Overview
overview
3Static
static
3AppData/InfoQube.chm
windows7-x64
1AppData/InfoQube.chm
windows10-2004-x64
1AppData/system.vbs
windows7-x64
1AppData/system.vbs
windows10-2004-x64
1AppFiles/Expand.html
windows7-x64
1AppFiles/Expand.html
windows10-2004-x64
1AppFiles/E...P.html
windows7-x64
1AppFiles/E...P.html
windows10-2004-x64
1AppFiles/H...te.htm
windows7-x64
1AppFiles/H...te.htm
windows10-2004-x64
1AppFiles/HomePage.htm
windows7-x64
1AppFiles/HomePage.htm
windows10-2004-x64
1AppFiles/I...Ex.htm
windows7-x64
1AppFiles/I...Ex.htm
windows10-2004-x64
1AppFiles/NewHTML.htm
windows7-x64
1AppFiles/NewHTML.htm
windows10-2004-x64
1AppFiles/NewInk.html
windows7-x64
1AppFiles/NewInk.html
windows10-2004-x64
1AppFiles/SortTable.js
windows7-x64
1AppFiles/SortTable.js
windows10-2004-x64
1AppFiles/V...es.vbs
windows7-x64
1AppFiles/V...es.vbs
windows10-2004-x64
1AppFiles/V...12.dll
windows7-x64
1AppFiles/V...12.dll
windows10-2004-x64
1AppFiles/Windows7.dll
windows7-x64
1AppFiles/Windows7.dll
windows10-2004-x64
1Controls/COMDLG32.dll
windows7-x64
1Controls/COMDLG32.dll
windows10-2004-x64
1Controls/C...32.dll
windows7-x64
1Controls/C...32.dll
windows10-2004-x64
1Controls/C....1.dll
windows7-x64
1Controls/C....1.dll
windows10-2004-x64
1Analysis
-
max time kernel
224s -
max time network
246s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 10:18
Static task
static1
Behavioral task
behavioral1
Sample
AppData/InfoQube.chm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
AppData/InfoQube.chm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
AppData/system.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
AppData/system.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
AppFiles/Expand.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
AppFiles/Expand.html
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
AppFiles/ExpandHP.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
AppFiles/ExpandHP.html
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
AppFiles/HTMLClipperTemplate.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
AppFiles/HTMLClipperTemplate.htm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
AppFiles/HomePage.htm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral12
Sample
AppFiles/HomePage.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
AppFiles/InvoiceEx.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
AppFiles/InvoiceEx.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
AppFiles/NewHTML.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
AppFiles/NewHTML.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
AppFiles/NewInk.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral18
Sample
AppFiles/NewInk.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
AppFiles/SortTable.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
AppFiles/SortTable.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
AppFiles/VBScriptReservedNames.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
AppFiles/VBScriptReservedNames.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
AppFiles/VisualStudio2012.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
AppFiles/VisualStudio2012.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
AppFiles/Windows7.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
AppFiles/Windows7.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Controls/COMDLG32.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
Controls/COMDLG32.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Controls/ChilkatAx-9.5.0-win32.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral30
Sample
Controls/ChilkatAx-9.5.0-win32.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Controls/Codejock.CommandBars.Unicode.v16.3.1.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
Controls/Codejock.CommandBars.Unicode.v16.3.1.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
AppFiles/InvoiceEx.htm
-
Size
6KB
-
MD5
b499ac284542b26b7b01c08da0ebba74
-
SHA1
db88af3e8163eec261c692314984f1d1cc74acea
-
SHA256
12e98ad7e9ec2d0b8780e07fe0ca6624714f425f75ded7a0be3f8c0fb83995ab
-
SHA512
cecb074d99c95bf78016f7c9c3b66b22f660122868688cd31a944ab039c022aa30a72c3a6719ff848aedcb213dd60b908f096fd8df77f00b2b7fa289975f7e96
-
SSDEEP
192:BpmyxXxxyrpuy0y2y8dfwPThyylyyvdh4:BEpbP/dy
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080579" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3532466071" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080579" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d228e40a7820b94dbd5c7b6846f2f5ad000000000200000000001066000000010000200000008c87e1bf2d638f6b7b4132f9c90648f0446837269a60250197cbd47002f10c06000000000e800000000200002000000014b08280122c6721f1fe215ef8718ba7d33d5b1afb33aa0cb247a7939d2e8dd920000000761bf534f815102b8c65b7a9b09b9e1bc6401850d8a1ef696edf9512c00e3f9b400000009c3c99286ecd9d29293d10e28c30431314b6a3dece36e621eab9838f817b5bd522141f8d3e3c6e02b5358d8aa238b56c4d95fa38e3afe8d6cd73c1df316a7c4d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{FCAAE185-AC76-11EE-B7F4-72AE6231743A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3532466071" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0e091d28340da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4004 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4004 iexplore.exe 4004 iexplore.exe 1740 IEXPLORE.EXE 1740 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4004 wrote to memory of 1740 4004 iexplore.exe 95 PID 4004 wrote to memory of 1740 4004 iexplore.exe 95 PID 4004 wrote to memory of 1740 4004 iexplore.exe 95
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\AppFiles\InvoiceEx.htm1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4004 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4004 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1740
-