Resubmissions
13/09/2023, 22:43
230913-2m9pfsaa44 113/09/2023, 22:41
230913-2l99lafc9v 113/09/2023, 22:41
230913-2l7hpsaa35 113/09/2023, 22:41
230913-2l43ksfc9t 1Analysis
-
max time kernel
845s -
max time network
848s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13/09/2023, 22:43
Static task
static1
Behavioral task
behavioral1
Sample
feed.html
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
feed.html
Resource
macos-20230831-en
General
-
Target
feed.html
-
Size
288B
-
MD5
9034bab8201ca968dabc204d43d19963
-
SHA1
c813a10a8654aa3d888e8c95e509836eb6ac387a
-
SHA256
28b777e7ed5b8c789d3396bb5c0340641558bccf2a9ea352863a1835c5ef27d1
-
SHA512
5e4a57214f55613e4c5c2c9e5c252b9065df497f71b2213fa0033ff958b21e8ba2e54b7b4f189b6291e3d8f2f4b795df9425c0a027fae2de0532747c7dbcaa10
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EC803301-5286-11EE-83C0-7AF708EF84A9} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b00000000020000000000106600000001000020000000c3c776a2d92d86c9c20ef40a7e3557fd2b06842bd38dc2ba68985c6c2820f29f000000000e8000000002000020000000cc1434df69b68cf02dc26a9fcad27e5688ba1eaaf2727d987e760edc17ee2c1b2000000082d6e0f4e2394138fe49ece3fc1d1ce21d8d2ac01332531cb92bf1204586abe840000000e90c1ee019b113b35daa86ffa30bc98f8fbf75f37c10a861d3376b224705dcb62754551cf797f04c24304fb73ed1338005b94c6aea2917c98d13182c9e16d00a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000094cca09737c1ee0b8387cc076acef12f9a3436a9211b41016da8b10a5e471845000000000e80000000020000200000003e9658c1d27a6d5a7985405b8c54d3194d96b3fdab7de68b0fb320ca04a269a6900000005275e44173fa97d6d6a0cb13f097c852b4b4c70dc8e68af698ee107f19c8b19608e4b06f83fe62247463ee864d78f33a0b1e138b5051ba82e9434e6b3538f077add9814ff9e08a5d5723138988b93fb73d4d35629d22d85d2d7677f553fe09adbf286b9e5741d604763ff484a8ba7cba1938450a98215d3ee7e0e08eecc63927471c01e28c184a1dd83583c4d2b750db40000000a10ef663a648af704e5edbeb918a85369cbca5bed790f7a440e86d5d8916c6c1b6407dafda4602ae3c63121305c6d8c884b899cf6113dd37b4c1e131714fb3d4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803786c193e6d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400806869" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 284 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 284 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 284 iexplore.exe 284 iexplore.exe 2592 IEXPLORE.EXE 2592 IEXPLORE.EXE 2592 IEXPLORE.EXE 2592 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 284 wrote to memory of 2592 284 iexplore.exe 28 PID 284 wrote to memory of 2592 284 iexplore.exe 28 PID 284 wrote to memory of 2592 284 iexplore.exe 28 PID 284 wrote to memory of 2592 284 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\feed.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:284 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:284 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2592
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51e5b25ce04a9e94618f13d6670f326e3
SHA14325c617553b492db02a786628e147c11092cf13
SHA25608de60a0ebd2336de1c5e9b9f5330b83c9704009a89dcae3ee4b157dd76b95c2
