Analysis
-
max time kernel
122s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22-12-2023 04:03
Static task
static1
Behavioral task
behavioral1
Sample
5fdabc06f4a57ea7ddd133c4b5ce7d4e.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5fdabc06f4a57ea7ddd133c4b5ce7d4e.html
Resource
win10v2004-20231222-en
General
-
Target
5fdabc06f4a57ea7ddd133c4b5ce7d4e.html
-
Size
601B
-
MD5
5fdabc06f4a57ea7ddd133c4b5ce7d4e
-
SHA1
d99a14ccae2363c852dab0f87ede753b7a21197b
-
SHA256
1709670bff96fbcb15956a7e4e3575ae2a991e97cbc76c5eee1e7b1c6c6b34f9
-
SHA512
2302236e91c847e29adcfc68748a57959acc7bd2652417b8cfb3c9bf43a49e53223a816efbb04ac9290af51560ab0d8c0075e3dced4197aa512ece182d4d375f
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000c01487760cffea1559ade43f7c9d4961aba5b27b5c213ce8b104939e9fc45f0c000000000e8000000002000020000000610ad5510a1a466a5d2326b8427d0a6262bba2ead3dd53dd4e8566e89c5d799d200000008a422e98b947803d1b7dbccf2f5928bbee7a331286069a539bd422f15b8938c94000000090f4501dec280b31ae04befbb3def99b8c995fd0f1245379e9330be1484d9d5e4bf0c119a674168b1d2ba0f783a99101cdc6e1471a0e38b5d44e3ee9169a71b8 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000d746bd798a2d308e9528da0e75ddb859ea24570e135e66c2acf4f814871c8bad000000000e8000000002000020000000be37ddb34a071a3c2a2c598978d9176483c831ba7ac3e3b124806929bfffbdd590000000ee8996903d89d07e04d69cf0ccae9fccd6d3dd8537d15db9339fe49db579e9bcaaf1df830750d71fcb375d29c61c32bb1b548f9da51f7ae3e3e9808281e81e0a2323b6c055e8ba05f2758819a13467067e90fa63ec3920633414cf2a842f367d1ea98aa5858ebfa1933d1e63e3cda0619821b809c35ee5ad4834773c2ba0fa526e5de765feaa3ace2297f8f3126fd13440000000e3984154ddeb2c4252f41828bd5649ea68c79c153be736c40ad06fd55c845d269a06a79ab4dfff53934cfc5c788aa9f783684d825f30ddce15a82e2a58b0f9e9 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409478958" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3748B501-A166-11EE-A83A-5E688C03EF37} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0cf2dfe7235da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2300 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2300 iexplore.exe 2300 iexplore.exe 2648 IEXPLORE.EXE 2648 IEXPLORE.EXE 2648 IEXPLORE.EXE 2648 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2300 wrote to memory of 2648 2300 iexplore.exe 28 PID 2300 wrote to memory of 2648 2300 iexplore.exe 28 PID 2300 wrote to memory of 2648 2300 iexplore.exe 28 PID 2300 wrote to memory of 2648 2300 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5fdabc06f4a57ea7ddd133c4b5ce7d4e.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2648
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52f2cb88b8baadd065613ed03fe5900f3
SHA185e8d32372f759ec91efa8d6be130504b52c7dc4
SHA256d653954d8cdf236b9864dcf142d267ef3343b922040c8945f56e29c97dd4b899
SHA5123fe81a1fe71877a79993d6551791a34dd0df01b6232c7b1ae8453b52cb058326cbb1dfe5f50580f2b44dd34646b60270c641f174724c7032d89f5d6f1f49daf9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD533249d05fd97a715f09751006d22fd22
SHA1539b2556abf4ea23dde34e4a121fcfe5e0ba5b88
SHA2560bf5768f6b73fc08e48bdd9abccd7b3291ec59e178f9b125f7e04b753edd201d
SHA512e872f4813c2270177e0c0ee4f4bbc1481237ce839595dc0e53c79f6f20cce922ac854fbf632646b15956e7b651d519c0425bee820197d9c273b3d9d0457ba30e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD502b0edba9d2935e30532809d65b51280
SHA18755e10efaabce4b58110ecad9a6f40af0717dfd
SHA256169a86967c9917b1e091772247334b173367074245ca1cc3a3d2b4086bc28229
SHA5129aece63d558faf6e9fdf7b8a7be3e47722aa89b94659189ec0a18f069420eab3cd3069f4abb88b6b3f1a1ca91027adc1648c946532686838fdbd93beb77fe03c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52ac56003be547072e87c4f032a52c999
SHA1145238f02c16b3b2518a8f0e21b980e23ce66821
SHA256767089d56b1871194fd721585f1d367a97adf259fd743ebc92169189197405be
SHA5127d733e7935ff5689d698404242fefb85bf0d91989d2cb9842df448483abde5fbddb2622fe5063c1df1bbccf114eb2b0986b8b4db754a294f00159c3acee92a48
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52d469102dd1597eb693361ab43e8feef
SHA17a0fae7a2d9805b3f7f1e6a2402cdc296cf28027
SHA2566655b52a43e86647511a13819f6f52911e8371ed583ffa075ef306fcb0c4c955
SHA51298fc87d414c68e24d1248ad30048a2a6a9562488020895c2fc6110fc216b73735297d0b8529f746495fe930a60db8529db8139fe81c9a0b854373c180abfd6bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56269bde95d6c6bdbddcfe092203e3c48
SHA1ebe66adee8dcb018abc5aae5d0d981529c9f3d60
SHA2562a03e65beca447e7f87883d8ff6a0bf5a5a995789b670df26092668a9d8fec62
SHA512777d90b1c77e01733b8c4186b7289e4abee15697cc616d32673e2e0f7cfb8941e4001a017bf7d68020789e5ffa02fec5c8cd017065ff5e636df7723f094eb711
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD538d124f8b053558faff481752a5ce8b1
SHA19db7768eebee67844544f6fc64e637fd14cf28d1
SHA2565ab0f29cf5555dccd8c7fef5052dc7727f7261e65751a981f16c1f1790adb39f
SHA51261df2c85a86c61a2bc49b4d518f46da62c5d744b46216ab714040096a59efef77390d156ee0011e7636394f77292095d208e807de4e61f1c5d9639e5f6a04ca3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5603e3d8b9f51ffe53e8c5f9f8a76cf2d
SHA14bf3b51959b8e7f764d19311c22386aa5c8e5ca6
SHA2569abc4ae3fc45c8716fc8422f759cb7dee60808f4e9de23289664f531e7b392a5
SHA51203ab08696282fb9abbe8a1380f8af2fae4197306bc88483e11cd1d5dd5f42146b355149cf34a3f1343052c74e8704af7238828b151a42cd7ce24cce2dccaca53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bfc9ae4b24885fc53f1bdbcdcf2f6d87
SHA1e52aea4fcc3b7679b1a64f3d8792ddfb43abf913
SHA256250ec5118406ee940977d917894402274189f8c10b200cf133f0067a435fead1
SHA512c8bbc12e224be14adf8faab232dbbd234cacb269567d85b51b1962d97f7e6e1f5bbfff17d2093bee792f4586c34891c028e84147c1c1f50176a4a612fbcfbe00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5470597da9095b8bd4b6fa57d7f8c36c5
SHA1f95d39ad69714dc4f4e89d1d4440fb2c68884b8f
SHA256433ae94016fd9730abcf62559c932b523173c9e6ca2917d9fcf155e771bf8d91
SHA512a77fa5e3471aa88037b441682b7b9ad03cd215f0173e5c5af012f2e6dfab32e352a1baeb269dd644b3668759b328ba6f983d5c94fe13f5dee3343612fcbfd7b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ed91dad7ad434c90f6362db8410cef22
SHA1eeabcd518a154718076f44bed72c779e99e69355
SHA2568e2879728e3f5e8cb32a77157c48605e233a5b469f778411931def9fda30a3dd
SHA51281c790461bc7b62f43e53d8df4ee6056740ee7077af42bf71d3c99fdb688d038d5395417591bea4eb7b8def2b88cff49440c4a542e2e44d70099f6c49ca9717c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58d6367b43703bb7117f44c7c33cea218
SHA16c43a4b60c8cb636b91bd160984e71fd78255fba
SHA256005e0f3defb5d5787b0e2dea7c2290f2278a196b3e0fbc8d01811ff85c50a325
SHA5127791d84ce3864f775f31af36eb5d7236d140dc5dfcaccbf1383f6a2bcbc69d6d38a20a973c2fabe8a9dc25fe83c9ca912fae4d709cc5418d487c9a6759728574
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e3cf68fbfa7c4e3458501e2fc29aeecc
SHA10430acc6d776135bfe0298d38f570adf1105ad97
SHA25696c099012f98ac9cee93035fbcb29cd7510a9b1affe57cce396e51ec4630d177
SHA5123a7063375af964a8a326cf0218ed6f36f2c0350d3b27944126bbfd19ec57d0ee380e10b6fb0d0177d311ced612694fe41e7401f8c798d45749a1f4b7dc0e1e9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52f3edd1b85f04ee42887f02a3418f51c
SHA17dcfaf1c2aeb84ef95f07f285bdcf4abbc943f44
SHA256103a4978260b82ca088114273252763a44da7cfe03eabc3726adaebf50a32fc3
SHA512ff15bf30236377fa061214b2f4b6221bc6e45db602804a69ac065df4c82becc806391b81cccf6ff4837fa0c431f0310cfb729d8873e7427c6503e73905cbcf7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d840b05fde216e029efd6824822d73ad
SHA13d479b858f42f8c0dc2ebbaebc74f625a6427ef8
SHA25622284ebcef6f290071395343dd385ecb7ca6e9470f8ff6da34f76aa82863b538
SHA512ffdc2ad3848a16f865e2a6563a2378c00713e824ec41e63909aca9b2c740279f84e97cdc909ae7ba0a4532945cff1263b3748a42fc3f02481d028a3ca9027307
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5393403285ed5fa44220b3894aa264338
SHA1e7ef627dd3f7433a50f6306c16654ea7b724468c
SHA2567fb66fc3409d0836e171efcc386cacedd55b083d4e5078aee3be087b085f3619
SHA5124d60299aef09c69da0542de4ddd898ea7db6058d45051be753090534d7fd161c8161f2780ccda3288b728d2edbd54866db3efc25b495660fd4a3f99737ebf3fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD583c71f2b4379dff65f609c904ef79937
SHA1ff950b27ed470a3512ed89f474e8c58e275c5763
SHA2560949a5302b5f73683e8c9a7265c9d8938c08166c988539fcbf2bfb7854e5e47c
SHA5122c289f0e2f6ffc38761f5d0c17e500b484ffbc1484a39e6b14b5694231db09ada7199122ca9c0dda94fed5798c202cc0defff38115b834af1917c13ad384f8e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD596b5ce847d2311b9f42b735879eebeb4
SHA11e03feb3adadbee5622d5b92bfb9bb04fe2ad2b9
SHA2563affdafe9faa005e5c80ab3b79a9f9a635c79828c204cfff2b6ab46d4a6110f2
SHA512d7c613d6e1615aac8cb2bdd6e1b530dde48510c4a353260070bdd5a31326e353862d8249015971d4fa49b10b1b5a65b6bc9b19a48730042af5a6f671f4323f59
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06