Overview
overview
3Static
static
3AppData/InfoQube.chm
windows7-x64
1AppData/InfoQube.chm
windows10-2004-x64
1AppData/system.vbs
windows7-x64
1AppData/system.vbs
windows10-2004-x64
1AppFiles/Expand.html
windows7-x64
1AppFiles/Expand.html
windows10-2004-x64
1AppFiles/E...P.html
windows7-x64
1AppFiles/E...P.html
windows10-2004-x64
1AppFiles/H...te.htm
windows7-x64
1AppFiles/H...te.htm
windows10-2004-x64
1AppFiles/HomePage.htm
windows7-x64
1AppFiles/HomePage.htm
windows10-2004-x64
1AppFiles/I...Ex.htm
windows7-x64
1AppFiles/I...Ex.htm
windows10-2004-x64
1AppFiles/NewHTML.htm
windows7-x64
1AppFiles/NewHTML.htm
windows10-2004-x64
1AppFiles/NewInk.html
windows7-x64
1AppFiles/NewInk.html
windows10-2004-x64
1AppFiles/SortTable.js
windows7-x64
1AppFiles/SortTable.js
windows10-2004-x64
1AppFiles/V...es.vbs
windows7-x64
1AppFiles/V...es.vbs
windows10-2004-x64
1AppFiles/V...12.dll
windows7-x64
1AppFiles/V...12.dll
windows10-2004-x64
1AppFiles/Windows7.dll
windows7-x64
1AppFiles/Windows7.dll
windows10-2004-x64
1Controls/COMDLG32.dll
windows7-x64
1Controls/COMDLG32.dll
windows10-2004-x64
1Controls/C...32.dll
windows7-x64
1Controls/C...32.dll
windows10-2004-x64
1Controls/C....1.dll
windows7-x64
1Controls/C....1.dll
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
175s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 10:18
Static task
static1
Behavioral task
behavioral1
Sample
AppData/InfoQube.chm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
AppData/InfoQube.chm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
AppData/system.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
AppData/system.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
AppFiles/Expand.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
AppFiles/Expand.html
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
AppFiles/ExpandHP.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
AppFiles/ExpandHP.html
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
AppFiles/HTMLClipperTemplate.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
AppFiles/HTMLClipperTemplate.htm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
AppFiles/HomePage.htm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral12
Sample
AppFiles/HomePage.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
AppFiles/InvoiceEx.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
AppFiles/InvoiceEx.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
AppFiles/NewHTML.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
AppFiles/NewHTML.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
AppFiles/NewInk.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral18
Sample
AppFiles/NewInk.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
AppFiles/SortTable.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
AppFiles/SortTable.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
AppFiles/VBScriptReservedNames.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
AppFiles/VBScriptReservedNames.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
AppFiles/VisualStudio2012.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
AppFiles/VisualStudio2012.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
AppFiles/Windows7.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
AppFiles/Windows7.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Controls/COMDLG32.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
Controls/COMDLG32.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Controls/ChilkatAx-9.5.0-win32.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral30
Sample
Controls/ChilkatAx-9.5.0-win32.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Controls/Codejock.CommandBars.Unicode.v16.3.1.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
Controls/Codejock.CommandBars.Unicode.v16.3.1.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
AppFiles/NewHTML.htm
-
Size
158B
-
MD5
4577e97ac92613044ba2457f78281610
-
SHA1
3527ef94997c0658bb37dd534c213f594ff4b018
-
SHA256
0381195f91ad96ff914171c5da0f45a0236486e34628481c15d0854f5d27f936
-
SHA512
b9ae1bc366641644e3144edb9db38602d375957a6c6623b59eb969387e9abb4c10028fa85b588c8b8d5a484db2d2c1023173ce2a9a930dac6c4d1eceb8315f0a
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000b616e5a098746a62acb406dba5d27e35cfa4745cff4985f07396b980522f6fc0000000000e8000000002000020000000f9dfa4d2e685cad0d88e8c0d8b698c3d25d921dedec29f86353d51d9a3ee046320000000e2cce1e58e11968e3c21a6ba73dce90f92a51b4ffd094190e3e92731be8f95dd400000005daca14725232c9ec61ca2306b2573c6eedc92f642fb4195c801518095f9cf97ecb173a12f38a5adbe8606e739a93a91ef8a1882c439e662baf4ae65ec784931 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410695461" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{99D3FF71-AC76-11EE-A623-CE9B5D0C5DE4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd769173341890000000002000000000010660000000100002000000000ccd6ed515255a25d2eb7583a11804501daf2d13e3fde1a1b78e6daa7a07634000000000e8000000002000020000000d837a47f0bb32819718031e8956d1eed8d3d1924c90a721271fbe185d8bd833790000000f9ddf8a7b13d8a35411a520950f33b051f740f720a77dce1ca96f35972003889df8837f14dff87c361fd51e9e3bc8979424298f211473f69a7cef442a2918a6a8e8cb8dd08cd590785ca53f793ec62f47b83420db68c3e378fa0c247941931e0962c4efce9fecc41e37df7aa8e7d104640ce6ceeb36ac4d272dcbaff4b7f8b0574267df43e18f4d614558eb648e05836400000003250b20b982082a7e4c080d467e133379155ff1412b0e58495ee03a42d2820c0a34ad480bb079a1dc6c62654e7d726e30e7de2ef076eaf82117a79bfb3a1e1dc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a00e0b6f8340da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2392 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2392 iexplore.exe 2392 iexplore.exe 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2392 wrote to memory of 2716 2392 iexplore.exe 29 PID 2392 wrote to memory of 2716 2392 iexplore.exe 29 PID 2392 wrote to memory of 2716 2392 iexplore.exe 29 PID 2392 wrote to memory of 2716 2392 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\AppFiles\NewHTML.htm1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2716
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dec1967d4625f9c2e676ecb279fb749b
SHA1f3f6bdebc43103d6b80c4d0bc1b5ad0156ddec3a
SHA25652d9231d5f3b72cc522ce2b7dd2e118740c65422960e97d59f43ae661f303b0c
SHA512310024bbaf574f3fdc298949ec7d435556c106bb1db01cf2fbdca9bfb24f49e83011536c4819b62841b55f2fc02bdb502d537e3a00e69376cdc05bbd15363e82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dc91a4c504ce4454fbf62f24f76e8643
SHA1d0b1ca763951d4338952e3360093189c246a4340
SHA2569566c7bb269653f71ce7e97a082d1690b1b1becd6e15508c6608d7576db40c71
SHA5125530d7424fa8a92d768fb85b5a61451905e6e255b9e8dbf4cd5ffb0d03d75c8bd1da0841d954435cac6b9c81b0963a8f3b7356c6fd051cb474601cd7252bdf08