35ab26f6c9936e169c91c34bcf9ecf3d2d67b84b1a02941006ae58b42d5ec8
SHA512485809b482df9ac8dbcfa1f5042adcf0acb33b661bf21913e68d488e46cfd72a70314d07274b698d34f6a58c9e9f090a8fe23f48cf124981222e82ff9c35370a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD592bd7b29fa30907479b92f98edebfa97
SHA1c66bbab60d79a87f67d9bc31327cc82d7ba86a72
SHA256964e2e1b96f46fd1c6e12bdc16f198fe740581e782f10f836a9661f6133069a3
SHA51259989c6ab27f1eee2dae0852c76631cedf40a241e6bd4a3a6c5f9a801c89f0197872ec5ad8ddc38dd6e8543a0805b0c836586c2c4b0ab618a0c59c7dce38699a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e091dd45bc3610f30b0e79168ab80362
SHA1d88413abb06b5b7da4911a96c69dfb384305e682
SHA256bba169cb1ec2c010b490584aae53dbaf7489206cf73014043fc90955dd6bc7d4
SHA512087eb8c9ffbc26b21005495e71271b0667a6eedc577f65893df43d6888829bbbba00491315716e64a91600a95218d0de485323d96d125eceae9ab17b87b88f61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bf4dfdfccd547c03cd8f6e5c87ac61b3
SHA1ed0be01743c75ac6d21b4d9c682d10c713170769
SHA2569f5e97e45e25fa3a0ab11041045f890125dfd544e12025419091d77d2e3856ea
SHA512e681f4cdbcbe66e8d36d7f126a5c2451ed87896ec71028403b4d0ab2f9c980d7f98acd6fb404666ab6690d1f288c72c1834c41939b3c3658048a7e86ddae22ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD573b1874a5ef7923dba3b3f5f808dfd4d
SHA18fbc10376b7527ab33d653b243edc6ca4fe51c04
SHA256e9dfa8e1448f004f0e2a7915520efb7d381c7f4d0c4aafe6ad4ad9eb960e0f5c
SHA51213f2e1295562ce988363d3c1b2d2819786dd8e23beeed742ad5c20fbcf4a8c8a5da544a16fec9d71950f2b0b8e5e1d163b2f83ea6d4aea22420c3767b4e52e31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57eb0d52e432d4bbd4b99d1f3b00075e1
SHA1f8c15799664dec1f3736c1113dfe45d8b0da1874
SHA256f4053602bae11c61ed2696f65b94f9598aca3d953ae09cbbb5e15671470f20fd
SHA5125a558a76db787458df4e2ccb5248ab2a3cb4b156fdbfcb4bbda4a538d01316b8099996b5548fa05dc6e5858154caa54799f85748c06c38216e93c5d294f3e161
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD515cb2de0cdb47435518e0e8053ddc306
SHA1cc02599ef260a3d401ee1e5aba11df11cb800404
SHA256505ae6418190939f3e89e5b3b48cb634a565052a5d2f5ba11207e331bcf575cc
SHA512208ca702876d6df9ba667a2dea6ae941a71c31783cf625b44e8dfb643ffdc519ac21abea4d6e4c69f100f637f2ae2863146d8bd8b383836cd4ae6c038faca4d1
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf