Analysis
-
max time kernel
134s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20230831-en -
submitted
19-09-2023 22:00
Static task
static1
Behavioral task
behavioral1
Sample
ab02e4cbe64c32b1ca18abd8a727c6e6e5f70d6ccb534da980df2f4210c23d6f.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
ab02e4cbe64c32b1ca18abd8a727c6e6e5f70d6ccb534da980df2f4210c23d6f.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral3
Sample
license.html
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
license.html
Resource
win10v2004-20230915-en
General
-
Target
license.html
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a7140000000000200000000001066000000010000200000005a78deac4ce18ec0af8817bbffa66340bde2f99577cd1a1655946813ec9b7ac6000000000e8000000002000020000000198b4ba4210cc1b999364a98d3aeb024996110e34212ba849f253d5c3b3a918d2000000099101340f029836bd35278fb98dd7809991506ee1df2ba1ac65d0668800553cb400000007d547417f7f98207882afaa0d213fcaba39139b50ac817bfafe4bfbb0818949f4e4629cff91c1c160067baabc901f269bbf3bca4ada05b8b6c1521419e984ae0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a714000000000020000000000106600000001000020000000c03fd0f422c22d0b6d057856cea57db372863ef80f063637a4827a920aa720d7000000000e800000000200002000000025ee96179b87d491ff795903db346d44f8dc59a4973806aa9c6ae76f217993f19000000018ca14f2f4aa350d11f1ae405f14a14e617365f667e7274fd30d5bd7b565b2b6028945efe9f99a7f7d920ab516f168d822029bcfbc1408fb10dd0c0446d728f1e4362b44d713ab8a6cc468cd48f70140297cf60550d0de14f4e9f38510fd88675a5ced4d20f71ded2c5f6da103b21ab6fd7745fe5a7945b8bca3f2faf14c4e2fc96af0ddc9775f805b0370fa33d23edd400000002c735a93b657b14f685b5496f3cf92ffeb61c654632a05c7b250fb92fccd0ec7eda853be3337c5f2b60df0bc24c8e24336ff568c00523d0aa5926173c1986404 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a835d444ebd901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401322720" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF5F5E51-5737-11EE-9BFA-76A8121F2E0E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 2176 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2176 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2176 iexplore.exe 2176 iexplore.exe 1504 IEXPLORE.EXE 1504 IEXPLORE.EXE 1504 IEXPLORE.EXE 1504 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2176 wrote to memory of 1504 2176 iexplore.exe IEXPLORE.EXE PID 2176 wrote to memory of 1504 2176 iexplore.exe IEXPLORE.EXE PID 2176 wrote to memory of 1504 2176 iexplore.exe IEXPLORE.EXE PID 2176 wrote to memory of 1504 2176 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\license.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1504
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c7207b96aa4242e0a86cb1b107582b42
SHA1a8315338c43a1f4f8afcff1ffc74e7cba3dc2710
SHA256a61753a81caf56dd0852924f85e6a7c504eef58ce959a5994f17d601871f21ee
SHA51241274179a44e8954c9ec2ffc4bf022320ef29e366c6d6f2843205e48cce7baf48b042526eb72e9cc8b0f5e33ed9f590f603406ae82cdf1ebaf5121dc4b261804
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD571413f7e6cb05b03556b11b31ac9cb8c
SHA1b289361b8dbcd6b9827ef4bcc424d2d70cafbb6d
SHA2562b38ab381ed358bade537215130e5cf8e3bf0670cd05427f3661e98015633e2f
SHA51254a6f4413c28b40387ae564a7892c2c6e73581790db3d93c27e48cc808fe5da8d41b4ad3e4049e1eaa4ab5d5ed93edf5bfeed2999f989be2a84fd06ad24db3f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bc8ba350dfaf54b3196a4bf8387fe075
SHA13b568adc7f7d4a71dbbebd9b9d9fb3427d637462
SHA256ae3bfb80f7f9f7832a29500b4ef42503998b27af8bbccb501098cb14c94dffd1
SHA51252ffc7d41d5de0320dc24c59271e7919ee98c057868cf33e62b40d2d2a4b5492d2ac7ef47bd0ed32b534653f03e3c204bd3a456c367f2a40c5fa6b913c5dd1b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53678d0dec932b6c1aa048ddfdb04c0a6
SHA13179912b6f8d73d355c73595e04a9105bd8a3c26
SHA256812aed34f6a85cae9f9a23049c629d81b2607579228b912726a986175eff5927
SHA512c5bc7dc3ab9a5a59793404002384bf94ec59bf6d9d0fcaf679f1c76662cd8295291a3c43712be8f4ada5f36cd0208bc17c1f825a8ef130c51976fa75569aadcf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD569a1ff1b784fec8262b3c0bcac327166
SHA1f0fdb50f47d908cc642246ce4d576747756e8447
SHA256a05e728abf6462fa749144046e7aee72584373d1c2a85236f76c8922c0ea1f11
SHA512dd56e7aceba6cd77b0c87d2ec3ab5037904767f5ea210f371816b3cb085965e156e09235b35fbf96bdbfe64c9b0ee298d76f8d7122ed0324ac55d60705d7df74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f91dd00a984b0e01da9143e3868690a6
SHA1032479f52621b63ecc31c8157ba1a13600f86cbb
SHA256d1d96b410f95809f5131391c085e4ce8b369fe2f3d887c44b94eb19fac1a352c
SHA512c463bb4fcf9abfd83d90adaae8e687a57e6bb41ae93389c76bfbd9f489611ebcc989902e453411e2153a1fb3a39333fe757170cb33e988442835f4927398ac06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56e01a3aa8ca95b59afd582ce86e7d4dd
SHA10173e6b96bdb36940f4b73aa03dc7151027ec4f5
SHA2561efee7ef65479cab112ba228118cd361ac2e6b55871a0a6d5a5b5273cc266ec7
SHA512f158e18ce8b49aeed59db449192fd46ce91482096291c1feea065272f875e7fa29731e3c7638f46be157c31a5bf73bc981b8757ad4cf2e98d465412400c08014
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d88e4316319151be7ee3ecc15bc75e06
SHA14c9d096da4507ecaeaa6f95b2a656aa6619acfbb
SHA25614004eec0a7c1bb63b8b575ac050e8370188a0d086d942a6a61e2c5d37c259ff
SHA51283c1b666ef2324b89a3110868ca19350be3c0b97482f4a9f665deb3fb248a4c87d70b4bd20a85c253add0a04e728b9ef1a3018b52e9fdbc93a4c1f65c5637aee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5da3cd93dafde6a3c0c6654e793fe4051
SHA197426fdd416e3cae2ae63b5b672549a92320522a
SHA2562a23f33101f0f23a3179c5e57487f825dc14f3db0079d6c7d422fcda551b7b4d
SHA5123a00557d0a4c5b0995f2744b588f77f9fcc526034d7a90490996e4fe514f2a714df28b3a78700c6d020c7080f82d33c542893b2a99cdbaf1058b65a019f06cda
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5686d86e4f366018c055c3cc4a3bdae97
SHA198d6312e31810e09e38f6f4ea5c68163a33079df
SHA2566e56524e40384e35aaae1414c2063412713f15e632ba0dcf3f337da731b425a5
SHA51262ac37ea5dd61aea75b629b18e98efdd94fd0b3d6f3eb3a5a2983a6dafd08baf53f4c5cb1dd849f24c6e3ab7342e8baa505c7833661ac0ecb2c15edfddccbc53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e6031ea0d659528630519f861eaccb5a
SHA1bff80ad8df07a0521d20df7e1bde86461a0dbaad
SHA2563fec3804bce28f43037786f978d9b9c7778dbc22459a7a9ad3e29350483620c8
SHA5120482afa1fee9ad9efdb4c116e0142e783cb856492f9d74d770deec9dde0629339bc9bd6a8ee3b497202c43c88c2c4f2becc3869fdefdbb7ecfa3f92850ee273a
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf