Overview
overview
3Static
static
33D Analyze...ze.exe
windows7-x64
13D Analyze...ze.exe
windows10-2004-x64
13D Analyze...LL.dll
windows7-x64
13D Analyze...LL.dll
windows10-2004-x64
13D Analyze...t1.dll
windows7-x64
13D Analyze...t1.dll
windows10-2004-x64
13D Analyze...t2.dll
windows7-x64
13D Analyze...t2.dll
windows10-2004-x64
13D Analyze...t3.dll
windows7-x64
13D Analyze...t3.dll
windows10-2004-x64
13D Analyze...p.html
windows7-x64
13D Analyze...p.html
windows10-2004-x64
13D Analyze...da.htm
windows7-x64
13D Analyze...da.htm
windows10-2004-x64
13D Analyze...001.js
windows7-x64
13D Analyze...001.js
windows10-2004-x64
13D Analyze.../mc.js
windows7-x64
13D Analyze.../mc.js
windows10-2004-x64
13D Analyze...ll.htm
windows7-x64
13D Analyze...ll.htm
windows10-2004-x64
13D Analyze...k2.htm
windows7-x64
13D Analyze...k2.htm
windows10-2004-x64
13D Analyze...DA.dll
windows7-x64
13D Analyze...DA.dll
windows10-2004-x64
1Analysis
-
max time kernel
132s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
10/10/2023, 20:19
Static task
static1
Behavioral task
behavioral1
Sample
3D Analyzer 2.37/3D Analyze/3D Analyze.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
3D Analyzer 2.37/3D Analyze/3D Analyze.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
3D Analyzer 2.37/3D Analyze/ForceDLL.dll
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral4
Sample
3D Analyzer 2.37/3D Analyze/ForceDLL.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
3D Analyzer 2.37/3D Analyze/dat1.dll
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral6
Sample
3D Analyzer 2.37/3D Analyze/dat1.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
3D Analyzer 2.37/3D Analyze/dat2.dll
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral8
Sample
3D Analyzer 2.37/3D Analyze/dat2.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
3D Analyzer 2.37/3D Analyze/dat3.dll
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral10
Sample
3D Analyzer 2.37/3D Analyze/dat3.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
3D Analyzer 2.37/3D Analyze/help.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral12
Sample
3D Analyzer 2.37/3D Analyze/help.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
3D Analyzer 2.37/3D Analyze/help_files/3da.htm
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral14
Sample
3D Analyzer 2.37/3D Analyze/help_files/3da.htm
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
3D Analyzer 2.37/3D Analyze/help_files/geov2_001.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral16
Sample
3D Analyzer 2.37/3D Analyze/help_files/geov2_001.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
3D Analyzer 2.37/3D Analyze/help_files/mc.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral18
Sample
3D Analyzer 2.37/3D Analyze/help_files/mc.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
3D Analyzer 2.37/3D Analyze/help_files/scroll.htm
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral20
Sample
3D Analyzer 2.37/3D Analyze/help_files/scroll.htm
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
3D Analyzer 2.37/3D Analyze/help_files/ts_back2.htm
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral22
Sample
3D Analyzer 2.37/3D Analyze/help_files/ts_back2.htm
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
3D Analyzer 2.37/3D Analyze/hook_3DA.dll
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral24
Sample
3D Analyzer 2.37/3D Analyze/hook_3DA.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
3D Analyzer 2.37/3D Analyze/help_files/ts_back2.htm
-
Size
3KB
-
MD5
f445f5db00df518f24dff0baae1d22a9
-
SHA1
e2515df492fd1201bfed481b3ddbc7f07eb9e6ee
-
SHA256
0e539a7661773583fdbb07f17b99694964429c45484ae7062e097cf74a3f06b6
-
SHA512
d3ef3fdb15e06d3d0873a9262b84dba633a682d2df187cf2aae2e130f35aaf69ba3fc83d55aa5dafbad27c38ccc9d4927e410ce0e696383a45c73d0fd8669943
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3106566929" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31062967" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f00000000020000000000106600000001000020000000c988bc5f1aab16da9a8f5c2e9f2429e2ac96835ca48bcbedb6df23cbbbfde293000000000e800000000200002000000028f5758392de2ef77d294b623a1c6b6c3fb75626b83c2b40954ca168e14de1ca200000001b1786e833a992d82935f28633cca03bea22e62378a6cb02a5d238d36656ad55400000000c57f4b422861909b52080626d3f9613e0e4e6865565ce0f7b33fa2585cf39057b352c60fe90fa9a8be21015ccea72e2434f76dd952df70a777d1a9302d9cf62 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3106566929" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062967" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403734398" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062967" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3167955941" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5073e4beb7fbd901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20a4f2beb7fbd901 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E46F905B-67AA-11EE-9D98-7EE370C9B5A4} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f000000000200000000001066000000010000200000000e0f535c8ed2328a07dd2fc736d3acd3332a41f33608adc290c20e6858a91f1c000000000e80000000020000200000003a32f7b37216393dcf1276eb73c0629556e3e5a46c7012ba404f762fecfe9c54200000009e3a0392a2c8ac99413e6da54464c70cba8e8ec28578a673bc2bd6db920e8ec940000000561c6c4a3486c8f057116a1ef78d53635abb428c407ff819bbc794bfa57c7cfe0a580d6ebbbd9488ac08dd5ab5d48ac19e137f18aaa4134d83ef4f217ab05f4d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3360 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3360 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3360 iexplore.exe 3360 iexplore.exe 2776 IEXPLORE.EXE 2776 IEXPLORE.EXE 2776 IEXPLORE.EXE 2776 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3360 wrote to memory of 2776 3360 iexplore.exe 84 PID 3360 wrote to memory of 2776 3360 iexplore.exe 84 PID 3360 wrote to memory of 2776 3360 iexplore.exe 84
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\3D Analyzer 2.37\3D Analyze\help_files\ts_back2.htm"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3360 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3360 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2776
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee