Overview
overview
1Static
static
1_102_5ebca...c.html
windows7-x64
1_102_5ebca...c.html
windows10-2004-x64
1_103_665e1...7.html
windows7-x64
1_103_665e1...7.html
windows10-2004-x64
1_106_5ebca...c.html
windows7-x64
1_106_5ebca...c.html
windows10-2004-x64
1_107_665e1...7.html
windows7-x64
1_107_665e1...7.html
windows10-2004-x64
1_110_5ebca...c.html
windows7-x64
1_110_5ebca...c.html
windows10-2004-x64
1_111_665e1...7.html
windows7-x64
1_111_665e1...7.html
windows10-2004-x64
1_114_28353...c.html
windows7-x64
1_114_28353...c.html
windows10-2004-x64
1_115_cd2ee...1.html
windows7-x64
1_115_cd2ee...1.html
windows10-2004-x64
1_119_28353...c.html
windows7-x64
1_119_28353...c.html
windows10-2004-x64
1_120_cd2ee...1.html
windows7-x64
1_120_cd2ee...1.html
windows10-2004-x64
1_124_90444...c.html
windows7-x64
1_124_90444...c.html
windows10-2004-x64
1_125_d6ca6...f.html
windows7-x64
1_125_d6ca6...f.html
windows10-2004-x64
1_128_b667e...a.html
windows7-x64
1_128_b667e...a.html
windows10-2004-x64
1_129_a16d7...0.html
windows7-x64
1_129_a16d7...0.html
windows10-2004-x64
1_132_126b9...2.html
windows7-x64
1_132_126b9...2.html
windows10-2004-x64
1_133_fe2b2...a.html
windows7-x64
1_133_fe2b2...a.html
windows10-2004-x64
1Analysis
-
max time kernel
217s -
max time network
252s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
08-10-2023 01:12
Static task
static1
Behavioral task
behavioral1
Sample
_102_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
_102_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
_103_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral4
Sample
_103_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
_106_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral6
Sample
_106_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
_107_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral8
Sample
_107_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
_110_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral10
Sample
_110_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
_111_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral12
Sample
_111_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
_114_28353436fc2a08ffd172e8e001c34dbc.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral14
Sample
_114_28353436fc2a08ffd172e8e001c34dbc.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
_115_cd2ee54ef1b354ebb594683dac1df721.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral16
Sample
_115_cd2ee54ef1b354ebb594683dac1df721.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
_119_28353436fc2a08ffd172e8e001c34dbc.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral18
Sample
_119_28353436fc2a08ffd172e8e001c34dbc.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
_120_cd2ee54ef1b354ebb594683dac1df721.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral20
Sample
_120_cd2ee54ef1b354ebb594683dac1df721.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
_124_90444962c73a0957c0b714160a68ef0c.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral22
Sample
_124_90444962c73a0957c0b714160a68ef0c.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
_125_d6ca6183cb0582c86169bd84d40bbeaf.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral24
Sample
_125_d6ca6183cb0582c86169bd84d40bbeaf.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
_128_b667e13a527a46da3610a05d39950a7a.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral26
Sample
_128_b667e13a527a46da3610a05d39950a7a.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
_129_a16d794dbcbc7fab6c3bce124d1aecf0.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral28
Sample
_129_a16d794dbcbc7fab6c3bce124d1aecf0.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
_132_126b927df1ddfc80574fe0eb1f64fb32.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral30
Sample
_132_126b927df1ddfc80574fe0eb1f64fb32.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
_133_fe2b2e1beb6dcc9bafafe08e09402dba.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral32
Sample
_133_fe2b2e1beb6dcc9bafafe08e09402dba.html
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
_115_cd2ee54ef1b354ebb594683dac1df721.html
-
Size
23KB
-
MD5
cd2ee54ef1b354ebb594683dac1df721
-
SHA1
6630e2953186846971358a2c7fa41f4959a94149
-
SHA256
084ca6786e8da6e50df896f9a94738d7292371b385b08cf750252751c79e8262
-
SHA512
68c4419bc6594529650cb33b1bb323c3070697ed49a9dadaf47832bb031d967a0b7707f2e365b5fb2d7da284380d08e7b0646ab008b5decbcf615713f6805d42
-
SSDEEP
384:eg8T3Qo/sDxp3f9v7XtmLzzJDglR7EE3qTE1MzE9E32fbE3XVWE3GYE35ERE31TV:58H/s9pPVzIvClR7EE3qTE1MzE9E32fN
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a053f02a85f9d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000011966ad29f39565402a0c6c7b4a9ae89ec23178efe9e27541423567c4e5e94d9000000000e8000000002000020000000d904d379e28b38eb2c40620ed024262bf5c349ede623db5b424f5fa85b3e398c20000000cd45354d439d4b9a5bdcf652da6ebe2ed3c2c36c69bdfe748e91d6bfce63d45a40000000d9b83bfbf75746774db922f1c56d0fe9b21cea885b630dabf2dc5cd69ec60ec275ddf6ecbed5bf893860b0a666c7fb8a815f02cfeb16347794077ec23cefb135 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000043b186a788594eb2b7575cae1a976e2fc13d01fab0dd9e2f358b74ea19ba62eb000000000e8000000002000020000000a6d0bb0e7110567e58869a45795afaa702f65a0240b04ce3fbc5a2865f12675090000000df6a7115f3578ba84fbf6f749870d630617394eb9458ef38a5a23cf7114bcafd1769d131cd4b32906b4dfeec33222e1c6e9c25f3404374d4719d1958ee22d6f53308db69638a76829ed34eaf3c7a00114135233f2f35b5736d6b467a67f8865ae2859bbc1c309f3d8691da9bce8899adde2146e93790998bef939e5eeb0128e2d60add178ce1b1d13a1a0ac8274ac59640000000b289c7625018f80121d0160e5424f3e0a005b5aef35ce620ab6cdf1ce5e7066e9be3e2e9a3b09a7e9b5f9478894cee9a08b65ee360790a98ff82f7a0262d1efc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5147A9E1-6578-11EE-AB6D-661AB9D85156} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "402889663" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2644 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2644 iexplore.exe 2644 iexplore.exe 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2644 wrote to memory of 2744 2644 iexplore.exe 28 PID 2644 wrote to memory of 2744 2644 iexplore.exe 28 PID 2644 wrote to memory of 2744 2644 iexplore.exe 28 PID 2644 wrote to memory of 2744 2644 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\_115_cd2ee54ef1b354ebb594683dac1df721.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2744
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD576ec51a15f9cd4fa2f1cc9c4554eb77d
SHA13eee02929ccad625ee5e8838cde448184a7dba6b
SHA2564e427b74e23ef5cf4a6d565fa846f628f7dae6fb493028a4c4e9382aedfaa8b2
SHA5128da9f576912ca2f8a82141068466178a6d51bd94fa6cb22bd32f54b8266c04b4e97e5439dc6f190edc1ad309b494f391323b576f2c9708d86ebc8cbbf7799c4c
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf