Overview
overview
3Static
static
3More/Audio.htm
windows7-x64
1More/Audio.htm
windows10-2004-x64
1More/Business.htm
windows7-x64
1More/Business.htm
windows10-2004-x64
1More/Desktop.htm
windows7-x64
1More/Desktop.htm
windows10-2004-x64
1More/Excellence.htm
windows7-x64
1More/Excellence.htm
windows10-2004-x64
1More/Game.htm
windows7-x64
1More/Game.htm
windows10-2004-x64
1More/Internet.htm
windows7-x64
1More/Internet.htm
windows10-2004-x64
1More/Multimedia.htm
windows7-x64
1More/Multimedia.htm
windows10-2004-x64
1More/NewLive.htm
windows7-x64
1More/NewLive.htm
windows10-2004-x64
1More/Utilities.htm
windows7-x64
1More/Utilities.htm
windows10-2004-x64
1More/WebDeveloper.htm
windows7-x64
1More/WebDeveloper.htm
windows10-2004-x64
1More/allfixer.htm
windows7-x64
1More/allfixer.htm
windows10-2004-x64
1More/avifixer.htm
windows7-x64
1More/avifixer.htm
windows10-2004-x64
1More/image...1.html
windows7-x64
1More/image...1.html
windows10-2004-x64
1More/more.htm
windows7-x64
1More/more.htm
windows10-2004-x64
1d3d8thk.dll
windows7-x64
1d3d8thk.dll
windows10-2004-x64
1keygen.exe
windows7-x64
1keygen.exe
windows10-2004-x64
1Analysis
-
max time kernel
118s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 22:04
Static task
static1
Behavioral task
behavioral1
Sample
More/Audio.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
More/Audio.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
More/Business.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
More/Business.htm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
More/Desktop.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
More/Desktop.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
More/Excellence.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
More/Excellence.htm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
More/Game.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
More/Game.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
More/Internet.htm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral12
Sample
More/Internet.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
More/Multimedia.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
More/Multimedia.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
More/NewLive.htm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
More/NewLive.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
More/Utilities.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
More/Utilities.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
More/WebDeveloper.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
More/WebDeveloper.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
More/allfixer.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
More/allfixer.htm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
More/avifixer.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
More/avifixer.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
More/images/style1.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
More/images/style1.html
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
More/more.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
More/more.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
d3d8thk.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
d3d8thk.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
keygen.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
keygen.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
More/allfixer.htm
-
Size
2KB
-
MD5
d7569b89e74cbafc12d680c790ff30b1
-
SHA1
63b153c2db899aeb2dace2926c28c3c84c9a1a15
-
SHA256
d9ee2137707abea7dedeff3250ae1b1909d4ac1ee6950a8641433a06781d0cff
-
SHA512
5035f6d77501b7a29ee5e62f8aa6a85b744d71dd566c81ff2422a1ecf4cfdb3459a0e0bfc97a94ec91494e332734568c3cab375e8f151e28e9d282a8dd19b4ae
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a000000000200000000001066000000010000200000007f52ee9db5a897821c60c9fcb27f1ceba07e00385edfba76a563394c3ec6dcec000000000e8000000002000020000000e65dcb971d10c3274c7b6b0622b5e479e144240c9f50e9e2419dd91331101a5b200000007eb2de41b296853f63b96b2a01d988ee3be6cb446ab9300341d6c473a5d56d0b40000000cf7b8ec7f3b498d7222d8e59bb02f7622889cabaac810043a4a506339614c80e9a42ff3e7b7e2085298c2ba22fc30417354aaf0e70986f8268d05ce3fb1f53fb iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 301c38af293fda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000d864aefd123ef67737a8d931615ccad3e21fb2fe3f99a5ed4363a9977d7849f7000000000e80000000020000200000006944d6270dc25648cae39cb83173600b7ad8fb3449d970f90f03a4982e58a5f49000000076c54f5bc02271d0581d9b32bfc2642c45eec8575128d3a5961fc1683ee8a4ba23990f8b1801bb69c6ea35f561e59a1fa6147dde20f8974476c729f388371fcb412182d88d64fa1149cc3d66ce6140cd56da30554dfe21d2693d9b19efa235b3598e38fabba94cac102667de28c379542cfb22fc1be74cd209194e60800c6e1ab99bb3272e79af0b373815efa7e9f709400000006cf3fd1ad35866503e762a4d9b284afdec4ca168e8829baab1a4862cb3c5896bd8052ca7b7a55e436785ecd9808a3638405013772439433b44c794de5f6c46c4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410546966" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DACDDAB1-AB1C-11EE-832E-DECE4B73D784} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1244 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1244 iexplore.exe 1244 iexplore.exe 2708 IEXPLORE.EXE 2708 IEXPLORE.EXE 2708 IEXPLORE.EXE 2708 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1244 wrote to memory of 2708 1244 iexplore.exe 28 PID 1244 wrote to memory of 2708 1244 iexplore.exe 28 PID 1244 wrote to memory of 2708 1244 iexplore.exe 28 PID 1244 wrote to memory of 2708 1244 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\More\allfixer.htm1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2708
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD590c7844c8c4cf794c0fe14f4ff5915b3
SHA1eaea1cf26ad7f2bfe1fef5665bee73819b9a3779
SHA2561436828df478466dc01417d2bcc49a8fe8a319dfa62b6a94fcdc6e371c37800f
SHA512eab713ede294ebdccc2d0d04390c58e91279c3a244c2a58f0dad872066687f69f593bb79d6efb9a18aef84332440bf8a9c94090ad0fbfbd6099dd6eb47ce0d47
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c6d8fcb094cc8e0ec8a3511bd5c7190d
SHA17a3bd472a79692ebd061c5f735fd3e3ef4e32243
SHA256df8861c58dfa0c69903d08c0acc72e15465f8f00c00629a6e77e83be07dca7ec
SHA512824ea646c22eb88b391f8e8e7cebbaedcee30ae53caba3b66776468c57e85467755bdb670171bd3d32634b5f26d1e887c501ad0e4c85affcdb1f3b3edd1b42b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD571f30a0407173b069914fe7db3613e26
SHA1f6f945052ece9f10a5f914fe08696ff3ca458fc3
SHA256c55fddc4085bc0c8911e22f2ba83271886f0eab194bf0bab998df360b3ac23e2
SHA512b4d647b80ac8037db6ac0913ecd1cf6076b8f5147d65b237625ea60a6d1a4be880d2f7f0369ac1808399e42cbe8ab04e70d96d83a8c2c9962d480af35852e086
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD512bda1ce48601082c657494497235ede
SHA1283b965edcdabc49e12092265da8267626a9128a
SHA2562ab2deddc2a847534526c30956e7d152bd5ad8ef1da1dd3995b7b035115495ba
SHA512c0fb7371c71f93cbb2e3a0e809d002bd6c69971be6df5f0fde9c01be87e7172e880fcbbc3ea2ef1f082e755d8039c12bea3f875c81038408680b44875f851401
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06