Analysis
-
max time kernel
135s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20230831-en -
submitted
18-09-2023 18:56
Static task
static1
Behavioral task
behavioral1
Sample
chromeupdate012302_JC.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
chromeupdate012302_JC.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral3
Sample
license.html
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
license.html
Resource
win10v2004-20230915-en
General
-
Target
license.html
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{18D63B31-5655-11EE-9884-5A71798CFAF9} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401225266" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000b4abd9ffa1becc821cf42fcd381cbdfc98ff2f44cf121d33e07712635f3c9677000000000e8000000002000020000000469bd05f35364e33b3972a397a28345d8ce2ed74f8e784648c19c1304b8d86002000000047a7b7a5107aa07a20f4df16de8f0eae3e51d23c061b479bb15dc99a155cf2c140000000b02680d4169cbff80bac017fdfa577a9595914388e4066acdac919ccb420da22e8275533bc88efc9dfc128ae20c791a612b35fd1a6f095db4a9333d500f6681d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 408aa2ed61ead901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000003ba616c5a12c81c26bb27c1fb13fef62510b178c2ab912c1e67f8c541a9b06bb000000000e80000000020000200000008e18e3d1305a4a1397336e150a53a9a461bc36788d155f9d1491f556c0bdd8b290000000b3a2cca7f07335f52562a4e98a7d7dd5860e23294e98f67f1ac1b5d31a3c86dfd65480c38018dc9a235acd31e3ca82a5256c0532b7177a53b6ee5d038183e552c2476d8367d2a16ec90a688973f4ddca6bd43aec7d825f5a35d40f83aad60665b42fc3a9cb1dde69707b020d5f039ceb3d0ef4a1703495daa41209636bc7815c79dc5cfe287acd5c586aedb7ff6c0718400000006ea2c7caf72abf7537e0afbf1f14b348f859c0fa018bbcbbcf2705c37cfb306cafc69d397994874e837ccfa04727ad0f14fc58258d2b10f160c6526da8b831a1 iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 2808 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2808 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2808 iexplore.exe 2808 iexplore.exe 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2808 wrote to memory of 2544 2808 iexplore.exe IEXPLORE.EXE PID 2808 wrote to memory of 2544 2808 iexplore.exe IEXPLORE.EXE PID 2808 wrote to memory of 2544 2808 iexplore.exe IEXPLORE.EXE PID 2808 wrote to memory of 2544 2808 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\license.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2544
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5c7a62e45c0f9a6e3e9d32a0c836728d5
SHA1ee28b99f896c741187596ffdaabdef32e642a655
SHA256dc7770f5bfc07fe9a46c51af8e0c45799e95cf0221dfdc438dfbb31ae2b55266
SHA512a9bf5d478d387e7e168769f7233e7baeb6a57f2f4e280aef4035a438312d08f0c5925ae2f553d5a5cd57b5173ab3b4f0684f320ed18daeca3e9c3ad0ee36b9ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD50ebff35a28684fe93407e8146b811018
SHA16873343db39cf96206798ceb9a5ebdc3b5674e02
SHA2568cafd0bb397cac78f37cff24ba7fda08ee8fce46ce2171bc48fa98557c5e690c
SHA5122a555bbb75d9077114962722ace1dc9a8edaa87865886701bfdb5cc6cc3746f75eeffd2b562afbaf0800fc557fe4353c01b2d5d3bf102da4440340649498342f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5c5b94af89daecb387766ea8542bc78b7
SHA1d5853d4c6e8f52cd77ae861f6940f5688531a848
SHA256716deef8f614298770a636986983cf05611628b7ee8b2f6a577ed301643572f6
SHA51204d49f33dacedd997134608c238ef588c4d50242e4f1d69e05bbf9e69b0c34b3b6bbf0bdfc99fa2b09cd27e02106645840e6eb8c0da90379c2b3f5c3930d6081
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD503b055b17cfcbeaaeca57b435a67f896
SHA1aeb09499f4f586cdce4e75242963f66076c2869a
SHA256118cb659bc0e334b52d7ba932bf069006d997436c591b2146d72381d6468fd10
SHA5121e9be67a1f701963fa856b22efacbe9d2cc6d877e1e3466a1707720f715ea41a531c5a3ec5ea16ab5ccb6380f5707cdb81b700307c6f2013abf69685df885db2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5feceb622598aca00ecca2324f0dd8e74
SHA15b4cbdb711b9dcffb9eff42071703787e3df2eca
SHA256cb2f6d2dbf5bb6895330fd5c60e4080071a9c2cec6161ce2890fd5ca3fa8d628
SHA5125547a6e2be26e785534a64269657d7e9b62792bbb521a243a101191dc7bf5951cebe450495cb582242472e94539c033f5bc4251f688df12679fbc164cccdb71a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58adfdf4564831b4513227645a29534ce
SHA1f2c740c2d163ae2f627191be2d5b0d80a608747a
SHA2565ed153f7e064be8b8c92eb3b1a7309bcb28a400df2b73f928147a00c8086b563
SHA5128d96cfccc5dd382d8be8f5df3ec784cb32e80dd2c15253b83b73b8b65feed8b1a0b7fcd1679bf84605acb34c16f1479a92a92c407cece8c9d079b59577452e9c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5366173937593d286524a928912a680b9
SHA18dae9c5d337e0e9d48c87322c7d90f2e36445747
SHA256d87ba79b2957cb6b6b3e116a9532476e86ef1ccebd239f1ac7e71a78505aa837
SHA512253f80181c7b9797d184af041524fce764a62f065c2b2909393e48752373e4ce07cb57d91eb3241dc5cfd71cf2ea2a78308aaf4bb4627443be80b6a6aa8e6b6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b28c0c527336291839b780084829aac3
SHA15d935367184c1ab428b6e6ab20472a9d414558d8
SHA2566bfd2cee0758e761dd47c2f15a12f93947b6212a6cd574bba19b048505b2a36d
SHA512e516b1d54c2a02db5244fe1f5d14d027aeec5b509505245199c622911f9a4806649fa6091c7147606762c264fd6911bc9b4cca67e583ac48f31fa3b05d484437
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5cbafc23be0186a375d918fad99589ec0
SHA1739b3cbf83f449256194ae7d2d9a6b707737705b
SHA25602281756a30dc6b6e7f3b8bad397b0ed361e1badd7a17a42e9c2f2160aed7b4f
SHA512bf95ed9c75a95110ac4a3aafee322e175af538130d44e3fcd994859fd26a3c17ef00b72114a84d88ea778fefc8b17ea30df2677c8b2f36a025d60be924dee470
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57c2745a72d755c72bf2d315b5227bd54
SHA10c4a1e522560cda50b5cb11fdc1dd33a2d239897
SHA2567572cf794edd3808763c1efc07348e1d42993803e4035b9049c51932b66c9e3a
SHA51220f10ee2bd806c23f7c3b7e5063313eca1a63c4a6decd0d360e58e15b5141c70dfa70ad0ae5271fa703a045ee5cf33aa7a9bcd07660cd6d6b0f8e6625139ff14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5382d605153fadc84879834b7e90eca7e
SHA1bd5c0f5307c0770ded4b3de772778342b1462d3f
SHA256f6d9948c50542a2ce350129641028017e5357883c1685e3bf3b333eefd19bbcc
SHA5129bfc60aba28878e2043982ccb015ae9c164bc9563cf2f25dc9dd9e8aa6005bfcfc82b3e770d6963c51f20b019fafaf9bbfc83b2240fcda3bfc01fc7baf3e28ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD597f7bc7ddf27ce4592faee3a9efa7c76
SHA1d9ff78121b0432a8194ba6ee4f3aa8b69fbd70af
SHA2568a0ca13b89a935f802a853d4307ac836216214764406deb252435ef14eaa6766
SHA51283c65547eed3d9499e107c9c3fb5b6c2030e2560900285b55416bb2517ec9ce972b67a53a004f8f46a998e7690da7ded9c0a203b6c6399cd167247fb7439d19b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD588c3f228f80f9aea1baffbf9886932dd
SHA113b89696d2beb97912a512f18cb86f40134db7c8
SHA2563f2b1db701d4370b298549f45d562806f70850048abc0d4ed5ed1ea0de13392f
SHA51230f0f592f66374dc6863d22766922bd3f98a133f226147ca31745c2cd04ecb30614447da910a5c12b6b1725d8802f0a0ff8fb5300e27b910876d234cccbd3c96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5619b7082871468d599e0d9c5e2147170
SHA1d5c31915188e5748687ce7b9c570d9c2b2e2f128
SHA256fd5ad1cb7d1c411807d84dfd9f1c8819604191d895c0a9d49ecbab9289448310
SHA51266dc9693c0880cfefbd0c7b83b00f4a298c9455a1f24e8d32d80e86414406f91f338d82585f57c29a9f4f004f6c7e207a1997256cf06adcb35a89d021664489e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5924d9bdfa175a4100f9ca48fb16174b1
SHA17c6819c2bda63287437bec8f05601219b5822ca8
SHA2563d1ce0c0322d736fa5231e8a8dc2c3d066347ffc6c9c4ba5ec976531c8543b5c
SHA5129ea289a4c700db4c70c3cf5054670678bc04a773585b3cef56275bb732001e724ad817a4ebd4020d79e50e475f12dbc24cf7213c5960b3c5f795d7ab5f2436f0
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf