Analysis
-
max time kernel
118s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 20:16
Static task
static1
Behavioral task
behavioral1
Sample
3ac1b7de39cbb1cbefa81d7cc4d51289.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3ac1b7de39cbb1cbefa81d7cc4d51289.html
Resource
win10v2004-20231215-en
General
-
Target
3ac1b7de39cbb1cbefa81d7cc4d51289.html
-
Size
2KB
-
MD5
3ac1b7de39cbb1cbefa81d7cc4d51289
-
SHA1
443f6408ac9f1a8da473e36c7372d127746d543b
-
SHA256
143695098d952380fa731ffabf969fd39100cee797f21c5e2dcda1ddcd933ac9
-
SHA512
6b9eb924eff4ed1dc9ae7852e3a4130fc0c8f0c8e6a5c57ec64ab8007364d16f41ce2aa47372e567f0f554e751d7da624587ef66e3c54a230a7fad0a4d4a0208
Malware Config
Signatures
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PhishingFilter iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = f0ebb943473ada01 iexplore.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{80B28081-A63A-11EE-832E-DECE4B73D784} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410009941" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2184 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2184 iexplore.exe 2184 iexplore.exe 1648 IEXPLORE.EXE 1648 IEXPLORE.EXE 1648 IEXPLORE.EXE 1648 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2184 wrote to memory of 1648 2184 iexplore.exe 28 PID 2184 wrote to memory of 1648 2184 iexplore.exe 28 PID 2184 wrote to memory of 1648 2184 iexplore.exe 28 PID 2184 wrote to memory of 1648 2184 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ac1b7de39cbb1cbefa81d7cc4d51289.html1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1648
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD582a49721f35302b8517b013860f80b80
SHA1903f7e7a0b8f86859ba6d9c5d0f0f05eb507cd21
SHA2569f64ef0e841cfa2b5c848469263cf46a9a1af4cdb95ffa57d1eb257f001d4a50
SHA512dfcdb316787e9c0d2b3351c0c3d7064ac1c5c7c16eb5b9f99a85ec3ffcb14497d43d4467ad1f40de6337b516ea3e10fbf7db7afb333cfdf9111e3834e34f19d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57c94df121b74a561726eca2497a8c699
SHA1af556fd4133ebf6dbb92a02f80296d6ac6395f02
SHA256f2efce880b783b6da738ef774e0cdb7754a4156fb5992cd68efa5c5af4de0a5d
SHA5126e3f6dc6c16f1df742745c5bde139b7822c946772794b2ccc061b629198b96252e0b9cf950a8b120ddee38bada4e0d836937a221c0a74ee8aa68ba77977c442e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57cb70901c103a06eec1d97c31291a013
SHA12993f26b36ebf12fa2f150d6893670542669c82b
SHA2560c0c56d08853a5f9f52a081e3d4a95ebcb20ecd9584471cdcbb641e6136e89c7
SHA512b12fb2ff7c573381b5fa905069eb2348717b630992385fdd499ae1d0bac55aeaafd94d0ff38e027cf5b68ed4bc25622f3711f9f48d9aa8a9239665ca3aa26ddb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55c6ef9dadca8b2eb24617d24f6a1d0a2
SHA10d379f2ec283cb038013f96e42b082e0f6765bd7
SHA256f7c20829628d0f21eb0f65b28d51bf9cf4d8f5867414d5429c3f742886715f34
SHA512fab4bed525cf7fe5ceb313ffcc6d4f6e8bdbfff2df49df81ecfb7010b693d53d5048ee1c0ebebe9fac3769dfe1bd13582c4b9cfe5a1313b9c9bfedbb327efc07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55f9bb14a00f47e83f7c478dd52b09006
SHA188d1c622a26e2f3d769c5f259edb255905ae59d7
SHA25696bed9625dacb465cee62ff67268877ad8a17fd4e7955f922e85790688f8bfbe
SHA5122d1e4ca2e087518a576b435846cea56a858dfcabb0851dc8b6059ed57f301d7d9d276b373d6cd6aa60d7240e808488522cc49b5b570877ceb55c33e3b94e5c05
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06