Analysis
-
max time kernel
82s -
max time network
168s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29-12-2023 21:48
Static task
static1
Behavioral task
behavioral1
Sample
04d337bb0991790baf4de73cf7360fcf.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
04d337bb0991790baf4de73cf7360fcf.html
Resource
win10v2004-20231215-en
General
-
Target
04d337bb0991790baf4de73cf7360fcf.html
-
Size
3.5MB
-
MD5
04d337bb0991790baf4de73cf7360fcf
-
SHA1
c5da7b57e31206ef839931bbb119d442224a1e58
-
SHA256
78d74b2e47c58e76a4b8ab89c4334f861c3b93438734dea491713c111b7bdc8d
-
SHA512
276fa67d9a87814d9d020c32b3b5a58a32c94d7f02b67edae023058b9eca5c2525e08162baf9f65bf6953b36b8740dc58800d8a4c1a0f8386170266e564d1a4b
-
SSDEEP
12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NGL:jvpjte4tT6QL
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000070a47e404725371b1ec809e381859f980775b631ad488a5bdb0069b80634b2e6000000000e800000000200002000000062310b8dbf6125a259499d69af47d50692a85e8fdd6867c8c91de7b4c30b7795900000009462bf9c575447992571a9c5760d31a3b2e7b43fea8343309bf784d8ae69b192737092cc103272fcd1922368afc17f1d7329fcb5f534d309e4349e9a0035b7b789c3731b4258ca7714feb10bc6f37d22dde1d4528098c3dbf2001b1e4817590daadc1cae368d4f9fc153bd63a249d784116abb8f12781cd42fcdfb4461c7e854e733ebb1fd9b1d642a17f90246960bfd40000000ebd173bfff21774d99c7719d6a2afedf66eb148dc5794a52c20db6ea529b28a23d998a9568a3dd61c269308c3a4056d1905c7fe89d8fe05863a32f5b0dfc2aaf iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410066321" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0B529C1-A6BD-11EE-994C-464D43A133DD} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0d374a6ca3ada01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000004d5d1515e3f6b8de0a37f37349a5f1b3494b77d98b70eb1f39d6a5953840f9f1000000000e80000000020000200000001a95acbc862ff63a71dc1248c8ad4f2ff3164f87a44ff61142a1a5594d69e95020000000ff858b3e87297ff3c471aad1bd3a4f41e86dfebd7c0a6d178d8f65ef116f351f4000000069ec3fc49552c8b4bb174655389dc90663391bd05e66d6154835cb51a61f6e76f38a53f4b8fcd8c80a4eb9db660f6029e6aa1c5473ebaf8857b596314c4ba5d8 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2520 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2520 iexplore.exe 2520 iexplore.exe 1360 IEXPLORE.EXE 1360 IEXPLORE.EXE 1360 IEXPLORE.EXE 1360 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2520 wrote to memory of 1360 2520 iexplore.exe 28 PID 2520 wrote to memory of 1360 2520 iexplore.exe 28 PID 2520 wrote to memory of 1360 2520 iexplore.exe 28 PID 2520 wrote to memory of 1360 2520 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\04d337bb0991790baf4de73cf7360fcf.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1360
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fef7fc318323a441c9d4793a13f6023c
SHA1198dbe1a407fdea1ab39bf0f2c1c079f35df1f74
SHA256168b55a62a5ef454574604f89de36ce7921ead094f03470939d7c389dea43189
SHA5122eaf91e1f672d5d6bb7d031d5a553933867efbba7bddd4810c908a3895079d01b15c01ae20b5785b845aec4c11626f359709e1cae73a864b0a75c2654d8cd033
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c9fe1cf4d70dbd75ca0d84185f1fa8c1
SHA15f15d1caf2fdd39fb2108fb39c9c8fc77d1bc64b
SHA2564aa3189964023fdd49ca37b9d10b8c07ea545a6a9e08b8fe00ed3e12d3ffa82e
SHA512940ffa8f9b65ef808392b17ace3b188078cef4e5e464861c2e6fc5d74ed5c7dc75d3fb56c3e5c3271df13a826e21c4fe6e236158f0a5567ef691159920c6b78d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD569f0db649225d980348b1ecf1746db73
SHA1eddfdb6b01ba629ad7814121f66d0e834785b75f
SHA2566543d6bb727956997745a71a85b71cba146751af7c1da0874c94590159c9ece5
SHA512cda5e343ddc3b6de5f9db00996c00776113c44df96d576a6dfd528d9aa3229feb588eadf4299b3354873aa3cb3691f1631f3975d24a76ca1b923b399b81c6fb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bec46277d8d310ef954203046c20685d
SHA107fdec9891f49c190a0e5a9cab6e46d2c7e09a20
SHA256457c33068172c96036da57fcadade19e639c3f22a50335da5881f8ded5b5f155
SHA512751080700845d6bb77d266a855f369dfa9ee0f6ac064f28575783f0f3adca1d9ce90ed8d7c27756f5c76a34a762a2dc76f4dc23119f20ab5bcb4f780241ad088
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57a15bb6d49271d4eea01d8d88b84ef74
SHA1aaf340a276c0c68d45ab299afaddf16f8de32704
SHA256ad59a42cc596c049a99a8f6192dcef4dfb18d877af4b5f559c44af2ec4c262c3
SHA5120dce17ab00a00874535707084775bbfcbb2312ac36a87be13020ded0793529161bcc11f71ae390aa98bd96e3b9ba20f1bb0be3f5cec24cec070cab72cefc605d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a7071c6acd00d79c1749e7faa9afaba6
SHA1aeae2f8a33eccb8c7955690b426ad8ddcc55fffb
SHA256cf3ad9732e7e4d06e3b6bf0b6a1d972249c9d1c51221d01bd5736b0f896926ea
SHA51295607f0bf8ddd4686b04ffe80d75e18f40337116c0c0e51e50bd73172463e07ef44867868e3fa3e0d3b32c03ce4610942e2d46565c7ac979b80a7bf1083b7c5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d2b85de8b8a7959dc7f3fd0c5f141ed1
SHA1417b6ca10266429941a28320fa0b67400f7e3886
SHA2561c37896693ec5bbbd62effe80933fb511d3bd4f8dfee4da6cfa8cf08652aef6a
SHA512183f194c8fbc42eb0f1ac29edeb1a91abf0ba5e7035a8b34e36cb2cce00c8dac56326db29c4377bbe50389d0d6d0f2b373700ace9347096c912a1233a1efffae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54dc3438fd4b5da3b2e2fd34b57e8bfe3
SHA1985acedd58214b9e9e2da4b889eb5d1a51b1d329
SHA256950451ef6c88b7abff102b18219fcffd3026b7da55eb2c83f310a878d14b1b3d
SHA512565a5748659c4a62e3a9979f7e550a1b960819ccdede3788884a2b5183a397b7e9d508a0e057284b871f43ea707ec9aa8b45877eae02cf62aadd29758c4bcfa6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55b22051c5f663e0a33b462f24ee0946e
SHA1884a075bcdf3e7dedb0c9e095e1c01a1febc1544
SHA2565b4aa571f4ba47e472743b8bb3cc28be1f4a4a976fb1f8778c5087a75f7d7183
SHA512f00adf0d7475cbffaa30f5004d742bcb0a0f3193ba78dae1ec7cca9dc9e8a48ed3e6ee669bb3cf66f5d39cdb01abc762a75f9e93bcc504ada8d06c54603ef23c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD527527e128214ecec0407ccc071f36673
SHA18917da1cb73b213513fd4d348bb96d5431a83e4b
SHA256bff2df7747b3447bd817afa53b6700418802cb55f83ffaad44670ac417528b03
SHA512a220b40ccf66dc0d7e7bbd69236f88e62b5bfa56fe2d2b6683d1665d75b30f925704a0c94bde810a10fc0aebd566b0b2cc3958a66a6bf07b27cf9eef96ee8069
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5444f6c0cb191bd77d77fa2cac8a69206
SHA1f29469c1214852969795cd047d0dba60fc70b878
SHA25682fe1f4ae25c3965405976bcd614927473e6e3a3b3448d11de437bda8a3717ea
SHA512c1639fbf9b1e1edc231487f55cb2a80fc4a9750328fb35b353076d37ec6b91216ee11426ffcdd0bb32ffecbb6522bd4b2b965ae03b1363448ea0bec55bd0f257
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\beacon.min[1].js
Filesize19KB
MD5dd1d068fdb5fe90b6c05a5b3940e088c
SHA10d96f9df8772633a9df4c81cf323a4ef8998ba59
SHA2566153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
SHA5127aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\jquery.min[1].js
Filesize83KB
MD52f6b11a7e914718e0290410e85366fe9
SHA169bb69e25ca7d5ef0935317584e6153f3fd9a88c
SHA25605b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
SHA5120d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\jquery-3.1.1.min[1].js
Filesize84KB
MD5e071abda8fe61194711cfc2ab99fe104
SHA1f647a6d37dc4ca055ced3cf64bbc1f490070acba
SHA25685556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
SHA51253a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06