Analysis
-
max time kernel
0s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-12-2023 09:32
Static task
static1
Behavioral task
behavioral1
Sample
14933e0e352dead7e50e4c4f222042dd.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
14933e0e352dead7e50e4c4f222042dd.html
Resource
win10v2004-20231215-en
General
-
Target
14933e0e352dead7e50e4c4f222042dd.html
-
Size
57KB
-
MD5
14933e0e352dead7e50e4c4f222042dd
-
SHA1
71c053b1e3d0f7c8947fab83b0b175c4e4d8e2f7
-
SHA256
e83a14fc0ca1b884b1220bba04e2b0f3ff3bff28d28ff1818df8195bc38021c2
-
SHA512
27cc93c7fe998dbafbd1bc94bd3cb4cd32706357c2080f7e777487ce16937e52423de30e20808729051bc3c73f33a91ee5420ac6e5fac904975815403b6de886
-
SSDEEP
1536:ijEQvK8OPHdsAko2vgyHJv0owbd6zKD6CDK2RVroTtwpDK2RVy:ijnOPHdsA2vgyHJutDK2RVroTtwpDK2m
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D1C38591-A4F6-11EE-9E34-CE9B5D0C5DE4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1416 iexplore.exe 1416 iexplore.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1416 wrote to memory of 2828 1416 iexplore.exe 16 PID 1416 wrote to memory of 2828 1416 iexplore.exe 16 PID 1416 wrote to memory of 2828 1416 iexplore.exe 16 PID 1416 wrote to memory of 2828 1416 iexplore.exe 16
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\14933e0e352dead7e50e4c4f222042dd.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1416 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1416 CREDAT:275457 /prefetch:22⤵PID:2828
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD502b4bbe3152c016271ae1ae4a22bde1b
SHA1987aecb89c4b2357b70840fe66ae7598a244b5be
SHA256f55e6590b89a221dcfce19b2a76b71a7f66d89e09982da0d9953507ae1f5ca04
SHA51216c2daebb075288d8e9f52b6ee9e1a7fcad8ca37e6fa8409f88af9a205e6ca8e0664419641d02228cef958dbb619142d284e9bb775bce2d12a0a7468f986a8d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fc0b3ddb4fc015b37f7b2bc63a51b225
SHA1a23a39e64c52aff8cc108dc672bac3ea55e9a58c
SHA256c9106a84a93f2cf09527b30620f92aa478a00b1e429037279de408a07c6362b8
SHA5120f2562baef0d38ccd933a8987bb342c414a3ab2327a7b90a9a78ab8265d387b0900a9340578ec97e95f2d294b68a6607f6095cb7bf20284cea9423e5bd9c515e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fd7b66bb8bd427ab6dba17ccaa9836a1
SHA123ab82c7d7d84f2737eb7f8b40843ef9fceef534
SHA25668b2f9194ddca42e3ec6603d05bfdc0525db9a711b9fd76915b9c3a935a8bd14
SHA512c06d0dbeefaf3be8c2c2279ed8e9ca79f6d5ff678fc81fbe9d0ac5c876322ecb27fa86e51128d985b2b6f8a17d999285d740248fa8441df610a419a02eee0cdc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59a9e151609e501106e0290317c55b262
SHA17d60dcebe7e3a8f87f0c9b1ba8e95366dedb4c21
SHA25611ff15175401b8aab22059fa7416747554fcf74763f562b0877d5f053a896a2e
SHA51233670e450e74bc30b1b2b69ec703607518f940aac4112ba4b59f43f390848a13c6ff0fd72321a1338a7427850d85ea40385bb784715e6cdd1f60d2745e4a42eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD517fdbe5ea5aa74b00950d57912859696
SHA1713daf57b69b9a08491e929f7d487c7ac5e766d6
SHA25667311d7a4d1eb330217e71bde6dac6585a96c510dc643da9fe8f8caddf3f1b95
SHA512da56108d37c4c656fea3e40402dd73d59b66f0a332e6fca0f901c0925658848d85a81eccb8908c5224aac88d543b51cc393e3e1c14e7a73753ad714e08d71da0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d0c04fa7115865dec1b0a3ecedbfa983
SHA170cb6f6123571f78c5f444602b33ab3bc2fa70e1
SHA256cd25ee8874d393a5970ab7b06d9d8598dc80ff8cb40f4c19175306b7cd0911d0
SHA5126d96210633c391836ba764f4a2a2110430e485d40f6454c4ceda6ddce18f6e8e83c5545f93f6d46d91e863e7c25ee6e251d427692d5122bd99defe3dbe5f2837
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\f[1].txt
Filesize34KB
MD53e47ef57df160664693a84aa6943a9c3
SHA12770e2c7f0b1f5d1b7210ec273d88f49ed5a416e
SHA256a490f649cd5ef6c02a82668a15d665adc34ffc7a94979bc2edb89505df28da26
SHA512904687d537bc0c935b6b98c2ff77d48a0f7b59d1f4380cd9f1113214b698b8e91842ed89272745779a92896c2a2866b67734f6eb1255e9c9fe54ccd0e7d0909f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
39KB
MD5637d07c9b648e270ca9e73b64d22a885
SHA17013e7130639e663c5d1bd48638d2bac303005a2
SHA256613d2335e41f7b1d2a9de27ec1962b25b1c0dcef9e58b28733e0ed50d47ee867
SHA512afd1f32335dbece2c10a55e9a65fba10e075f608261d4dc12ef637a9710a1cf5d4b9ad225342dfdf3caf9e40f8ff776613cd3f6ab0e4b434b6c9e7eefe3e23e3