Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-12-2023 14:48
Static task
static1
Behavioral task
behavioral1
Sample
26e279b54b72198fcbac1e67d6758682.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
26e279b54b72198fcbac1e67d6758682.html
Resource
win10v2004-20231215-en
General
-
Target
26e279b54b72198fcbac1e67d6758682.html
-
Size
13KB
-
MD5
26e279b54b72198fcbac1e67d6758682
-
SHA1
05aaf34feec6540b532754e03e9d0d926daa8902
-
SHA256
14e6fe980d89f71cc1ba99b9f3dcc2bd24e6ff43ac6fecafadf980b71b175e93
-
SHA512
460c62dea017e629ef73ccc6918ef02ee6065f38aaf96c866dca87d4c5da7377a1e7e88dc0475a32b5cd6a3d868f886e44fd05aae1e3aa953c464af697ac5159
-
SSDEEP
384:ahMDWYV6fx94bs3GsL3THyAAHk9TRM5KR1oqt7WPh:xDVhbB23zyAA8TiQjt7s
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409742341" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000008c1ccae5c18c35772ae073fd003eebd01a751c3c7c7a57fa69511d6fd05d20f7000000000e8000000002000020000000d4a2484359930dcd97f89ef1d9166d850204b848cf6b42c2cdafb9d6a8e55bcb20000000b0d1320fce3d6664fa95158742e462d28fbbe47380321ff38e2a4c93670ef1e54000000045f1adf4c0ad4316ddd404ffadd8cc2ba94dd81a18de40bd62a565c5268f5c7d2ac508e58060c11d4cfadabee7d3e51e49458dbece959f3cc9d7e1017e83989e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{705CAB51-A3CB-11EE-A552-CEEF1DCBEAFA} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e91786640000000002000000000010660000000100002000000095fa2918f65c0387f660d1acce63bf24e8d941424efb0281d8d6621481224ddd000000000e80000000020000200000008bc8c49631441d968d0f53e98a26a43304e14069aea55d4deb804e4690fc2a4b900000001f966569e82ada87eefb0c9beb62938dbfabfd776a9922deca5901f46cd097cba004378b762798386d6e3aa76c9938e09f2957b64df9305931a4bbd752f5b1012301327f7aedc0988cc4de55e00366f0e877995ed8d955701942e6f843f56cb6f5fe7421f518d855ba230868427fed3505f5632dcd2cadfdf7236477d4567aeef488fb9acb56d3c3512df06841befcbf400000005ffa11d961ae2ddc74274c5006d146a0dd0c9436d9e74f43ea92fa29d58e1a9949270709b1bd3a5c6347b5a415affb1ded1adee28621cfcf99daed9ccfe55051 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9085a84bd837da01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2224 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2224 iexplore.exe 2224 iexplore.exe 1964 IEXPLORE.EXE 1964 IEXPLORE.EXE 1964 IEXPLORE.EXE 1964 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2224 wrote to memory of 1964 2224 iexplore.exe 28 PID 2224 wrote to memory of 1964 2224 iexplore.exe 28 PID 2224 wrote to memory of 1964 2224 iexplore.exe 28 PID 2224 wrote to memory of 1964 2224 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\26e279b54b72198fcbac1e67d6758682.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1964
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5791972e83ae9c5ba435414da7009026d
SHA1880fb9ef2b1b493fdcad60e129ced9da4c01db5e
SHA256670e9267e5efaa125526e89d38bb191ffdcb2c1973470ac89a19c03bc86e93d5
SHA512d0b2be68b953cbda00960b8542858145a0aee4426f3fbb5b177104d79b8a8959050704f82348e38f0ce6e30269d6dd515543d49653ffd5c44f018999bd9f3102
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dcc8f3c84abc43d9e68338ca4956594f
SHA1e584cd985bd4043ab39c35f5a6149113f74d04c6
SHA25685aa0be4bf7b1106804e4f113ddf889558e4e2d67d405afa7747766feba13300
SHA5120db8ac1f92d29975e425fe7f32a6beb12feb48aabf904d9416d5cd800c12976e2dd6c4a4cf0a48cef53344469cd8b540e42ee11f83ae6568de21e08aa6a440d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d3d469665ec39ce2930fe95b9e9cea3f
SHA13fe9d3c1e58a9bcb936d1221890b5ab9e7487bdf
SHA2566b8fa1c2b14e5d60b8592467e46feba720e23ba9132256413b879b6d1ed67626
SHA512ec39abd250f489cad6cedb40d2b358110bb97c3029a81cd8f4bc7eed9a301cb297f6ea2844a2ae05e71ee6bfcecff4ca8a3697c5f16516cd10ac56d0920a85ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD528b34fdf4e4085b18eb4577980a6b2c3
SHA11db21bcf87e2a9574ecb83c5f2587653551f06d9
SHA256cef83f889a30b6fdd37b0a4570d5788e8ca67599a24dd18be0b4630932e1e9a4
SHA512a34fefe7cdb850b0736fdfbc06519badc438429f0e39ab7e36bd52d1e6329326f65ec3c0012f021bc9880c6a6c33b9489b51fdcca6dbbe25ce8051ceea98d185
