Analysis
-
max time kernel
119s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22-12-2023 15:09
Static task
static1
Behavioral task
behavioral1
Sample
d28db881e86a2543fc6ce04df6726775.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
d28db881e86a2543fc6ce04df6726775.html
Resource
win10v2004-20231215-en
General
-
Target
d28db881e86a2543fc6ce04df6726775.html
-
Size
1KB
-
MD5
d28db881e86a2543fc6ce04df6726775
-
SHA1
592f54a66878ece0a8b3ace56af66ff9931e9e06
-
SHA256
cac138d0b976dc8590f23ab0c96c23a2930dd5a6f593b1d89ddc476d2e16ad8f
-
SHA512
c66cf8af27f5d6ea7f7dc48a1fe06b1ade6a0436b6a2712289444a58f441b1c404ef71888ccc7518d2f094304df0989076687f74f5a45a284fa390b0ff2efc2e
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a02615f21036da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C4D3BA1-A204-11EE-B665-FA7D6BB1EAA3} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000053e1741a578eeda4107d1fabd81fb4b27a27d296331ec13e126812eccfb2f3af000000000e8000000002000020000000bae128923c0f39e52f1673a13d32bde9f24446b9efe8f720d28833f1ce79ef1c200000009b97410781c5a498173b9d55e2a40ab6c5303a74cbe37595c9b0e6cfd017fc0b4000000026385d121a72544e3fc7466935fd678969834eeb51506292f61a11fa81c5d78b826d39b498705c7559d45bf6d09b524945768a796068343ea8699fdbe254c8ea iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409546805" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000071c339d3f9ef25f4fbb2f768185289597b939ee205c78819303e92bff9362224000000000e800000000200002000000019717dd755af313633fba331bb9e4e7a5b61a6bce17bf107315d7273bfbe307e9000000092b5fe17f88bb2afa2e70946ed4f7f3aac8712e527bf313f9b7c5cf77392373f9e022da3513ebdde0561d6d7d997d54f438b3942ab9fbddd3ac0f0a57b2ddc1217653b0d2de0ce418ec80a6598603058e4eb01e30dfc52857350a08a1ce971608b0a5f8abac06e66b693041bc7520592959d008d0df2276ab0ca77b8c32e24247b589639cccdaef5c868bafdeacce50240000000d053e0538ba169843850a345ccd5950e0cc28cb7a4bc11261d87cd7b514b4e2798455829cac7cf7e064d2e3b9dd71d591e879d26302ae8c5f66a8f8023ce7a6a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3044 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3044 iexplore.exe 3044 iexplore.exe 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3044 wrote to memory of 2120 3044 iexplore.exe 28 PID 3044 wrote to memory of 2120 3044 iexplore.exe 28 PID 3044 wrote to memory of 2120 3044 iexplore.exe 28 PID 3044 wrote to memory of 2120 3044 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d28db881e86a2543fc6ce04df6726775.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2120
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5088a37d5df92b917a887ef15d194bdd6
SHA19240e1a791e92eb1afed103f04f57d27497899e3
SHA256d6489123aab84877ce2ea78aef82363e957c4e3e5350f3e3a315c235ed8904a1
SHA5123961867d796377ac87ee0c23d87887741d73262983ba9287395f33cdb31bef543d0bec52b493da3e6504fb5ba578368ba06154c31307e153759b976dcf590660
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53d9be79563a3672e2aecaa0b4158d1be
SHA1146a66e68f8c0b3b124ff5ca85f568017c498f75
SHA2562d7fabc272b62c3ebc177f22f9b5c3738d9efb27f5f158c068719ea0c7e6b5a6
SHA512a3604644f455d2ef78241dc7953b3e66671e60c8f16b8f2726243105969451ca7bc22d68515c066ba0cf13eb09eb38d3b6b4c1e60f40c800bfed0616724c9ba2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f56cbaa67478886761d16e0b1aa98c6c
SHA157cf647a81184603fc72d2f8db7a07c77d7389c8
SHA256470c68f6939bbb277394c7433af4dbbace6e1ad879970a38206670545d8f56bd
SHA5123abe03043a763be7ef872107acac5e4b86f695804b0bff132db86eabbd1d8c994f48341676ae9be3ca16ad58cb0dd8677ef54a1d732283a9e04245ba84732a20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d20c0334cd50442a9662db9926b6f0dc
SHA1cd89494e3b958f5ad3c43bcf1a84650ed3ec5939
SHA25651192b4c9f832470351968440007e5c3a93208dc4577012e16230e0f905675b1
SHA512453ab3131dc905a763ee45f7c7d92bda6b7c18b0e4996e65cdab1e1ee35b0c9a580a9da1e71ba3df6348ae4fe21465a84200e2a38910a570189f12a786674726
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD545521c4ab65af041185fb1dae9d61fe8
SHA16cac22de542b14d30d5eb8aff107fa2b38bbe056
SHA256c7fc8040b83184c3b1b132abef8bd58e47cab54dbd5f84280d748d5b4d997a67
SHA512a5e7582b15ecfd30fbfec44f6e0e59c7cfc8d6b654d97cd8d86c7b8ea0038199ec3077e09eababfc3bd8359379b0836f42aa636a57aa15105521c7e8f1ea0cb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a6e180c2e5ea7da889b76def9a14bbcb
SHA1da081f8375656c09ddb117c5cfa385cdfcfe1bfb
SHA256836d0c0b24432256e6024daec60c352a0e51bb74a554cfd2ad0c4604e1587453
SHA51212455226246bfa61eaf0d71d8f7cfcf07a121983bc54edc94c2e3fb7aeaf901cce2d240f155caf37a6b3dea70e72519f8ec9722fb5c0f7feaa93ca1eb871b2d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55d5cc84c7d888798a08f309850e1c3bc
SHA16c993916d9cd9c616945867abd0096501571745e
SHA256447d3d11694f78a09a9dcb4b0a4d43b8092fbba9fd5ccd079a5d384848560d66
SHA512a22b3086f5ce7a03e9fba1d567b5e67abfb983c59c08b0781574f5db2ccb77a2f9ea959675129d8b343a884f29a1ae67c085d758ba5aa0485b346118fae942ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD563ac50229a00b90b39b6c6d18739137d
SHA13e90147e56170bd09bd67a0d04099d90edfc106c
SHA256491fe99b7b5726bc794e0ca4dced1d954b0e42bc75bad289f047fcd251d7661a
SHA512150b701531c1fd80b26a9a25b8bc0142e9f8837423f79d449bf40c5e83b35d0b9380ee5ec9090559da3eb8d07c7a2d20e0e28961f491652bb5014d417ec509b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58e0eaf1714bbb567412f9d4f1c32dc5c
SHA1c3f5b9d9a73534e3826d288fc9849ba4245ff371
SHA256d922d23df870390a44ddddc96a5b4b7c3a071c5ec3ce0bcd468ee26c7add0e45
SHA51250a923ba4caf3923c84881d1b53ac359a26efd6e05565c730ceee97795dd2797a4a2a355a3fd03f3134ea578de99a4c58fbca8f9b0cb621ad0bde14954b75bb9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b14384e063ac9eb99bb7062a6a4af09f
SHA1fea8a8828a92b61c6ef4b5b4468dd6e84a6fb4d7
SHA2562291d8db89c8b44c9c5b2153f836944eca4d7574af252a46ab91556eb7e62a00
SHA51282565334d6490919bb817bdec99643d514d613b365648ec75d1aa6e01f36dd919b0a4b9f14fbd533d6569fd17352a24e5fdaba53dcd85c9eb5a7aea591b510d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD573535d0d54ef78f0ad0db90b7caf5853
SHA198c6a7a9679b1b2bd5474c26a234acc33040335b
SHA256c8626ff1b9e7fcc857efde112295e5cd8a73cbf8424284c50b354ada24a6fbd5
SHA512c10c1fbfb0ab525f2f9496486d0b4f05d9b96ca2426fed2639fee093da310ab48471080735cc08bc4a880f9c15dfe755b9dceef76b6b750c0c4a8a89b1da7a19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dca0d54e21bf5adaeba398ccc8886609
SHA162a5d04fc4233abb4c3c5f03b24c21c78d47df8f
SHA2568e000a1fa8e93cd93c819b8342d34e40dd601dff7ccb1cc1d05447d0267cd6a5
SHA5122a5923d6b8f8d68f4912c44b2246fda78514aca1457609fdae8f366f3bccd3a2440001e536786f08832a25803c7ac8f62183c2b2ca32bb684997b4b735173bc1
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06