SHA5129353381ee66c6c42939693b967cd89c0b5fb18318890d09f9234289aad113c80b907a4219e276e7e9f14b53965717df792749f78cdad7548968f4f9c6b949195
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59d8b38a583dc4f08721a1a24698df5e8
SHA1d080e2178f5c4f9b1596e510c0a253f3d76ec85a
SHA256dc783dafeea48f1d21522b6508d27b7d5be467bbad146c94abc8d3a6fdee8f00
SHA512341fb322aa33a9b26dc89e58dbb73d31b424134c8370ffcddd02a978eaebc7a960bb3a51935ed1399fecf5c677b89b471c409b72fb2e287af6d34122c65603c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cd42eae6f652a7ba4176109f5e08b3df
SHA1249f68f9489e8d433483c70fbf1fd06729ccdc84
SHA25696065f7abe21fca85ec39fa882f28acea56003af07c9ab01f215e5c1a821ff96
SHA512d03256fa05146ca636a4d56b98cc1e45c14c2c696b1d3d89ab107f049f3cb62bf2a0f330474f105575b545f17d890215a0bc206c79b67ebe7cb4bdc094ac00a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fc55e32da285335d7e2394052b3b8101
SHA1eaf3cf263fb15c4c514584664a2f314777c93dfa
SHA256eb17637fc2c1c353fe32fe922539f46ee6241421ce3cd66b65b7c060032a6ebf
SHA512652e49c3df1e97cb6b6f696bb34a0ccb9adb497831eca0792b3354264c35149039e357eae7f05efd886ac12769335bb2bb40aeb0077b453469601244ac00e440
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d4679eece6e261489fff3c2eefe7d4b7
SHA1460f5b857b7fcc8ef1dffa5ca7f4f6b2880a25d0
SHA2568ad2792985eff5d147e1ea4d46a9b3b2c7bbe3684e7506118f20de98922b594a
SHA512397372c980644050575aedd47eeae462b06cc44ad678cadabd8d5cc0a65290ae678031c060a987884aca9ffab616e7768d557b394f295e3a46c7914160dfdb0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52e53f3b3c156e63b7daec762f870d84e
SHA18969d98460b4af54655b3e77cdcaa05227f658b1
SHA2566a44bdf0d1400c2cc034100867173246bcb67b16e943e6ac817f30756b3f49fb
SHA512c6c6e32ce0c1f2ed6728b84fa928958e71257f58cce0e548f1d7e41dca29b833f8b676a5294c2cad679481dd4fcc47efb8300354816b67eacddf4eebaa8a3b4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5312fe61324da544d009086b6e0b91268
SHA10f78f7542d05a0e4c58785138a2f5a342dfa6bfe
SHA256708ad37f1edd47883996fb4574d77a614f7565bcc670ac8b34a143c0e9843937
SHA512de9ebb858ce2ef55b409d0b9f339e8b1c929d2805f91b65e3d3884506db9f1bafc53d4c7c94ebc22a57db39ac4c6fd59968fae359b9da067ad20423660213aa8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e0524991e94611b69d722e1bf54e47f9
SHA17e7d95a9d447732b80fc7899f4317c7e2271e75f
SHA25634584aa5406491857c5d6591cc3965a0d7d8f0ed012f2f405337bfcfb9d275b5
SHA5128bb9358ef83a85e284a5bf9556e9bdfb99a89ed0ad0702bb7e3113e61af81bdaeae55f434123273c3026a4749e661bc6417a94df8cc3d2f6b04a1273f05f35d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51e579473c69a7e948999e57e4e402953
SHA1d55f8668fb56ce3a5feb73ca5bb3c00f1dcb0e22
SHA256c78e310d34997e793cadadabefa8419b59d29affb9cbdcd070abc02ca7f1bb75
SHA512186a9b9a0a60e682f1dba3dd6c912f0ca9b3d1222cf65fa8248d8fe3ef733e6c0010065856603adb7da603c95f6c2266107f409bd0ca341bf260f1b0c07990ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5167ab07297d719c3c9de61192ade383d
SHA108170db0d910ab31f2319013627be446bc20dc8a
SHA25666e6dd58d4117087a89debb2891e19ebc1acda1eb0900917955be5bbd0e8bf5c
SHA512f9bbf5ebd3d8331bb78e1b0d5087c265226eda9ff0ea119ccff3db0fa386b4771f3307656e168e5f799d678e832a0d44f77393aadc67e12042000eb06d6cbad4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50694912933b105c6e5c80ad17f0ab3ee
