Analysis
-
max time kernel
134s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20230831-en -
submitted
18-09-2023 22:00
Static task
static1
Behavioral task
behavioral1
Sample
65d959c67f2086389e59c7a445a9eee5d8505d51d042e69001959156a4c86990.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
65d959c67f2086389e59c7a445a9eee5d8505d51d042e69001959156a4c86990.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral3
Sample
license.html
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
license.html
Resource
win10v2004-20230915-en
General
-
Target
license.html
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a071a39a7bead901 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000462b9ba195582842458b96fb002cfa74b92048110c7340a598db087ecd68a714000000000e80000000020000200000006fa537322345ac582f300f35a47b0c0228f0c5dedd4bcf4f8858bf5a2e883d7e200000002856a60c1a9a2605d1f86d5e20964b55cd8af86f010ba15e4ce8304887736842400000004b63add34f0a19274a7222b91b5e05524d2cd7a99c649910972b74978a7634af53bbb4933fffe3fd49725df8469a19446f44da63599596ebac1aa300e5b2c668 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000008c78bb6a5dbb41114c2c0c9875a26ac4e8cf222a12cb4623a9f93755ae9c6465000000000e80000000020000200000002ea17713197d46378fb83d66f552a5375090057eaef9e4b6d91f667dd9ea49019000000028aa58a0203d94e702e7fc02589bf45222baf57e12d5233472ef9a8dde24c3822ea6a5418681a1b211da81a82c15a9c21879078a44e84e8a70c1d43f093cefac9da3d78e56efb2719d594eb95711efc24f68f34e5d99b0fc58a49cd2020352008152fe6dcfcfeb6aa2f4a9a856d1cbc66112808a7573fdeea929210f62743911042bb341e2066ed1cb9b34e96ac5abec400000000d2944d654cb6838a97a8ff21155ed5f37a7fda06309f61f785a77eeeb1f1da9c53672c4d9a8a3b9227cd9de674ee3793c540a9a95848586d00657c237845c05 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401236294" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C5A89881-566E-11EE-AA35-F2498EDA0870} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 2232 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2232 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2232 iexplore.exe 2232 iexplore.exe 2032 IEXPLORE.EXE 2032 IEXPLORE.EXE 2032 IEXPLORE.EXE 2032 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2232 wrote to memory of 2032 2232 iexplore.exe IEXPLORE.EXE PID 2232 wrote to memory of 2032 2232 iexplore.exe IEXPLORE.EXE PID 2232 wrote to memory of 2032 2232 iexplore.exe IEXPLORE.EXE PID 2232 wrote to memory of 2032 2232 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\license.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2032
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD53ce173f11a0796340af116abd61fa15c
SHA161be4cdcad7e8d43ad447cd0e8deb164d07546d4
SHA256bafa366ab5b56f4b35a812f03ec8682c40b8268dee9737a7b9b120ea89a5fa5e
SHA512f62461472458a2fc3c2505f58d8096d842c9a4ac353e8513e96e843a11c5bac97bedf5ee9fabc9b86b41d13f4ea9512ba9db29758c33a4316411cf6ac9398e2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58180d84171c3dcc373e345614d6a7863
SHA1d04d3de7d3467e68927a7f216f14307be60bddf6
SHA25621fcfbee45da2276e34863b05a193cd91b38eb35e1734d4789208af5e9fa8ffa
SHA512b6844d9f9aff6f71d7eecd23c663ae35640d4e1b5f6c8207f144e3267f0fe5737507dbedd1b25fc9385238112e8667857ded6fc540c649d65bb5abfa4dc9b1a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD541f6eb0c2ea6748882df2a9d16e82505
SHA173ae993825c4b9278d26504655d39e0fd9eb2c1d
SHA256bb992865a8d4189ef8316fbdc07b8db33fe21ab32205ab0603630b9c8697a11c
SHA512b8842c7bd9df5864a087b1c3a2ea08c506ba0f6402925b6a25889f0247be9f3e549523d1c028307839e94adab8deedd701ede8704a215797949dae65c61c7280
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f8512159eec20f47fe547e9a2b5a7abc