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55527d92c871cf56b27eabcd68d789708
SHA13cee12a790ee3ecf8b7fe088949ea28a4405c2fc
SHA256270b0bcaaec52ca28def520f66c53261355b89246c2b762f0d57df4b3287efc1
SHA5129470e081c69eaa191a4632e5541fafceb5976143c37501ae2cdeba0b2c63dc8295e8d6f6d99f1ad288b7c8d82319b8980f24597c1acb06b3fce363862232079b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56262c4d53b27ee66924ba45abb5bb715
SHA1941253dfd9bed8b1418fdf6856144021e7d38f49
SHA256e813bba133a36c629520f44057989c911a7a453501d24311eeb657227108c155
SHA5127ac09a300c20540d8ca82065fa230a46108f640d2bf05293fce661e6ebd4fbc8eb3643fa98bde7fb6bbd445ee1f6e82c90c38358b4fb42ae9970aaa7b9fda986
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD519c7c9da3829aba5e5df6d4838ec476e
SHA1a263c59b4e5df4e519f6a786c607d2b60851e91f
SHA2565d158e713734a1f0dd5640afca3fe1fd2c5ee2e7e7bdc1bca4ba3da206c73a65
SHA512cca99b3cec1768c677b294aad529f1a342476fa31f109074bb0b5c71a47770ff8501dff464a398a08187de8d650639a60d89be1fb596beb5aee42032aefb39f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5901a9f34fab08ec03fd7687371a3013f
SHA106a79a38707419c283a355576174a92a04ef436f
SHA256afad3840530c9b487e8dec61eaadf52ec517aecf10019921ea1b20064b411cd4
SHA5121453cf11746b498dbd2451c81225e8ab0e229c44b05a8c7ce01d34353d6ebb3dda3c16f49f1cff4c2168d78cf047034e1980a2cc9f7bd47304cb2d3906012248
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD550c6b57206bd58bd57b937aa84d99fc1
SHA1fa12afd816c2caa072604361ef30b9674841ce6c
SHA256e3009bc3adaad63e7b5bd28d1f96b1620aa9794d9c1bd06f9161406dbad322a5
SHA5127720bdbd91fa80ed9be303fba890cc89f1b9b70f598624157a9b759be911715dfa479aa788578fc84df2ccebcaf20b76c9d4ebe9e60d832f6c4c15deb7b3ddcd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b7a28782a78a24528de03b43d92f5e28
SHA1584916e168ae4db2e7a3a7aadeec635408dd82ef
SHA256c9a6c928cab60293c62227d8e4c4b01439886277263b930de887fb2d491cbcb4
SHA512202179ba751a25a921447ef7ebb1d81e2e6afcd8061fb9758f5a2205af798279e0447dee24f52a81213e3cd81bcfe7375252789d0272f787bddc4a21f67b78b7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5527ccae42237ca1b52c8a6395572063d
SHA1acdf0fc6200a4b48e4f7d170deea51ee44308c33
SHA256bf9ef0d09ca941e1faa88a9a1e6e899b4aecf985ee7ee225018c978284baa4f7
SHA512b7030bd88e9997d21bbad032698f02cace3c2cb38e58f9cba5f4835c68a2d9ff2402ddb130af1d450c32c8a27d44d38869a5fbf1c38bef7a0944d5c3741f71c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52f4e328d788822fafbc323bf11b8f605
SHA16ca1f42d6eaa59e70a8f2d31c549ddb6e21cba2f
SHA256fb7566b313bcb0a04dc3ed8494ccaedfd4ca4671693dbfb6ca5ea09b3fa2c27d
SHA512d97f81d36328afb1dc6b5d69549fae51d399020dc962357ea8c16991260e9235424f460affc3d55e6fee0f5b1e848d073f4809ca4034fa437e8e93090f62ecc8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD512e71b526ccdf7e7bf1dea28c803f05c
SHA1d083116fe95b4513aa184117cae07062291a5935
SHA256a842eb6774f419a3a7c2c314d79311d821b0b12ecb69cc123d85d0b15f7f1901
SHA5125070af6058799c10b310923345f59ea38afe5b582b95bf8aabc9315d9b4adc4cb5d0093194c40a17a5e1275c16b68a83da4c04e4169c9c44a922994a2a183544
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57d8687fd656c6aa78e53b5d9686607c8
SHA123c94c8b440a4f759feec8489f36206004dccc6e
SHA256a7c0faf1e1d77ea578d7211e6c63b3530809ee801c8b410eafdfd9cc8cbdea57
SHA512bd53bf6d2af840afb6e57e05fe0c85df9e029b61838a37f78f284305171a4a41a4d4c8669729c7e9f878c23d4da7cb0f1db10f9ff181b5971cf336af07ab783c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a05fe312e8e7d079aadad915eb206f7a
SHA15770862a28fca9b4f940ba5bfc65197d65be6e6d
SHA25693eaee06d4a66158939b1c124014fecb90b856bd06f5045ad14b8ef16ee2c502
SHA51262c8045a74d8079d194e190ae85acc1f9528d02371a8fc4ff1df2b63f6f205283c725ba9a95adac07f25e667b93ccd7eb2a66b1302ae9844088c7d8769f12c01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5db3d4e6cca57194a35392423da4cabd1
SHA1d72d52685c5411d0f41c1f2cdead124a74d148ec
SHA256ae676240fbf208e250ed71d8e9831c759c7f7f3a2c3ea7f094ef466282123a28
SHA512b4c8ab179a83952538cae1e0cab00f44a26d90a718896e1615e30ef5406c4c7b5869c66ef7b2cafa1e6c0129fcc3527d119e23bd5a18b146c1f07c7f40a6ea49
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06