SHA140cab11c89ee6d8051767e0a60f12a7eadc55e28
SHA25651022fa3ca3d9dbf3989a0b6c7795999351f82610a666db9afa0545354565f7f
SHA512467e8cf396ad4537491fd457b23646dd0431650b04e64c2804b6d424c0dea05e5b096622fb38191eaffa08aae98744c8e795e8bbe18fa9e1f1032907f10fa408
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a4a2882449efa87f2d0ec7059a12090a
SHA123a01c2e7cdd3a95981b890a09141254995d221d
SHA256ae6a60e83f047f241755cf38d70eac987d4f929a7f2787753cf3c43285dd7b28
SHA512974f2e1cb2457f12dbca14599f6632cc8f871401f2f3eb3dac9159b7f18cf2f223df184bb4fc9e51ff3779c746fbf2e9f2e9f2dfe11d9382b710a2a8fb6b04d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a510d7dcf6ae658dbbff155c4af13cb5
SHA14fa0cdd899d4f49ad6c9403ebda330ebd7ceaf67
SHA256228c775943b4fc1202252e463184684ee8bc60e92f2367df0294e6fc0c9897d7
SHA5121654f857b457d172d011e950c76973c96eed2c36f8569288852c9e8c67fb43bf6555ee3ce5b3f5db9f6f9c5c33842edcc5f15d58de3eb55c39e203256c6b9296
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51cc0bb8b215711be9a9856a403cfe75a
SHA18abfe7bcbb3ef03068baac5f09bbcc01bf75d73d
SHA2560dd2318feec8316d0a4733c16d44d69367433f7d609d1ad3005ef05db932b882
SHA512d9534c9431726b201396c94cd1a0edb093a2b248fa898f015fd54facbc11b49299a4906aae31c43f4781db338e40202d487ac36c5110cfe47f2ceadbdb03ccd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD560e99cdfe649ac0dba21af8cc2a73cc6
SHA1892b7777029397f6b3b26204c1e09588bdcf7d1f
SHA2567786b4ecb2aa773933dc19cc24612059e8cb81d725532b375c4f86aa87e07e7a
SHA5129430cbd3558b0df3c900decaa90a77dcffe7236cd6579d87d15796a590eb7cc007ac9bb47e1be3e367ff05b4ecf21535ae587d3bcc88ee2a5bcb5f0eb938f25c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5aea0ee7f6dfa4ce2b0e9818aa974598c
SHA1d41ef642328f8a15a64bca63a5efb393938a952b
SHA2561e5b67ebe957e6a58e05ef1a88c162b4496d14c2aa4f20f916bab62cba24e9ba
SHA512053e216ebc67a113668145bc8c5fe6729f31958407e28ca3fb65891c9e6e118c0774e0a40390428a1e1d1a2f2bdc25bc25bde042c99c8dddc760755b7331fd7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD572a10a870b8d70f3ed1de9e11ffbb291
SHA1201a288327633695f82073d2e395c04bc13e8a4c
SHA256bb90bb99f5f4a3e8489aa489a92bc6ebd2358c375cb0db1e00dcc34518d7e908
SHA51255e15b0f2f0ab3eca2264201230db538fd8b27de2598841df6d3ffa7ae90b506c23b788484a709a95b666514e6a708304fe9c7f2e681a1846179e131d0546656
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD591a3a9dae592dba126af3f5e96a765d7
SHA169b39a33479e4d271b025a68a3a2e4c0ed9c6485
SHA256e52319593b6f846b69da0f18d301baf54e44e43ae5c67bc68420371bcebd0aeb
SHA5129a7808dfd9685320624c6cfc7ed3ee26b3e435faaf925a32d9989594c27a2cb89ea8a0f11a4aa045915feee2e652f52ded5f110560ad6327ec96b55d9c939e4a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD522c50e7a02175576ea5a5882b570e031
SHA17a46fa1a844eeca7f7b75491b89967d6f00eeb89
SHA256bb2ffd3e3d76de09c652852eddd3ef58836ac669e2728e3f24bc5c041183edca
SHA5123a80cd95dd03240ce8fad9a9f5ea6bc2c64365f7f6e0fa51a31bec8a6a8ad4b612c6a384a7752ce9cef1f93caa06913f615eb09ae2c205b468b5411243fb2f8f
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf