Analysis
-
max time kernel
135s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20230831-en -
submitted
17-09-2023 06:46
Static task
static1
Behavioral task
behavioral1
Sample
4750303ce5a24d4adbc33df186560fd813f1b3788734e38c5320c904ceb1fca2bin_JC.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
4750303ce5a24d4adbc33df186560fd813f1b3788734e38c5320c904ceb1fca2bin_JC.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral3
Sample
license.html
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
license.html
Resource
win10v2004-20230915-en
General
-
Target
license.html
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000af6ce823f62c5f9ab1485c906eb3eb87b173fd959f7bb3d212fb3a29d6ab34a7000000000e800000000200002000000033c4a0be8df99eaab8dea51df5cc259b3d839c9a9487a8086d6087f3d8b473f19000000084479f6a1f4bc3a4c5d739d481c56d9bc89dc14eaaa439d24064072127c429ada06c794b31bd9ff91f6d36aa9941803b442e60d0184f37d8a6022dc1aaf9233f9533ad28d7720d0f75a7fdc9f33edd1741f2ba30981a1841dfa380103eb6f3f22ae8d14dc78278c3a80699c4252d694b62c826af2fd55fe41f34211a380bdb91b2f8fb6d037e93f6366d5f0f3b7a7847400000000c7946f9284d0af595825d2673ac79affd4a0bd9584a0cb88f36e3e4a2562e017f2e40d18e477f8ea400f5588fa2e83098c527885d4cc174811d91c09e236e19 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2F1E4D1-5525-11EE-A617-EEDB236BE57B} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000009e70e5da699bc3dfa1f11124ec7a9cf7ce5ca954da5deb6df70236bcd30c0cb3000000000e800000000200002000000042826390668be5dfa9863785ce575c1b76f0b99479c8adca37ccd5fd2ad929a820000000537f64cf19f8ff3d4b074d6fe149f587b37cfe336f744c9ff65b9c9451d2731a400000000aae047f22e1ed326062d6e415b731c83e8b8d03d252b8c079c1eacbe20ce8047e8d51f8790430dbe0312db38ec66660e17b3a56d75304afc3dc0baf6f3e2778 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401095065" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a08966c832e9d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 2020 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2020 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2020 iexplore.exe 2020 iexplore.exe 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2020 wrote to memory of 2152 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2152 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2152 2020 iexplore.exe IEXPLORE.EXE PID 2020 wrote to memory of 2152 2020 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\license.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD512dd34349777701c80eece88d36c77c5
SHA1db09106ec2e8b61124ae9fe5fd3ca1407e51e68f
SHA25601cf6f4ba761f61e9223d652844a74e5d40f3ead1e78401e9f6fcfec1915191a
SHA512ee82e14e79af0edaa6417e1cd7dc52e0640e31fa719f127f2da052cd84c63ee0fee88e5cdda2977d7fff2a381fd73e500e043cdaac76ca23318f66646d33ace7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54a940c5e765a8e005ca44b30d5fc7fd0
SHA1967bcc7ec78f0059b6c47d74dba012b2089572ed
SHA2563a4c8cf278196ae7bd3f6e7af5e0df4d63d48280f4950b9fb5497ece525700c5
SHA512c76a37997ae6806227b86b255121a0ed2a4b40937df87ee70cec9bab7b766a93ac1419cee9651f4273eb0225d6741fc12cedd3ff46f2b1ad28b9f585807e1dbe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58fe08f8fc47a6aa9fae236e081f4fa8d
SHA112a700f29d768680851fca9ddb0034c719f1f5c5
SHA2565b6e074b2a298de1d8d8069af2efd698588e1f9e4c00898cfbf5c35383fd5b71
SHA5127244ab348cd05b4904a65191347df98d0968ac63f34f99fe420eeb4ea50e50471086acc90765bcb32823dc26f9bdfe3ea74da4018c31a624e1ca4e5c101c17ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ea61e438baa83fd45580f8b36b23fa68
SHA1e3209a4a4930768a2492203f345c5a1660049696
SHA256f84d549865e07571f6c4f07a9f71ab08a35e263c97902e9933e2e1752348243c
SHA5124c54811dee9678805f668dd34426bcae5869a1a65da8f08f99f8081e46653aeadafee413c06ed7540eb702a6f612c07fc893040721120acd4da69d26ae094afc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58a05e39cdc0463caaad05c9b810f34b6
SHA1f51e876be1f35ec0d29df02e631d27aad5cb5360
SHA2567788a0673f88b8ca2aed69ae45e8e8a69785452b541c066d6df7a26e2bc6cac6
SHA512ac59b0651ca64e55fed7b59fa7182607d87b117403084b6826fbf6f34f4f8afea03bf1bda4dc2ed108410ce6b6aac31c70b1fb5b934c4531b27522c1fc7b15bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD50c831276f18eea572c5d05de6577b7af
SHA1e9d1b2729dc2143192e71b2b52e717004a7daa6f
SHA2566b27b4ea618b09266715c15c3d5061c606667480f17b0ab88a43dd5a93574c3c
SHA51267088d3342ff75a73a8b4e66b6fcce2d08fb89f0a8e0b9f25a0c4d6e71bb17610c5829317b66122fecc273fc4ac1d2cc2f2ebd092c59ef88f4e8c4c88c473160
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD53e54e6a0c654bb3ced229dd9cd2cae23
SHA17092f84d4938992064a06a9325936999b7040ef3
SHA256b66592b23e44ad49b67693be47135bfe0769b14ecfc03242ab73da65d8926953
SHA5128ea4231a9537746b438c2aea87159f4fafd9adca963bfa8189766ccd4438080dc973b5cd3d81bbdd7fd502045fac50ee77d8d93fccf8284eeea8ed9e2ae03935
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD524258ffd9feafb577ebef23041063b9c
SHA1da415d558b67cbab91acb56536434020a413f053
SHA2567333c0960ac0372289ff8a7b4dde7e95bbfa7da62412c470cd3f6a9f14b271a4
SHA512b61eaf6c5293d13493c044ab2f03797f286aa6315cb37517492bd18871cd8ddc41ee6718aaea771e13c2438b97d4871c7c89cd1c02b518be4a598c52e00438dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD511510004ee100d6061f7c3f7f2ae4363
SHA14bcd6560a26ceff0bb99730728c7652b3d1cce87
SHA256d98968ff33b8bc55dff9fd5a4b8909c4dbcb43776b99b537ff03ffcf5b47d679
SHA5123e138da672613c0b812d63027371cce24c8fb129c70911a898775aa8b33bbbee907df92dd7fca69319ba75569925deaf9d83d5e1b47cdf858ba0c5e77ddb4150
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD535f551ae556fea73a553a9e9db94f0a4
SHA152293f499fb9dc721813c855d4038de29d976e2c
SHA256419fbf824142c6f65812e6ff4ff3531e7503b26799268264dc6724c48bfc015f
SHA512f4eeb6ef12b11ad711bc5061aaf9021ac67d3f5c32d5e451d6cc821c997188b3f0bea96d6723eadd9a4f4d79cbae411dddf82cc8b0d79231aceafc4df92b6fc2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5786a9e100aa65f3f0395da1e9919cf70
SHA13aef738994f9db8db378a680ef88e65f869e64dd
SHA2561f662d0d23588809c04493b5ae9d04232b220d62f14ae4f653ea9fd6c437e2bd
SHA512885e7b705d78226775b99a36fcb73e9b6133cab8e6f716a0af4a5171c50e1b36c09748c7fd92eff8f78f76c59b773d6e323d78d96c5266e19890b032da764891
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f5286edc8f44c20251f18619b54715fd
SHA1d238e5c73bf82cdce6e8809d70cbe2b2ab168d1b
SHA2562d301a2d3d1edc5cd65bdbfb878526589fbbd6a063058e4c31609c8fa3332801
SHA5121b6d85ed3a71224dd94f1f1d2c34a7142bbdc72a84ea634573e6ff440c91f8e02e5c000a75fc234c1724c4ddd17660417eaf4e9376d18f4b34aa2063382a422e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58e8512fd88c8dae2f257a5a9523cb66f
SHA13181563efe2eba8e4870f4042e9bfdfe2e119be3
SHA2566f6ba3f2a4b0aecbba44376bb812e765d1b921e20dead2216fcfdc8ba88ec43b
SHA512f41becd8a9effe4c689f88782d97ddaa291f361cc2ec40f3b532a92833b9779d0fceff8118b504a9f8a2a3ea6beb1cfaeeeec27a61e25758f9d0a1f50dbcb323
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5dc0bbcc599d37a02847da9260446f54e
SHA1d94e51845a4c738eb3db6223529712c42dc8b90a
SHA256dc6ca418b47b09cf06588c19e8d55ac55029b3d86663b09fa9ed03c65702c2d7
SHA5126eda72a1eef94ceb4598ea3fc89426a9f4e9542a7b19ab78b39c392d2f7789756e1c390ad7fa18420dd0f0264c8511e7d01ac799af212f341b80d0b9fb62d7b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD577db18a5428962c63e2ea92a45a9316a
SHA1ec5d2845b971b9658fb30fb5cdca38e8a2200afd
SHA25678dcd705989d91a55522a78f3f5bb9164137b8894030729201b77059565aadcd
SHA5129744bacaf710021d97e878476ebb62d306698add1e9fe935e4173109aabad9e98af0de88804b69b3781e11ad05eeee22bebff90badd9366cb9f780fc4aae518c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b6d3f3d640d0aaa62b2ca7a864a8f42b
SHA1ef771d4acfadad70e701a003dc4ceee8098e293e
SHA256e2cd612a8fcbab300a3de52d48c481e91a3330a6d7a3a6de35580d340997b017
SHA5129d21178dbd5fc8cfd1cae68a547b041995a4f222bcac762d75a1071edaa97d271a8ff92a454d9f42e146d0c1192cd0450e055f99a6e041a607ca5dd6ed959f33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5243f787f8b522c613076c2498ccadb15
SHA191f4cb7f72159c78bdcd206cf80e56ce30d29074
SHA2563e79dd67ca75deb44a85e9dd748ac81b3fc5e7869b95845b094c010d40387a46
SHA512338ece44a6d121088c6141c5867f4e3c60098d55f88cf53171b08af546bc017f12ce2ae8dc6ff1e0f47201d189f307d5932e4b46dc6a92290bbc9895b58b5c3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5121484ddae57c08be29671b5a9cfdd6d
SHA124cf172837b8f63599cea9845429d44cfbbdb44f
SHA256f33ea4cd51976793dc2ea3d6c22e9190af47055ef9a232067900be618e1341c7
SHA512ee94e25d08272105b38fda32d8479df64c1e702ee1750de256b3cf62d461cdf9b133b95f216006a722e73c1e90052dae7eb615b215c3bf90b2ed7e4b765520e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD556eeac8a61591e7077185aa9c8b214a1
SHA16614af28eb1f598f5cfaec3dadfc9b5306ee9e1c
SHA256453a7d82fa0a55792df766a6f07c76b68120ad4bf725c8ddb547e6563a80c4c6
SHA51232c05f3095699f8b3c156eb61227c72abb9714d8b29e2a9c9e2d0e056ff8bc047587dc5355128364b3217a28ed2a76f83bb0e7693873b702c0115106f1766b0c
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf