Overview
overview
1Static
static
1_102_5ebca...c.html
windows7-x64
1_102_5ebca...c.html
windows10-2004-x64
1_103_665e1...7.html
windows7-x64
1_103_665e1...7.html
windows10-2004-x64
1_106_5ebca...c.html
windows7-x64
1_106_5ebca...c.html
windows10-2004-x64
1_107_665e1...7.html
windows7-x64
1_107_665e1...7.html
windows10-2004-x64
1_110_5ebca...c.html
windows7-x64
1_110_5ebca...c.html
windows10-2004-x64
1_111_665e1...7.html
windows7-x64
1_111_665e1...7.html
windows10-2004-x64
1_114_28353...c.html
windows7-x64
1_114_28353...c.html
windows10-2004-x64
1_115_cd2ee...1.html
windows7-x64
1_115_cd2ee...1.html
windows10-2004-x64
1_119_28353...c.html
windows7-x64
1_119_28353...c.html
windows10-2004-x64
1_120_cd2ee...1.html
windows7-x64
1_120_cd2ee...1.html
windows10-2004-x64
1_124_90444...c.html
windows7-x64
1_124_90444...c.html
windows10-2004-x64
1_125_d6ca6...f.html
windows7-x64
1_125_d6ca6...f.html
windows10-2004-x64
1_128_b667e...a.html
windows7-x64
1_128_b667e...a.html
windows10-2004-x64
1_129_a16d7...0.html
windows7-x64
1_129_a16d7...0.html
windows10-2004-x64
1_132_126b9...2.html
windows7-x64
1_132_126b9...2.html
windows10-2004-x64
1_133_fe2b2...a.html
windows7-x64
1_133_fe2b2...a.html
windows10-2004-x64
1Analysis
-
max time kernel
189s -
max time network
183s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
08/10/2023, 01:12
Static task
static1
Behavioral task
behavioral1
Sample
_102_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
_102_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
_103_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral4
Sample
_103_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
_106_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral6
Sample
_106_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
_107_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral8
Sample
_107_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
_110_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral10
Sample
_110_5ebcacb7f0e1422f0c3fa20bfaa29c3c.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
_111_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral12
Sample
_111_665e1985893f9e0701f79dfb1f99a4d7.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
_114_28353436fc2a08ffd172e8e001c34dbc.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral14
Sample
_114_28353436fc2a08ffd172e8e001c34dbc.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
_115_cd2ee54ef1b354ebb594683dac1df721.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral16
Sample
_115_cd2ee54ef1b354ebb594683dac1df721.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
_119_28353436fc2a08ffd172e8e001c34dbc.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral18
Sample
_119_28353436fc2a08ffd172e8e001c34dbc.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
_120_cd2ee54ef1b354ebb594683dac1df721.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral20
Sample
_120_cd2ee54ef1b354ebb594683dac1df721.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
_124_90444962c73a0957c0b714160a68ef0c.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral22
Sample
_124_90444962c73a0957c0b714160a68ef0c.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
_125_d6ca6183cb0582c86169bd84d40bbeaf.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral24
Sample
_125_d6ca6183cb0582c86169bd84d40bbeaf.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
_128_b667e13a527a46da3610a05d39950a7a.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral26
Sample
_128_b667e13a527a46da3610a05d39950a7a.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
_129_a16d794dbcbc7fab6c3bce124d1aecf0.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral28
Sample
_129_a16d794dbcbc7fab6c3bce124d1aecf0.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
_132_126b927df1ddfc80574fe0eb1f64fb32.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral30
Sample
_132_126b927df1ddfc80574fe0eb1f64fb32.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
_133_fe2b2e1beb6dcc9bafafe08e09402dba.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral32
Sample
_133_fe2b2e1beb6dcc9bafafe08e09402dba.html
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
_128_b667e13a527a46da3610a05d39950a7a.html
-
Size
18KB
-
MD5
b667e13a527a46da3610a05d39950a7a
-
SHA1
ec8c5480fa896ed6459b346095ab76a7d0b1f299
-
SHA256
6d7db75bda97b780aec89bbf5d57544c7a104f7e9497892e84e09aaa14f0a69d
-
SHA512
24a0a6448495fd96f6fe7c57b19ae5399d02d619c3208456e169c705059b6b3267688309923ab9a87877f499445e92716ecaa0aaf3e630ac25c3b793d940f579
-
SSDEEP
384:fZzQohtfzsIwfDx63w9v7itRLYzWVggaaWa58XL1qLatEeHGe5SOLs5j+j582I/O:hht7sIwf96AVubkvgaaWa58XL0LatEe3
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000008b7222e01da7e7961e0ef138a5a743edf1219ca13d7c907fd77cc77798689ee5000000000e8000000002000020000000d3ed6d2bc407a2069012b75ac82812c8130c0af196d98932a43d636a8169d75890000000d94788cb62919e38aaea373dbdfcc1bb025ee589a82ea9a8830b19440170aecb294c53ac68abbc5e31eae41e97aa25e1453ada2a40a56486742d3f7bcf733fc9b4881b1a3048c3bffbf25a7ec01ec9c41606803b8c41c130d899cca5b01c9e33c98369fd2322020771c8a035ae5e9245847ee759fb6771a3a88b0b6ad197c6d5e5a8bf3757d9e6d203479b2d1d2ca18b40000000171ae786dbc07dae3efd07bd4bcbaca6494f737d9435654129b6645181b6bf2fb1bfcd15beb998f8ebdd21afd57e2c0a534bb6a6590c2d1170c26ff13db3a7dc iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E712811-6578-11EE-8B15-5AA0ABA81FFA} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000d606626eee2981e558e96b7a040c832469cd59ff6dfb783e0bacbd2472511e4c000000000e80000000020000200000006a3a6ef4148b62cb2a72b9b689311a30bce9dd6e15355dd4088e269b9bac9fd520000000a3da449ac94c00aeb045d26992e78a15e4d68c14ad9375c415f06e09113abd3a4000000011b010e4fee95d94e516f0a8a5f775f0b553600db6f46960cf7a6149269b77485b8200f91964d263ca7597eff784e22384bdf6e61327cdb8dafebac06080c1b7 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "402889735" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10c46b5685f9d901 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2816 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2816 iexplore.exe 2816 iexplore.exe 2672 IEXPLORE.EXE 2672 IEXPLORE.EXE 2672 IEXPLORE.EXE 2672 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2816 wrote to memory of 2672 2816 iexplore.exe 30 PID 2816 wrote to memory of 2672 2816 iexplore.exe 30 PID 2816 wrote to memory of 2672 2816 iexplore.exe 30 PID 2816 wrote to memory of 2672 2816 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\_128_b667e13a527a46da3610a05d39950a7a.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2672
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54893d80bc040312ad54da2a5f98c0f29
SHA192b9223c92cc937e4660c675f5428695c3b49834
SHA256c80f60ac71b9904b7f9b34eac6cc744e002fe3249fffe7924b090cf9095715f4
SHA512c3207379325419f33f7947ddc82b92f24179abd2648d80e2c650edc40a7c5eed3e03f3ec5e5c208abddcbd2540f0dfc22d0c0363fb320c210ef361d233d00d14
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf