Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-12-2023 11:39
Static task
static1
Behavioral task
behavioral1
Sample
1b7ece090fe619a303601512fe0b9ccd.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1b7ece090fe619a303601512fe0b9ccd.html
Resource
win10v2004-20231215-en
General
-
Target
1b7ece090fe619a303601512fe0b9ccd.html
-
Size
23KB
-
MD5
1b7ece090fe619a303601512fe0b9ccd
-
SHA1
e07ecfc113a6ba3e1f38b6843fc2503e65fd5c0c
-
SHA256
e5688d2b4b05859457ec4747a0ae81d9cbcaf2c3f999722d6f11d11c7f7dbdd4
-
SHA512
7c8bd672869d99716d82bfe51312aeac25eac3acce1d7f562508eba1879b0f602ac30d252389d7a35b110bb9fde33e82c320b136a363c517b484ca4bf1d639e7
-
SSDEEP
384:S0RcX1pyyt7Pbjbfee84cJHTSM3zZ8E81XFhwyijD48VtjgcXF6jq:S0RcX1pyyt7PnbfRv8zSxFMyMD4ujgcl
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{013D36B1-A536-11EE-93FD-5E688C03EF37} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f51ee44239da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409898063" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000056ec4defa8bffa3d963ab5b2a1560e24b2886f5dc94963e81c21f1d6c5734903000000000e8000000002000020000000102bb6d160eff1393e3f523f7e11960f89e10c8a3d914e04e8369fe311f0c1a090000000f068a5a4ae5e0c07ece61192369a4f2a46bd3ee7c50480d99d796a32c48966eff4140a192c5bd93f470132bdfd11f0a955b3e9a8ee58b6aa82d91cae200c0971b1f650963ffe90a6e650a78b770e013947375dfcf66d93c2ed95925b494b4ce67907b4afcf3e82c3f541fa57f14b496e1e085d4904e8ae4fda7569c21f0deed46c91f5147da143908240a0dc408b7d5a4000000076365910f9d7d600e190385181341e5d3c214eacc28a703e232ed37f2d0fd9b3016ef329d49b06c77afd41893754f138d17ad8fa66a613ec86cd7cb2a45b015f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000ade99cd87475954e26918dca6a883210908b642ffb98a1e823478e0cc3fdee9e000000000e8000000002000020000000dbcdbf243e8fc188fec1856b15ec4e5363bcb11c9e22adda96e4d0caecf0a11c2000000010720a35e809ab408e3e2d0fdeaf280c0e5e41e2a6ab516e8526acc0bbcea4ef40000000081a58e14e2d5ebd0dd70b02fc8642d8b0e7b60ebbadda64d359ef21e08a4924daa28fd76e4e8f8277be261465fc2630aa04bda3464309e2832c637da0d38d8e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1272 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1272 iexplore.exe 1272 iexplore.exe 2804 IEXPLORE.EXE 2804 IEXPLORE.EXE 2804 IEXPLORE.EXE 2804 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1272 wrote to memory of 2804 1272 iexplore.exe 15 PID 1272 wrote to memory of 2804 1272 iexplore.exe 15 PID 1272 wrote to memory of 2804 1272 iexplore.exe 15 PID 1272 wrote to memory of 2804 1272 iexplore.exe 15
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1b7ece090fe619a303601512fe0b9ccd.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1272 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2804
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50a8e2c2df676525f027ee9239760bd8a
SHA143bda715f98b317e4a2d0a573ad7106ab67c62f5
SHA2560280de1e26c605a44ed686f34cc7b696560b452007911e1f55ba63625932e0a3
SHA5125aa61a9dabab8bf2c3a7659e5547d751e13a9869462cb0c2615b6fb95f2a5c5d8a99c989608bca73ebb5df8fb591f294446cd5f0d98edac6149a674e9358f3ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD595eb4f2b57120c60939e97f90b0d9aa0
SHA149934c49fa3d404928b5c3e87f9746dfa65d644e
SHA2567e31ccb91fb672e5796e42d9cedec94c54b26147dd151ed50de0d0d3b20ecfb8
SHA512e3a76969664f983d8a03524865b4e89709409712dcca5c92b383a764508083df721be542e804f4b899587aa64880e9e13e5fc1bac075fded1bd6811a616c73e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b6018ec463a16f4da54008825b8cc7dd
SHA11a609e6aa8359158ab30f9f6704a57827ec4fcb4
SHA25654fec09ddd9357620c3bfbc645bfb9f15365a9c06c5f0bafb091111b8628579d
SHA5122a36210c4342bc6448385aa9158f12f5056e47104050b86a555c38a87ab30e53c170d8320d40d797bacc2c9eded857c7a0c5a2468f46103a14b793b1f5cb6155
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51632b4e312d34f18e17f38c1c29a30d9
SHA15229e2bfcb6df44508e5e4e9645b521fc6518183
SHA2569e5d1cb2b0e4af1ba55bd1657ac59e4e8d22b3d9e487a33519d8327c4eac726c
SHA5125ec7c5b7f62daf4a2051056736522d5c5d3ca401627ac9e7b993b4c2a610d8ada62c4ead923424add11bee6ba7225fe043b7be3f7792a0f0007564d8236301e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD544636a12acb95724b476d88b7a97c061
SHA16f003e1bff65f3e4d8806e379bc8d19e35ffbb15
SHA256a581ded3e2713ddc16f10dc8d85a37187d72b17003a6a50a2d62424caa23fa3f
SHA512667b06964d515e36c2a89da13d7f03e9a2327cc80a2e8191a0143463d5e80a9e19bee16ffb1c5251e44780773eaac6a9aa0a5be8e015eaf68188acde6b67d7ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ad2e89824c8ad45b07adedd875496665
SHA1cc1e80b94e1b7eff4fa643e114ecfd7570079673
SHA25641e3cfbaef6f285f64927df1b2293f6f0850348118e3e180c2786be5d410abb2
SHA512de2c452057efe0247a2c4c7b90424e58f59ab4b3fd810ba0be9fb3a8b87855ba8e02c8572289241d928008f5ff4d8eedf899b09cb653582293f8070dc91feb80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5929f1cb72c0130954b8ee1fed2ff828a
SHA1cac39f4240a7b7c87da20ab4b5119b91525f23a9
SHA2562c007577826e1b9d3a0ba0b14ee6d81beb929841de369e86948f9a6e2f607971
SHA5123ee31f9dc88e237e72999b26096925475259c35e98b48ff1417ddd711f67f79f8b073c9f1b42628ec9879f2ea50d50682932d97a4997f021c2f350b738a26257
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06