Overview
overview
4Static
static
4BINDInstall.exe
windows7-x64
1BINDInstall.exe
windows10-2004-x64
1Bv9ARM.ch01.html
windows7-x64
1Bv9ARM.ch01.html
windows10-2004-x64
1Bv9ARM.ch02.html
windows7-x64
1Bv9ARM.ch02.html
windows10-2004-x64
1Bv9ARM.ch03.html
windows7-x64
1Bv9ARM.ch03.html
windows10-2004-x64
1Bv9ARM.ch04.html
windows7-x64
1Bv9ARM.ch04.html
windows10-2004-x64
1Bv9ARM.ch05.html
windows7-x64
1Bv9ARM.ch05.html
windows10-2004-x64
1Bv9ARM.ch06.html
windows7-x64
1Bv9ARM.ch06.html
windows10-2004-x64
1Bv9ARM.ch07.html
windows7-x64
1Bv9ARM.ch07.html
windows10-2004-x64
1Bv9ARM.ch08.html
windows7-x64
1Bv9ARM.ch08.html
windows10-2004-x64
1Bv9ARM.ch09.html
windows7-x64
1Bv9ARM.ch09.html
windows10-2004-x64
1Bv9ARM.ch10.html
windows7-x64
1Bv9ARM.ch10.html
windows10-2004-x64
1Bv9ARM.html
windows7-x64
1Bv9ARM.html
windows10-2004-x64
1Bv9ARM.pdf
windows7-x64
1Bv9ARM.pdf
windows10-2004-x64
1HISTORY.vbs
windows7-x64
1HISTORY.vbs
windows10-2004-x64
1arpaname.exe
windows7-x64
arpaname.exe
windows10-2004-x64
1bindevt.dll
windows7-x64
1bindevt.dll
windows10-2004-x64
1Analysis
-
max time kernel
193s -
max time network
218s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
07-11-2023 13:59
Behavioral task
behavioral1
Sample
BINDInstall.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral2
Sample
BINDInstall.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Bv9ARM.ch01.html
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral4
Sample
Bv9ARM.ch01.html
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Bv9ARM.ch02.html
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral6
Sample
Bv9ARM.ch02.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Bv9ARM.ch03.html
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral8
Sample
Bv9ARM.ch03.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Bv9ARM.ch04.html
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral10
Sample
Bv9ARM.ch04.html
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Bv9ARM.ch05.html
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral12
Sample
Bv9ARM.ch05.html
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Bv9ARM.ch06.html
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral14
Sample
Bv9ARM.ch06.html
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Bv9ARM.ch07.html
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral16
Sample
Bv9ARM.ch07.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Bv9ARM.ch08.html
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral18
Sample
Bv9ARM.ch08.html
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Bv9ARM.ch09.html
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral20
Sample
Bv9ARM.ch09.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Bv9ARM.ch10.html
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral22
Sample
Bv9ARM.ch10.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Bv9ARM.html
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral24
Sample
Bv9ARM.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Bv9ARM.pdf
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral26
Sample
Bv9ARM.pdf
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
HISTORY.vbs
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral28
Sample
HISTORY.vbs
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
arpaname.exe
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral30
Sample
arpaname.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
bindevt.dll
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral32
Sample
bindevt.dll
Resource
win10v2004-20231025-en
windows10-2004-x64
General
-
Target
Bv9ARM.ch10.html
-
Size
6KB
-
MD5
eafbc5930737621e96e3572d1cb719f4
-
SHA1
1f11dc541f11ad5a7011bcb052388c52a2e0d268
-
SHA256
919e5397232de541ca532f83360c77c7c12cd03183678150766cf4cd47acb907
-
SHA512
bfb6e9e5ddd06688e7b79b36f0daa8b1c401bf2b555888007479dea8ee1c4602b3fca16aa0cf617defdb979654b5b6dbdcbbc68181fab524c2b988b9d7459202
-
SSDEEP
96:ZBAvOHe5T50VV2yNaLgAAKyfdytI4gYI7XJ4zJa1JUC/byKD+qmWzrzbKpmAbsdU:ZyvOH5OyNS28toma1tDHaHPTy0
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80247909c311da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3479840617" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3479840617" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31068610" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31068610" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0D1450E9-7DB6-11EE-B196-E6DDB52DA3E4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a0c380f3628804cb3442a54a74494fd0000000002000000000010660000000100002000000035fc89d98b09d4e48de1d3bfce680ff6c65f173a348b067e75c78d7e992b0b4b000000000e8000000002000020000000100935ddd0baddd743d459f23d88d5455174e1ff9d6b28d1cf6a8e1b4cd4b26d200000002493d4b1c624081b415729b0b3a1b189c7fe4a6455b8fe3a617b8da55bcc2cb040000000bd9b326e99da4e67dfa7f8a646c03bae62aa17047a6506eb85993efff3fbc5df4381330f51476abf3d07f170d66448a3c2940bcc9453d20f3473f9d7dd4a64cb iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3388 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3388 iexplore.exe 3388 iexplore.exe 672 IEXPLORE.EXE 672 IEXPLORE.EXE 672 IEXPLORE.EXE 672 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3388 wrote to memory of 672 3388 iexplore.exe 89 PID 3388 wrote to memory of 672 3388 iexplore.exe 89 PID 3388 wrote to memory of 672 3388 iexplore.exe 89
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bv9ARM.ch10.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3388 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3388 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:672
-