Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24-12-2023 14:24
Static task
static1
Behavioral task
behavioral1
Sample
00acd052c7684596af64c913ea50a486.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
00acd052c7684596af64c913ea50a486.html
Resource
win10v2004-20231215-en
General
-
Target
00acd052c7684596af64c913ea50a486.html
-
Size
44KB
-
MD5
00acd052c7684596af64c913ea50a486
-
SHA1
afda36a600e1724142a90aa2d942ddf374667024
-
SHA256
b5c8a710ec246b31722ef110978869dd371ebb9bf99ae4feb7bad1896d5ea860
-
SHA512
16b4a0eb5e451027c82bed41648b719e0e47f5349ade92ffbb5883e3f73f834ec420a8a84a2a28853c04acc8ddc8794a0d6d59a8423b876fd0f4b622979c10f6
-
SSDEEP
768:mwS0l/sGVLsk8ejW4mTNn2obselgqvMg0ny8Ak:mZJtdselgqel
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409594718" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BDC1C6E1-A273-11EE-8E99-56B3956C75C7} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1019a7c48036da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000e8979c86e7a9d9c585073390c50d4c8ac622cc3d980a700b3fa0e68d92b24bfb000000000e80000000020000200000002fd91a9741d0d7843bb652a0c8b56ac910b76bd0fd155f6b967f78e29a4aea04900000001036ba4afc293b2b563f78b08c1726c441a02d2eedb9b97e9e2feef55e667cfcb5f9bc0f5fa899a2abfa3612ca1777004dcceb9bfa6ae8cf53e72b5242a848b94588c468963f59a03ae1b605e7d0f00ee4aea1f46c76f1752572badf67372020bc3d6a3fc5260177d7ff0df698d1ea5acce7ae32f5e565b53f013302a5d2d7eee48fb899a4059cf1868ea68f592fd6cb40000000dc7c21657d3c54bc2c0945801b206608e16a5a6b1b30a80c934d07b63c20afdc167af33555066ec482e9ffc3efab9e5723724b269c1ee7f46ef5d6971d246c25 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000016c5035c4a81029472a26a2da7814ee3e75b93b7f911826a9137fc2d82fc2a99000000000e8000000002000020000000069f358251413f3a96650972acc0ee0e47ba0653404fcf51dbbd02a31feee25620000000b6e62cc1aba0336e5d4bd1880bac4995c498f90dacf10a8f7732e81a02efd934400000006071b9bac03ae26c1d205e6981faaed820880f47746a70ef06be3bb04d934e26095d432153ddcc0788fd71f446665d21346d6006c594bb1d17c1d1fc05d62f4b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1728 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1728 iexplore.exe 1728 iexplore.exe 2668 IEXPLORE.EXE 2668 IEXPLORE.EXE 2668 IEXPLORE.EXE 2668 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1728 wrote to memory of 2668 1728 iexplore.exe 28 PID 1728 wrote to memory of 2668 1728 iexplore.exe 28 PID 1728 wrote to memory of 2668 1728 iexplore.exe 28 PID 1728 wrote to memory of 2668 1728 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\00acd052c7684596af64c913ea50a486.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2668
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b86cb508b08f2b9fa1c75bb125ad153e
SHA16ba654d33f5dbf307afa36da018c0a2ed82d1e90
SHA2568feb668f95aed49b7ebe835102c248f34eaef89f781a0a5099977c23d14e01cc
SHA5122aa2f3597f3632a759e5d9c9ff6fa5ef83ee4fe2cf007d8093bf911a07101fdf559e607b046fd2017cd64ecba40f9bad6051733093b42dbf41a9eae97ec77b6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD599e24c90e89867e59b0478be0858b42e
SHA166cc7513e59ecdd38ea1a53964c1afe160d27424
SHA256f42b7258eb6e27dd40c9e4ce90dd05181d7cf2d3ec4b92b0ca6f42864aff4663
SHA512ecbd9dc7a4873b21c6ca9313b04c0fb949fa27b35d99912219220490d24d9c4e74c45e2019feeb329680e5e22fac3e7f3af15757dd3a9106d9540158bffa143b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5734ccff86caff626da017cf51cbeb02c
SHA1308c5cd5a147f055991a85a71dd6277c317658a3
SHA25692d47b5ae9daec9798690159228596a9dad5bdf58459d4a621bc210d3a121a44
SHA512a37a8dd5cdcca76cf3404a7da4e8646ffc8d9a4b0f8c08d8d04a46c4a21f5b794bb1b75f5207c0209ee715300796da77f2147bd105d0391c908c67c9db323900
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c8c641986f0c14e9b31e7eb800ea5785
SHA1483183c23aa35dda34dd5a72d3fd9fa4c3df1d0b
SHA256caad517b7530000abbf3a9939b7f155a9aac8233323f7e351e306a049dd52a26
SHA512cbcd44be6b7b5912b563540abd64156d544c79f777d24c39807fe8ec1142d41f24a669717a26abe7a2cff70e7a4d91371249d06b6011bc06dc0bdb3fc14686ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5775af69e6eba41546c8ef5191545c835
SHA1d9fdda35a949d4dd8190b49a6a1460f1f3e1cb96
SHA256ee5ad284ddf32cfa72270fe1979344c9cc6bff736040e6a72f168ebb0a70ce97
SHA5123198ec542d1b28a9b79db0678a4923f1753d8d630ba1a785c7d603a0eedb6f9d285df535a75bc26589385d2825e35a7fdbb3bab2d731fe53fd3b6cc55af80900
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d71e5f6f4bdbc66163ba6cb05475b2fa
SHA1289dccc5359f0373657081b62de1b5201718bd1a
SHA2568e2fdaf2af50b2648f0c947985a619a3be8a9a84885243c800526e41761bd471
SHA5125b547304492813fed2879c408f374ab2cc06cc380b735d6febbfd6ddf3cd11a7b563536c9ae13e807adb19aa2b6b8728ceac8418513d98fe0532567130cc32e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e309a0483911b32ce0a770839a328709
SHA145c5f2e7c5e7ecfd30089972799d5f6cbaff204f
SHA2564ba226e4cb9ac14aa44c826aa29f1e2415982eb092cd9e1510bb16be9fa31209
SHA512122b178ae5470681cac6c693c1a2c1f37f6f0b39b3d13cd349aa89673cfb5e4e2133bd88be50e8abe2c7a4d5a121b3ad7468c15906d7f0b7ed1da3287f3b48c4
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06