Analysis
-
max time kernel
0s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24-12-2023 15:13
Static task
static1
Behavioral task
behavioral1
Sample
03400756465973cfdb1db2f8d6b9a5f6.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
03400756465973cfdb1db2f8d6b9a5f6.html
Resource
win10v2004-20231215-en
General
-
Target
03400756465973cfdb1db2f8d6b9a5f6.html
-
Size
8KB
-
MD5
03400756465973cfdb1db2f8d6b9a5f6
-
SHA1
3d57ad81c16e9e6fdaaa227d0eb5c71cdba21818
-
SHA256
0576954115e37f93efc44e610fa5c12235b95aec259e540ac958248da82cf9f8
-
SHA512
48c0b3a1f0dc4e049784b5b657e7d3c77dbf1243091ec7d295b2b361c14cfcbab8b0066ecf25b922882d2d9e1ea8eb2f7b794e19b897ee1cb8ab84e342e69541
-
SSDEEP
192:xfVameFX5m4udTlDrxJH0S/+GJKaYhUUTXDgevhTu:xfVamCQ4sJUSevDxBu
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BEF43CE1-A279-11EE-B218-C2500A176F17} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3056 iexplore.exe 3056 iexplore.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3056 wrote to memory of 1940 3056 iexplore.exe 17 PID 3056 wrote to memory of 1940 3056 iexplore.exe 17 PID 3056 wrote to memory of 1940 3056 iexplore.exe 17 PID 3056 wrote to memory of 1940 3056 iexplore.exe 17
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\03400756465973cfdb1db2f8d6b9a5f6.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:22⤵PID:1940
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"3⤵PID:1448
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"3⤵PID:2792
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"3⤵PID:2712
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"3⤵PID:1452
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"3⤵PID:1064
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"3⤵PID:2760
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"3⤵PID:2852
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"3⤵PID:2632
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"3⤵PID:1728
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"3⤵PID:1368
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD560a8640bac2a603436b1e26072fd55bd
SHA1c2c99b8811a190a120d36899273d9de045754115
SHA25643f14fea599639fe2346de4a639ec8fc83be328b08bf52a7fdeed31db73fd78b
SHA5121cede9ef8338a4e2aa51f865f017a15eda555f95664105bb8874e268175454f99fc32f99630b933591804a5fc59175129b2114c79735768c01881a8550256334
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD599ae7b3920ad1aaf20434dd739c38219
SHA12e64223b515ad0061d47c10d799e965a40f5468d
SHA2564724260c8884f51b6e197279c40edd92fd7fccb5bae37fc6382f13ca114bc2ca
SHA512e64af5d1b6368c91c05adddbe25247d7733a1b64397e6bf1c05a03964f7964f6ed4ee56efa23c888b8fcad7b3e7a55031a5ad61c12e2cf93bb598bdc97cae1c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52fc362749a5ba3a3d15534333a812b41
SHA112da6cc0a7a30a6ba812eac7fd1a0fee7e94662a
SHA256fc365253fc542390240c6a3b260f49cea2abe77e6e252ba778b17aabb4f06028
SHA512f0246b818421e970945bec71b9ab0bae2bf567e88443e30b3fb5dbb57b6c59887f4c486aac882a77212ff4fcf3a1abf8679a7ce945aa35ff28c68a9ad8114ed5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5062b553b93834a35fac27c3d91ef0284
SHA16264f4f1550dfbe6ec292886bf8404314ff5bc89
SHA256065bc8597fdeb9fc5b97f0bcd23bfdcc5d05637134132a20871c30b74a9eca79
SHA512200622eaaeb8594f2a12868700b3a00b09c379f74b08cb2ca6b2ea33fbf1f5bdc064689a0d333a7b7633081eadf4bc5d8a131d6bccca6d7608ecca7cfe336c7c
-
Filesize
1KB
MD548dd6cae43ce26b992c35799fcd76898
SHA18e600544df0250da7d634599ce6ee50da11c0355
SHA2567bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a
SHA512c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\errorPageStrings[1]
Filesize2KB
MD5e3e4a98353f119b80b323302f26b78fa
SHA120ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA2569466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\dnserrordiagoff[1]
Filesize1KB
MD547f581b112d58eda23ea8b2e08cf0ff0
SHA16ec1df5eaec1439573aef0fb96dabfc953305e5b
SHA256b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928
SHA512187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
92KB
MD539026a9e74bb78827b25368e0d8fd3a2
SHA18aa752e5ad11d638385697cb7b072162f7e318e4
SHA256902bc4fe8b4a94d7cb8044a0c70d7b6ea63a9b4d7d4d0d75e838c2dd88cecaf6
SHA5122a226fff542ddc863e0ea7f8e3f7f5686a45f166a3809419e962c473ff4be310bff678b54f0364dbec84a4da70fa4fb336dad2c02284a457e7d9bb9771eef21d