Analysis
-
max time kernel
119s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26-12-2023 11:34
Static task
static1
Behavioral task
behavioral1
Sample
6b1ad4e5d52f1bba8e8d5f95083182a4.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6b1ad4e5d52f1bba8e8d5f95083182a4.html
Resource
win10v2004-20231215-en
General
-
Target
6b1ad4e5d52f1bba8e8d5f95083182a4.html
-
Size
928B
-
MD5
6b1ad4e5d52f1bba8e8d5f95083182a4
-
SHA1
db40348a8153c1d7a52f6a94cf113dfae668baed
-
SHA256
7d067db55009e56d9de9f516e258793c138f7d75a49b37ec7a9d750ae4a66ccb
-
SHA512
8526d816f8613350458e9c17ca1a2d6df6e48a6b2058cbab461eea8668caa4c007ebd4a0fba287c719c08b93af00b19cbb40874966a51619cfeaf74a83a243e6
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{57CDB511-AC8C-11EE-AC0C-EAAD54D9E991} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e071c12c9940da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000448c0c56671a32296b010bdcdc2250345ccceed01fa99b8a1f1293a1864f9baf000000000e80000000020000200000003bfdbaea96743bde74e9e207e52543659e57b8c4698b2923a98dbd3faf6828ba900000004a67068fcf87249bbe3bdd37e25775b83c55c9575ebd4fb61100379af5cdcaba24a4abd094cefa17228afac136974847939fee606656e81e42dbcaeb2bb855d9e9f93ef8bcc857bacb15565fc29955a720d4750ca11b57a3bc25b21dcc6f83585d6ca670cd82bfbe9d44d2e8bbb625ea2b849491a901dc5502e033f51f1a8009b45f22e4a6352f6082779ada5e89aad840000000605023da56736a0ca66ed2dec809737f25e87bc3c1f871f6155ae3113d84b118ee31323880b8bc757cf80e334bc7ce17d1fcf817b5d2e1d2d1d112f5c594bfd6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410704806" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000a3af9fc06bdfa083c6c60df55b57c986fd16997a51642b7d4ae4ec20cc09d240000000000e8000000002000020000000579abda6c667947778a09f91a5322c6310c443ac85423ddf88c7913e98dc5dd520000000ee03ae65a0c5eebc139f21acd1ec67619dcbb52ccb5fbe8b4a7e4188e7da76b540000000ec409e7ed99f3b65ac6900473ca37a736c9de5acd58df6194021565ea7c41e841d89479a504a3d4fb001187a055cc02f1ab31fc4ca100bbee2395d1cca09a363 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2976 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2976 iexplore.exe 2976 iexplore.exe 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2976 wrote to memory of 2680 2976 iexplore.exe 28 PID 2976 wrote to memory of 2680 2976 iexplore.exe 28 PID 2976 wrote to memory of 2680 2976 iexplore.exe 28 PID 2976 wrote to memory of 2680 2976 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6b1ad4e5d52f1bba8e8d5f95083182a4.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2680
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bd642261f6458224fa4813d611799136
SHA1491876b76bf24b1a7478938243f2e99eb4d41ffe
SHA256474e6ac55a85dce6fe896b3939baec4e27f1f33ab95f0833965b2141d8971215
SHA5124617a9e96ffa8aa3b32342d5e92452f61fd26b397b7f296d86cc9a6a8588efd2452431ac7110e35cb5a52d4bad66d11f28444044e1d0b4f8b0a261ec21ad4135
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dce7552d899f9ac0a2386ed3137dcafd
SHA1f3502605fca1c5a276afc8a19c6b97370d71974d
SHA2560b7c317b3b2891d9de903d05da8099fe6d58c8d3f4b2cb0243518789c987ce1b
SHA512e584c7028fe684cfddde4094364c03df3b3a97ec3e6b0c3d8435f3e83d9ce648e8863e29f0933d4d5345963b27d5e69a4246d32725e155bc0cedc68ef1e5aa8d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ec8643478adf287a083fa34d2fbe753d
SHA1045f64be3e1c48044548519f8abe12c60c5eb914
SHA25603b1c560d71adcf138ebf0cf90af1267e8cca3e9e50db7deecdfe508caedc52b
SHA512d73be7d25f22162b910b992ccaace12b34d9d5a78100e76abec718fab7361d4dc07e2ab8893d1a5ec8a3548ea3eb4973e0f4deaccdc033f6b4ea16add5658ab8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD522fcba6c16ed8103d068c18b72f0934e
SHA1a3cafdc0e07bc204e4c02a8e88af4a99873e39f2
SHA2568ad02aaf98a51261a79b38ea41fd833a28cab9e8104d289cb3f974f5a929ddb3
SHA512d5ee18eda810fe16acff3efc856991f16c0b7134fcef61a5c662293d65ced380ff56a9aa4db66662c218142bcfb557ab3679e4ba13071ef4dbbd6e1aec11d3b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50f76884982e475aacbba91d8b3d39886
SHA1c44c50279b7e9e2365996e473d301844840ac92d
SHA25614a54d664375499c9840a4c62f51beae25441ba7efe6452a869e8dc0fc04c37b
SHA5127ff3c9adbd9f39a29b2582a97be76708daac801bd19b5a2185478b969403fb2f647272c3f2d16af42d732a8e2ae90c1fb734a8fad666a3508fa1a4e85fca5bf9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53f14cc085533781bf4d313298887723b
SHA19b4d54a36fc6f08d30befff44d72478e95831a40
SHA25628117fe6fafe29627279099b9c51e94982c229465cab9b9f3165c4b8ff3b8813
SHA512bf8d8cf2219cb1c80fc4d19d5f70d3618e98b5045b97e49bc5b530e299512c2a020f13a8e8a644ab9133bc73059ba0df95950c8942dd56cc7d4afa46f5e02924
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD516036f1592826252e5c747940a73053c
SHA109d223c2ab3b58e65a97f5951aa2f197098f1d91
SHA2566e9bb7824f66cc3b6b77abfde714eee5bfcc57901bca1184595000b29d042e1a
SHA5123a7edd49c2ff28c9c34272d0bc1665f626e003983ba05c7b78af71c181a4aaff385ef8504b7a189f0d143c32dd3d99d543d760adbe1b02f217d09693a2f4c585
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a655b89e46ff4824c15e65b89040d9b4
SHA1f57287f4e63cdab7e59b4d60ab1b2a7bad9ea37c
SHA25629372512ac9430242e3461dd4fc41125ccb2224406b546d82d2a2d2f8ec912c3
SHA512c0c6eae111e5bf58a910444fbd96a11ca1ffc67e6784447f542563ff0fc3cfb829021c6a0121ee60190d5a67bdf271ff03ece83513f750359d18f2f6d9529de3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58f00a5a0a1a53298ad05d843f08a9e61
SHA10206b943e878125aff4db63a945dd7785230d66d
SHA2560aa7cdd7b37fc605b2addd2af53449ab307a91533883e12dd073436767d94030
SHA512651f84056680ae1bddc67af7f6a761d4d9e97c885c9d69225b58053a14f1d1b54dfb76eb259bb48f903c8fdca8b790fb9bc40661e13e43a3a8e29cf67fd0b942
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06