SHA1e28327f2fd35c2d290b52bc02f11462fa711b96b
SHA256c0fa29ee75a11445cc451fe48da93376d69b7beccf6e9b54de18bb5dbbe039ba
SHA5125abc221799508a0c04195e42a8b473846eb27f4463955e7c0472a0f9d871bc018be5dbbd35bdfc628f9b973773e2d48d98028a14bf06147d51e727599b181d22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b9b7f61ee1cc2b86a6229ae7602984e1
SHA1eb774ac45d63ee28aad3949061b698f64f0db864
SHA25608fb1808e64d3cbe5639e167fd0e28a03668016c706fa3e475ef7461e330223e
SHA5126ceb4fd0d2ca1f28c0c09407453a8c4982d4446f812c49ed622fbb1ecb202710d38ad46708c14ec9cf76df1c8da40d1ccd816a0753b64be0c2bbefcc9330ea6e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54b6a5242a7a1705b47a495e2ec6ba7b4
SHA19506ec6a0a4fe76b330a3245de694dd33ad1cee6
SHA25610812cfc5a665054f5f12d082d3e44ef66dc4b36bc4e9adc05d18f68226bb7b1
SHA512c50b62cafa93d0c47eb9b67a9d66944e02835483f4844d81046dfaeef1f90a8cbb4451720abd4d2101575917b7eeb8dae078f42462751da6143bd80712f3a091
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD51f4202be85bba0797bed13090a072852
SHA1087f523c9304c6b6ca9acc61b65c0954d3a90fd9
SHA2565f644fd34d599810bbcaff13d339777bc1779d8c4820c4a0ed2f8380ad9d5311
SHA5129aefa74159b75bc259df74dd9024ac47bc6fcbc4598d1950f378bdaaa64a346b9d14c8f5ff68b81c5b6016609c5a6f21cc43f4496beb41b25bbbe947e352a6cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD59c7a6d06ff308bd46abb6f629a52b173
SHA116f3c8b0aa4190b814810bdd6245d9e73d6de11e
SHA256356f85a8c9595b2ad37d48ba49cdc6c32ddbc785b55af791be48dd31c4605595
SHA5121f835436872b8622f78b8f9e3665eac40ee3734d50965507af1a4e382f3ca469629647024184e57fd5f31abf26191c2d813c38011ae6e51e0138ee96380b8537
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ba55a84e1d8a4c0585ed6d48c2f654f0
SHA1e7350402bc256c42a15c7ca16735b3dcd0d74a43
SHA256f7f1ab6f7b03ab5504fc45bdc7e75deedb1937a88fe154d8abfefe86bdd57883
SHA512ca5b2a0fed0b77cb22f1282d1cf8a5125dbe927580238d33b54684c93a71fafa02557d7d0fbcb68164ac90ddcc35d60d5e70d31ae21c2defc05283a1fe90b1a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ac7179af38b9df74edf4458fca289d40
SHA15f119ac8ff89796a68b1f6dd4f9401f503473a5a
SHA25612ab3f772930f1e35fb4292922558df2346b39ca458a51520614c8570f141ae1
SHA512e72c46b71599771f14ddeaa07814c093cc374c2c7adc83fdee0096a24946e8c21e68fe339ffe6101a0fbf5b829d1778a551760759c06d0449a3a4c4aa56e1877
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d9cc3bf5a7339f04317eeb8a76540cef
SHA1dd7ee3871fe586b4a36ac4f53a8502565754d4ef
SHA2569e9b78847cbb031c2e39f7ec302fbe86c687c6df353d86354ffbc70a119f6680
SHA51285937e16006b5222c55d7c74b2e3cb5e45a6122e3172720923ac53ba58d73a39748d6f693c8d4ac55044576f76d80f7bf025d84c91da584b13bb29015a523bdd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b4bc505be0c92f06383bd6f96c57752d
SHA17fb9b0dd5aa42a063739695a9a7e842ea0ab101e
SHA256b917552972c63af583a7af40046f390da4e299f8c9b4ea2f160b8ed246981caa
SHA5121f5488dd254f2f316ac90e9630366a3a59a40e40fd30b3303e1e8ee72cf472f2510c2a27286c200bbf7b410c0d3d06644f0605e5cedd504fab1e7e77e6f5e486
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5fffd661e747f703ee63d28d5d9c563ae
SHA1182957079ea0ac01d0e94bd6ffc7b42702e05ffd
SHA25639fddefe116158c2a00e463ec2621fa7f3f292294698f82484963a9078a181d9
SHA51271da999ec903addc6b477b6e59d6e581925d1011d36cb5f3a10801fc17bc68e4467688a3a363fe22e224081963da7e705e880ae89b516a6bc5bde7ab2dd5461e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5999483355c290ad264be6f043e9922f3
SHA1e606f339c9347b549eb1a2c54eb498d3101f245b
SHA25628e4e7d43ffe445a9ed4632c01503f64f870381a3442ec4562687b9253ab3e69
SHA512911e668fd089ee10a34d3c5474109a87142063b0484099b5e60c9ae915ec9a9bdf62eefcacbc88545887c3f369a1c8a5872058a5913907844121965331936b87
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf