Analysis
-
max time kernel
127s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 21:34
Static task
static1
Behavioral task
behavioral1
Sample
1d2b4f2f168f119f67527273d33989e7.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1d2b4f2f168f119f67527273d33989e7.html
Resource
win10v2004-20231215-en
General
-
Target
1d2b4f2f168f119f67527273d33989e7.html
-
Size
43KB
-
MD5
1d2b4f2f168f119f67527273d33989e7
-
SHA1
ad7f0deb62a05d885fe54a4c6c93dc619bbbedd2
-
SHA256
ea4eca19d8e07a755aa6e2eb91f26b6975bf95a85d5944d36c020d4f529286c6
-
SHA512
73df778a585cc2e1e2c1fe2bdcde004e7bab2f4f846d09ec6ea45c2788d2a7c56360d33ea192ba841b619e4d939e739739bd01fa4be4a38d08141f986c42569a
-
SSDEEP
768:6d3flGCAUBM2DB327pRjY4zdPvEvTl+L7PCQz:6d3flFAGM2DsNRjNxsS7Pxz
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410252715" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000bb2a3ee012342b6a4969d3bc08cf6834631c1d1803a93d051cf4a2ff55133bb8000000000e800000000200002000000091560a4be381a4f42d8cf1922f0355fe7f8854ed238f7405057e14e611b43897900000009b4eff0a92037d19829b8b84ff526e1475a36d79ed704dd2ce5edf62e7539b3ff9faa6498daf3f733eea58a373b0bf49ca8d3f1cf9c2550581a52c7a0ca9c74868af06f54205895fcd7874316099f7b67c18a50d61094eb7a16bfc9451f50d6fa01bdd88e665fe8bda5fe2e693d1bae555db241c9b7973328598015bc33da31f8319e2bbab1c53fbfee62dbd7d4ed93e400000004c6c421989f26b7a630f5054ace2f8c0d025d41a3ac7599bdb5dfb6ae486126e41b7f1a5a2f390001da0a5c7c6d9d673b06fdfcb9a7a317d732db6680ef193f6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFFEB8D1-A86F-11EE-89A8-464D43A133DD} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e91786640000000002000000000010660000000100002000000051677a127cc95f6cd5a96a8f771c6dc2c39d9daa9839446d855816da102f8486000000000e80000000020000200000008404d301dfaa9b0936b05a4bd1a027b6b371bb69bd0889b6fae7374b3739aa982000000025c9eaddcec8a2655eca907492426ed1459a4e30ee1fcee2a6b23a312b97d64340000000fdd11e64a1be9bd5953c350d9003ad6f0eacdbcde130feb9322a28a81bd0768ae4feee7550a01ca35b4a1767891a0a2a367cd34bd13a78593960a79b80477468 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7037159f7c3cda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1796 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1796 iexplore.exe 1796 iexplore.exe 2732 IEXPLORE.EXE 2732 IEXPLORE.EXE 2732 IEXPLORE.EXE 2732 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1796 wrote to memory of 2732 1796 iexplore.exe 28 PID 1796 wrote to memory of 2732 1796 iexplore.exe 28 PID 1796 wrote to memory of 2732 1796 iexplore.exe 28 PID 1796 wrote to memory of 2732 1796 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1d2b4f2f168f119f67527273d33989e7.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1796 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2732
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59859d9526d810cfb50dc322aa445c914
SHA1bf1f434478d9420c05408ec079cba0bd4eba7397
SHA25674141b4b8cc43bd8212b1c4ce3e7739fe1144550c04b8b68ddb69f1624f8e4af
SHA512e661a55b593bbe3d117216469fed2aaae5c8b8946ed87e5375d35bc027447d0dc47a0a9c1bcd4157e3a884325e615cc03b728e66ebe5d0eb2f5cd47a2f3d4708
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58bd6f675ebd2aa7e9f82cbd7d3b1103c
SHA11117b41d4d93eeb5f1c304acd3265bae51c2e71b
SHA25660022057301460f8a1da4d79101d729df39889937aa4487cf8eec3cccc0be046
SHA51239752783e5828a2a1ddd30d3496d7b4dbf2dd8df0ae67dd53238181499d8b7a011e4f4509cec37541b4040310cda83e33bcc5aef6f47f8d9acbc2dcc1e90d292
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b23165e5145d258ec62b1b236533de2c
SHA1d67ec39c16ec76501d7db948cbbe6bc33976f396
SHA256fc7fbdf1965d8bb6fde9083f8dbf1dbfa45103caf9c777bc20cc6a9c0cdfa85d
SHA512e0ce4ee82d4bc75ef872c0ffdebbbc9de7375e86d1e10f17cd1ab0fa4ca1cb176a984f9c4d772cf00641b0ddd84abaf98efeeae4c54e639c2ada7ac3b2798888
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a1cb276361f153dc78a9d1314a2f078b
SHA1d456898bff632cd4510704395893d7b874aa63c4
SHA25644ef615d8c270769bece725d4decb01b2ff2ae6111f7478664f14a966b31d855
SHA512ef15f2c99f9b4460abd2a2b2e157428a9b73584b893cc4b94353f7d0106c849e5aa9e9f4f4f3671e67641c8b3d986cfd197c33ac5dc876cb78b2e699a67c1ca3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c6efccdf4b2972900a74485c0c1eeb35
SHA1c8837eb4289cc31deeb0d16eab727a61c56b47c1
SHA2564c492c59a8cf8c2bfcec1664a3d134751744635126733436e6fc3ff651e1a911
SHA512d075c74050bde73efb4b38c74b3f0c1e9d44e21449d7355dc8242dfe644a2688a36de89922fc2a0b18107b94d264838bc70e3635f0ca22d98ba2f564a2d891a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f59c01c231e0b7e7b8a3cb33ae2ee2cc
SHA1e0876f74ac83e5a433818aa1191daa7b963a41da
SHA256bc0bbee3316fba1b9c04205b2193d4dbd4caee18b68d3ce943c43e2cab578e2e
SHA512ea171453c9e9c25e950894ce8d9c07baaf42c6777ed9dd3daeb6bbf96e0dfcea7ed9a2d684283e89da0984346307b58053c02a85b2b706487c45f183b84234f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eb213d2fa63ce89ce59988e976e30b84
SHA102209e9e7ca45e7241eba563606d6a0a648d6fa3
SHA25640f0fcf0e7eab7e6dfde5c2e7ca1bb1eb4c2c558f2c64685f93cacdc260dfb33
SHA512bcbe04c6bb9fd04f779ec0b6e71b788b6c4d39c4de1740c862b701aaa614d4527664fbb4f04c87bcdadbae5b8039e5fa8297211a7bda3666b919f0f331eda128
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bbdb18b1e17551f2ff32d9b501c08257
SHA18bc7f16c7a64abe47b514f318fb206ceee54dbfc
SHA256c3d5a56d67154fe94225e926d6bf43368b339933ba5e8973bb3ad4b49f46fd0d
SHA512e7fe38093398f9da76cce3b2fd8d8e2ab7f7178d9b0fb42a08dd806aa80a41c08ded3df382bf66959152b6c3ebd6813796d692e53874e81add22d1f60750c73e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cd874ba8c6af05f91eed6c783f836e76
SHA19369be4d3735115bcd3592f4118933709cd860d9
SHA256a8647cb647dd85baeacee77e7fdb9947a878afe58f43ff761eb69dc55ccf3b0b
SHA512a8fdd93344112da4e41aa35cb20709279e6634f62476465137a18e119d06e438379fd4a3bf5489b88ea258bd01a587a0e6cbef5ca317fe2968bb062f02dae3cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e801e66e697bfefb0b2f58778d707cf4
SHA1f6d0751729e7a4e99d29574d2f24af482f512fde
SHA256eac623da00fa0205722db3513108c833451caf468a01ee4526727e52d54f30ce
SHA5127b33d51da6920d7cc8303b7a96e871ddec7d83d4062cf68fc5b4f5f7d83cb7339ff1c1226c16e12cb418cd05150a85b6b6b6fa58a151d7549317aa3bc3a097e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD566c17a79238a1c458eaab392fb98ebb2
SHA18ace7ceb1d4ce74185c5e2db0969ad7cf9805413
SHA256cd32dd576c9aef91bb399fca860f8adcb0a7fd26d3e8a689079d7d243eb2894b
SHA51252c8ef74efccbaf1d9f1f392e1e094d271682b7c6d0526500df6d3878e4efe451ac3d00d28ad9b39052e8aada8bfbf0abd566a80d56b53aeed8a917645345522
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b274c14d62042835d3bff11d8f37d9df
SHA1b320442bfd3244a04bf39275b3af7106de1f8ba8
SHA256c0ae7c66465464da5fa8c17c8614bb28957342a4ee22eec88c2d426e220e1eb1
SHA512ac8ab4d228eff9f194a07be38e4fc996175df827ad6913d136e2e799b2411f646aabd113bbb7f9b318e3ffc163fbea7a2265e9acd1e768cefa8ec3c89841f2fa
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A89I98IL\478691279-postmessagerelay[1].js
Filesize12KB
MD592169c8a0fbf6e404267d0705cdbdf42
SHA1a5cd88b74ca5ced239cdbfb458fe25540d671f46
SHA256dba668b49a111527aac8f616b9053ea57c944e01a84ebdcd02a13da921223384
SHA5128c5d35ea512fa7be367cd9a9ded2f23822dcce730e5502a355ed0d48949ef763eab13be0d50a66de6b0f8419d6a002c12c4ddbf20d97f5393ba922e48a4f02e2
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\bootstrap[1].css
Filesize20B
MD56ca933ea0adb55ee7b78bc2b503bb402
SHA11f0322cf5a2be94857ff6231c8d6d7605bb10edf
SHA2567f46e16eda1fc7b95637ec47468901d9704ffd44d7cb738c13d3caffad39796b
SHA512f982862c2bb27c06d4689a07da117fe01a45230ed0c880dcb799033bf7f145e66e0a37580132f7c582aff4cd25bafac82a8b37059f53a08940222cc70f561272
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\rpc_shindig_random[1].js
Filesize17KB
MD5f019fdda31635d2a31b151ad8ad56c7a
SHA16adcbec55f66ffaef83d9a134423aa98eb2a2189
SHA256c7fc0b1526533002c956ebf8e8c42c3ad3f96c41ace73fb4063cc89051944831
SHA512fc278c12316e098976833882a38c788d812f9d36bd1b9b2b8c87dab4dc906af26a860df95436ea1b7d509236d44d0533d475a153437f8f5d42653fc28a77ad64
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\cb=gapi[3].js
Filesize64KB
MD5ee01651d160cfc55249d6011a3c45916
SHA179d6121df6575974ad21dafce33ec98e3f2f0a7f
SHA256639d75299973c7d3794eb7eb129e3b5a6139f9f521e1f14383abd0fd501219c9
SHA5128a39dfc1ff2c58ac106225976aafdaf7befc0a28903a0c65e2c272e1967c3336af2b477ec12604400bb8e16aecee6567c9cb9d157e3d54649e28b9b2f920432f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06