Resubmissions
19-09-2023 08:52
230919-ks2glaaa53 119-09-2023 08:12
230919-j37kxshg95 519-09-2023 08:09
230919-j2f2ksfg2z 5Analysis
-
max time kernel
120s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
19-09-2023 08:12
Static task
static1
Behavioral task
behavioral1
Sample
.htm
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
.htm
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
BRUJNRYYVN.jpg
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
BRUJNRYYVN.jpg
Resource
win10v2004-20230915-en
Behavioral task
behavioral5
Sample
email-html-1.html
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
email-html-1.html
Resource
win10v2004-20230915-en
General
-
Target
.htm
-
Size
21KB
-
MD5
8fbe2ebf309506ff8956ed932645e30e
-
SHA1
95b77ca1c3a0221fa03533f8a3ba6a0cc2bc3dfd
-
SHA256
aab4c3bd815083211783d9d73388aac5fe8123e682c7113210538d5033e86147
-
SHA512
fcb2636a77a703e433b8ccc8e2f69872fe0f4e16283c5e0e0501eabf338382ed82728a13dfc2e963fc07faf12a007bd2b34f65813f4a1aa3deadc75b73d797a1
-
SSDEEP
384:EMJFKIXqmayFMzdyx7y9g1LnBlULnBmNKHNTwtwL5+TRa3XXM+yLyEyKyJyTyt8t:EMv/XSyFMZYSg1LnBlULnBmNANTwtwLi
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401273055" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000008fb77fff57c1ed94ff499e2624dad78521cddb710e6d84fbe35f65c0257f17f3000000000e80000000020000200000009ee6cea7333dfce6f65626ddb926c5030cfca00ebbc68a90c337d31be312d20120000000d15330f27e9c4118b1e5e86289181f6cbdb298eedf218bbbe0411dde8c2232224000000069b8179623b57fc148e5af8947c23216a4fa6042c2be63593299996faf2ecef1ae894d6263e5b97fc8ed4b66a6d5383e5d8bd52951fda0cbc9b763d1ee3f459d iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000153bb50af4911a73fa4ed583a3d92b2e0348bad7cd9c3c59434e23f5b6dcb7c2000000000e80000000020000200000000823d0ec5036d34c54451567315b309ab1c23fa056a687fd984324e74366f39c9000000042ef3de6b4547e2bf9bc30e2c7c27ff938c372afa6dade2131d752dbcd397145bd7af70eee31cc2971098f00176e19470f090a9bed016af54300796e09a42b47a7da3840113b38162bdd5fede8fc0106a7f2b0adca172a695441210563413c87a9075060ac31a89745e72fde176d38d48699aeda67d0122bdbfae8effa241c7eb0e0fcfcc1e103d1b758a4a30d64a34240000000b2384dbe6a5624be18a0fe6095ce823519ac2e48cbf6a2cdf910eec84d8ddb3ce0fdbace8f4bc9a4158ee8daba7112e71666f4677437d9246f5fcd67f39aec41 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0744e31d1ead901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5C797311-56C4-11EE-A279-EE0B5B730CFF} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2936 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2936 iexplore.exe 2936 iexplore.exe 3052 IEXPLORE.EXE 3052 IEXPLORE.EXE 3052 IEXPLORE.EXE 3052 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2936 wrote to memory of 3052 2936 iexplore.exe 28 PID 2936 wrote to memory of 3052 2936 iexplore.exe 28 PID 2936 wrote to memory of 3052 2936 iexplore.exe 28 PID 2936 wrote to memory of 3052 2936 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.htm1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3052
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD599c89b3fd779779ac179ec38a1b0e730
SHA1a0d426c02c5b0d74a02ff445e764dc24880a9ac4
SHA256537afda4e6e5debbed1444f622cab0067545314f54b4e8ef64cffd3c493a4491
SHA512d59409cfcc043c9a468adbefd0c3366622d86a85634ff188854ebce4f76c706476aa2448f65f5bde3a0b240b1d587b71a641a5582ebf0073602ff91d90304528
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53b0ceee65a778b4dd8799e9f0849c254
SHA161710e9b52397788c076b9a88f78b8c80db50df8
SHA25699782086c7a7a768b24b806acf0c1f7fa63d69dfbe917120e344bbdb52ff474a
SHA512f234b7ff8b89e272b98865c13126344075389174dbc5a305ad83515a7653e0a76aa975800b45b587df5f744eaa63598dccbba8217dcaa0641394836bc885e36f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f1309bc19e9c244438007871f8bfd81b
SHA10842566c8160f4c454813b7e9dac65662c35b249
SHA2569149876906c41f69dd3207d112d0afd1d3f4f4ca7087c5b806ce2e1a470dd6bb
SHA51263dbe567563beb316da0541eeccbe0ec241f55a417da2a60a2f930a402d3f85600d9b139c3424e73dc22076c02dd6707deacccc250e6945296599aefa143d9a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5123021efd1dfb503fdd661b1307136af
SHA1e15de7b3bd7b6448c98dd4ebae39d0188aebae20
SHA2560c6b4031a56275ca382d7a7b2f606cce282b37e81912b8bd60e31dcd1be66a0c
