Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-12-2023 08:26
Static task
static1
Behavioral task
behavioral1
Sample
11eef737bc086ecd62b996fe06e8ebf4.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
11eef737bc086ecd62b996fe06e8ebf4.html
Resource
win10v2004-20231222-en
General
-
Target
11eef737bc086ecd62b996fe06e8ebf4.html
-
Size
15KB
-
MD5
11eef737bc086ecd62b996fe06e8ebf4
-
SHA1
1d50374cbf4fe46b84e0591b884e54ba4fee4152
-
SHA256
75a8c920fa388a1b9b925f78647fe000ae95371214efb32529c3e25d118f78a8
-
SHA512
4634ed48c6b03b2d083f3bd0025fd9ed6991a91e8e0dd0d13b14d69ffe46c8d7b53065cb85e66d5ef2bf2c6a97058fa105269144982655c2b4f572c00332ce8d
-
SSDEEP
192:hpy2wBFqdezx/NxyZbNpLdFdhJgnSgsV6fYRsAR0+bR1rSxuDphnIhXINZnLzztG:zezxl0FdMHNqZssbqHkI
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000478a325c53ca8cfab97f62d900a2c0ad5690ac4807a704fc953175ad0e9795c7000000000e80000000020000200000008c83a99b341575dabf79fdee9e5e40438306f493d4dc302d37a9fc5ed678b837200000003c5b5028e8d0e7586dc8dd65755746e44022aaa282634e979b89be4f4f12a04c400000009d443cf6ba76054d9986283e3a5f21863d6b4ca3dd6041a28bb50a2ec7486fa87ddb1e14ed95fb5e7edcc413fa812b2ccb9bb46380016d9ab2984a22c9080b59 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409858033" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000d6a249ea86e8993fcbd1b3284447fe9a012b4f729b629b32fda7ad51f33fa7db000000000e800000000200002000000003e9d1950c098e11805c6538c980f56287f0b65e21a4b04d50a5a417f4745c4d90000000012d5c5bf343c90507e5396bbbaae064c0c24a9a379c2b05de9867eb2c7add40642aac1b0f187e67b33758664280d1811a76db666612188384b2b0ece4bfc001c5628e8e3e68282d48d0e59e512b9b1eb066c082149c6db630f89bad837665d4dd40f81792ad6d6b2c6b5a9dfc7108d1439b7bf914a8c7c55a287f4e50db81dfe68968027744b54a8d86b0f14e6a5f4f40000000b76059a7bcf1b6746f2fac065dc5f8a23c31c72a58679ac47b45b0d29bcbf2a86b4fad176e01442dbfd4b8b2923f49ba37973a5591a88038cf2cafd5532ea4bb iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C48185D1-A4D8-11EE-9D00-76D8C56D161B} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c090e09ce538da01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2288 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2288 iexplore.exe 2288 iexplore.exe 1700 IEXPLORE.EXE 1700 IEXPLORE.EXE 1700 IEXPLORE.EXE 1700 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2288 wrote to memory of 1700 2288 iexplore.exe 28 PID 2288 wrote to memory of 1700 2288 iexplore.exe 28 PID 2288 wrote to memory of 1700 2288 iexplore.exe 28 PID 2288 wrote to memory of 1700 2288 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\11eef737bc086ecd62b996fe06e8ebf4.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1700
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD552e3d1609f76b57582c8e708b951fa83
SHA1387c47e056fc4ef40b2b5b0f2a4d50119cf1d032
SHA256fe5f5f6aa3d032fedbb3ab5b970be2cbe9e76161ed1b08beecd66ca4bb261964
SHA512f29f5edaff6e024187d481e41a6dc911d31b5d1e872b7c747033201a1ee64bafa226015dfeff36fd89f860de5f7f3e6ef7f5531a30fce765985cfdbbb1f829ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5586d96ec285a1c9e3529030486752f9a
SHA1083c8d6b9cb194b1be1b60e1bed7a9c32b061196
SHA2568b617386f6b02a842951b8114f43463bf6e2b794e7f94f03c91983350f596fe8
SHA51267f2b2bf5592e770f9a7e6220ba9b2dd26163b41a9846d7273332ecf7df687abcd4dd33f31b32d2530502a96e947daadbdc46388466c6773203866dcb96283c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b676be7300b59b1e3d43e93609a4fc6b
SHA1e86d4f3c9eaed9ef224a409019569a664689b87c
SHA256aee6581c152874595c76237063e898b9e995c6f584b5a488fc761924a44183ff
SHA5122776450fae4658ef846e909440b2c81092c66d3bc13afadd5d8e1c2df93dd724b4c9428dc341f0107cd723cbe5a5401f52276eeaebf706be2743f529e9b512e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51ce412dd57d6f022106a2577bd503b3d
SHA10ffee9ac118ea719a657eac6b385104843406ab0
SHA256ad288eddea49b9c268231e5d6e3b0ead9e55afe27e09ef35b4ab23dd01cd5e3c
SHA512abacd5a6042b9b0701440dd987293a71bb6df3636afbb615e8f351a93f55b75244cf3692f178b3556e1e916f79deb58524f63bdb47dda6ef3173d5ba362f95c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b08214a7b070df25cab62d64fbe00249
SHA18d3c791a2e1badc0fa3c971bf7616dca9287fb9a
SHA256ae75a0e80d81a1c545e9957e4ce7c702c2f56ffab688f6415c730c71eb037163
SHA512db546433645665ea8b95a599d5e2bedc3acb09fa2784e30e5cdbfbb4bc0f6700c02e966499d24fff69de80d1d23051ae121e0af0023b1514e2f0582c9e1af3ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD529c7625c82f7b60ac18e6b61874b0f14
SHA1d5abcee29d86385b7e7463103715874eee16f706
SHA256eb922c4d74d7e35b9a691c96bb7722203c3d9ad56c63c71bb92e37dd93d8c5ac
SHA512e22d0930312eb5e9cade00739d9d9a6b19292320722be4b69d5363994d3e096e205f2728e95c6e166cfd1f4db22b0725c342bce922a78836f902f6a454b30fcd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD549e99c4844a71e2dee85401332a18c9d
SHA1d586b22f63a46ec2da5ce30331423291d4144b57
SHA2561425dce2cb21c65ca85d4e6d83fe946e98605c61f05d73281a9396576cecd1d9
SHA5128e3fc8cecb4af1e152288cf32ec0b4d8b55988c314d6a7dac995e78c4edbb00a411c13fc8ca54e5dd8e07c95cde079b64a7fbe9a452d1bc6b4b2ac652cca9c2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cf1261ee27323d50ecdefa687ee01105
SHA1a55a7e34db6b5c7d4d4333045d6ad82d2db198a3
SHA256c29fc5b85d8e89773dd4ce21d21202d6d4bd35a9d4505ec0fe77ee5d6e004013
SHA51253a695d845dc2466950c59a9dea76c97ff3cf35901da113527aff0d37096243386f3254162e9f894770c5550ce5063228647b221b4e199c5571dfbe2ff14a1d5
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06