SHA512288c5291484ef274b54175a29f8c79c248616dc697a898bec597fd716420da0d175b5b5ccffb12390528789aaac70cc88edabac82e507ad69008402faef6ec6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD519c1cc33965c8e82efcc5a114a959298
SHA1927a0d5d5d7021a66416c163c8fb4ec75ffb4f48
SHA2568176a2abbb2d19b7593c0e55bd1f5b1ba386c2f81ad899e9a66bef17ccaffb05
SHA5121196c43e3a002c357a62d936bf6ba8f0be6db31e105da8a6c9589f37dd40b4f1c56c79589cda67d8fd810bcbed8e5e8bcc821aefdd4cd1c588731c9c49e1ba66
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51bd2b63f40c00ecd28a1de8f174447dc
SHA10dc5b2934bf6e493b9078e6f5f9aa3a9599e27a2
SHA2569b3d3d64d1e355aa02fa8824b012e793ef981016a80e30c284b0da627c02b163
SHA512d706d782add8c9906ed5d133385123414db6dccdb332ed5f032939f3cdd00b245833e542189306e5de7fb7f7c5262cfbfdd8df7aa51b72c37d3a7abc304dcef6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ac0d272674d1028f8168963efa10f39a
SHA195cc514e3c3e2e718dac0a64c9f0d70f53dc6574
SHA2568ebe906c508b846dbc2c4980e5333b605b93fe482aa98e2541b20f07c6df4bd8
SHA512f8d9922234da34b586a2a86c2a143e6560f6c93090ee9a83ecca70061cfef275d1156d5f9360c6fa4b7f345f2b03d4e09bc99f09b0d194bf587b23dca3683974
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d2cc7fb50915fe49dedcd201c960b269
SHA1fca80d3644443bb76944f0a5a8877b2fe6c48073
SHA256ba5d7eec9276da75db2737176941c384f3b86eb8565f590b91bbb50d8be433fb
SHA512215d62161610ac507e39ced1984f26fb7eb979731ef80200538a28103cf015ee7bcf26bac7050208a5f1b0b531d80845fcbca1c615d3f38678467db0ec02c5dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD568a31cda9d8d4e4df17d9758081f2e56
SHA1ad944fd10f54e872248be36db4dbea4dc5286b39
SHA2564fc96baef93c0457fd5fdede74759c789f325c4abe73fe041040edab18106bad
SHA5126b22c5adf52bdf9fad92eb714515cc63b6bcadcaba380edcf7fcc664a847c470c17ba7cc9b26493b5ad64fa3a603f2b924f9fcdd4d0b29094aa53a40c4b5c043
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD592ab3f861bee2a6bfb848e3e6ded98c9
SHA1572606edadaeedb321d49c783e5929cf6a302a57
SHA256d61caa521cc829f769db002f8974b3f5b37851737a069009051fd1d18d40e38c
SHA512f65050706941e2654e96017e50d051c991a80371f18927d36b1b4ef3024b4bc5d5f43afe8546ea2a557e9ba902c33ba75f2441852545391f83416ff44b49f9cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD528d14f48e95096d02c7bee5ce980883b
SHA1f86727085f5e705233e2b9625329dc12396d1c7d
SHA256e345f319c9260d33708b1779831da7dd2371777e5dec108d1db8c5243afc2223
SHA512b64d4403b0843e67ca7da06f7aad40fe998304706b369844b3518ff5863a0641a01eeebcb6c27601c02c50abff05063a41d7a87d540c40467cf61e79a6f2c6cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fcc4b9411a57c623100776690f7bddbd
SHA1f57045a9c60a7595a3eb3047d46bb590fdba4e22
SHA256df704cf10547d70411bab4190238c0bac34c0c9bbdebe08019051d7a8594e5bc
SHA5123b845059d1b53ab76e4133d96ad8cc5375193b08759c2a3ba8754f9560df40a841d2e8371646b29ea0950382c4cfb88f1fbb82788e8aa74448d5f2924d931b1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51288055be18547fd002ebe1b0f628d01
SHA1d56c80d0a52a10fdbaca6ace0f19eeff68734d50
SHA256d3fa1f86be2e585c409f015c7ea08950861e4552321d4bb5834f488eb670d77c
SHA512fa582edadfa9112c770babf0e7877ae4f3c948837c702b51e79e18eb30661ab4ef5d7da468367b526ce96cfd48f2ff2c34f3704f0dd7d7286a0dfb6dd67b8ede
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c2cf416acc8ea07d1d81a5e357117e49
SHA19c04fe4449c5999379796d19972864fe2d0bcf54
SHA25605c5d7fed93b060ec5cf4361cee46210b231b11a7fa907b971ccfcef9e875f2c
SHA512b0ed328b9957c10ee6b17e3f5f9870bb589a09d1ad7f6af9f1db8417f47e6225443b74fb84df78f59da0c79943093445b80c4414a8b7bc3a21ac8aa31399db34
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53a12851c30f79150b4366830bd2048f1
SHA1ae15a29b2f99339beb5efdcbe0028eb94ae1210b
SHA256247bbfac5b778e223204a459d27a571f9ffc92b52f2c64801dd7634cbf4ee41a
SHA5120ac1a7f5510f31421957f757eaad649f821ee8ac68441167dec300a47afd49e8559efb1459b0acc4b99dc2d97b2ed44f33fe501a3404eb944ddfda4c30a3a95b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54b54a2580015742f4fd4c3e158bafc2c
SHA11b65ef420b8f23c3cad2a5a581dc96d60a8948ba
SHA2562c874567f944cb1a21cd3f76ea75c65390d924dae908d119d6b9aa4954c6aa69
SHA512cc82e148c8fff17331efca367efaabd0d393e440a690b9de04d00288e6cc2a2b91f84fdf26b6e21a7da939fd4259ee4a86cba7fdbf7f2430d70f67dc8452aa93
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf