Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 02:05
Static task
static1
Behavioral task
behavioral1
Sample
0b121b349521516f5a19a87d2d4b87e2.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0b121b349521516f5a19a87d2d4b87e2.html
Resource
win10v2004-20231222-en
General
-
Target
0b121b349521516f5a19a87d2d4b87e2.html
-
Size
17KB
-
MD5
0b121b349521516f5a19a87d2d4b87e2
-
SHA1
e3dd575457ba21f25def31be83bd1583b4af6dda
-
SHA256
efa3426aa4350cd69d19da235e5300576169117351989c79e6331613efadd1ce
-
SHA512
6542879c40db1cf9aa1fb8d050e78f17144611b5e98ab7679ff80f6cda42b38beb88af6865dc8011916e8dbe41ef621bd45ad7d409d65f29ae9d5cd0f835d95e
-
SSDEEP
384:6XQ64L3r7nQIHFb/C7prUQtMLpXNyvWr/9rBLjgA:6Xt8b7ndHFb/CxUQtMdXNyuBrxr
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 007535dc343bda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000ce36b376254ac2e5050729392687b05d5b979366fdd4c86f59c7245e5f01181a000000000e8000000002000020000000bb2ef34bc620d3b2415e6253b3db146c70e896e0b954ad8b0660088775c0a84090000000ba6137fce732de40e4f971c9291e2451b003d9eee10989237ebb666ea91082d2e72416222ef6b11c66fee95573ca4ff812e0fbd71cc4e439e24cddea4ef2ea47b40c2ef3613c7d25b1b7ec8707bf6b7b9bb32156bd27e8d62ce613239f2a10ed939e525b21c75b8bdb8a722b8b2fb67be5fa1aa98e32360b62953ce84ee6c436ae064567721c952b3a6eb9ef7c89acbb40000000e85637fcc7a817d8da637253862381394151d30264fed8b7bedae33a0dd4bb84f98ac5a9de2c6727df421a62c35ac758527032b71a15ca62e6d3455ce67ca774 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C5828321-A727-11EE-9075-EED0D7A1BF98} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410111846" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000118a80b44ee75c2ace09e0c822f5adcf490f86b42b948a4e03e3364e06387d59000000000e80000000020000200000000c0c82ecdfa9c627b1473344dcc009540a298f9231837b5122e00589ac1d7f21200000006689c57d9144f532e0b2221e19f7cacb723dd3744405280bb217dd5c9995c32d40000000e8c59acfb1e06917d189bafc727affd1d2fc79d5c4ad419fb435d34401f1a09953cb02a3b3d542a578bc54000a3961f8c701d3040c8645290ffa1f33899dbdc9 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1444 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1444 iexplore.exe 1444 iexplore.exe 2712 IEXPLORE.EXE 2712 IEXPLORE.EXE 2712 IEXPLORE.EXE 2712 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1444 wrote to memory of 2712 1444 iexplore.exe 19 PID 1444 wrote to memory of 2712 1444 iexplore.exe 19 PID 1444 wrote to memory of 2712 1444 iexplore.exe 19 PID 1444 wrote to memory of 2712 1444 iexplore.exe 19
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0b121b349521516f5a19a87d2d4b87e2.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1444 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1444 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2712
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50587a9e96cc087f4104242fc299b5097
SHA12b8a90b737f514cc0d9ef3faeca7391efdc8d5ad
SHA25621101cfddcea481a940c0dd644c3e26d3645ab6819ded3674a9a430c2e87d2ac
SHA512574a89f039f943e2e32a01ffc1750709b926b32d1c3f4ba6110c2e8e8a16bd2a15f2d131c9385435e2a20e799a70943fecd1aab1a435b1173231a91a88285d88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fb81d5cddc02ef9f744baa146d76e881
SHA11a610b5fedd9945e62cd9c3d6ae322087dcbe54f
SHA256e34d0ab256f0bed0b57f685d52e2669ebd369a54c2f6191740abb703371d33e5
SHA51244932e0497f4e4061b41c1248e2c0d2c66a093b8b07b1e6b7b0e961bae142ab890fca8ce1db74f7f1e3f27aabcff1034c03fc340b135427b5343e70cd028c20c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5540f0b5fe019bb6f9bbe88c0923eec8f
SHA112a9e2d28cffc56ae2d001d87c9a9f7c43442318
SHA25671d230bf8ee312852a113606f54ed0d6491d1d1148eda42604e17950fc92898d
SHA5120cbfa15ac207ba982fd718f0074bda4dced316137ce1258ff9300c7f38b7ac893e5d19552b98a33caa2d82378fd98077ac752bb20a5a655dd3912c4d9381b998
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55fd97a8267e49fcb1c37bdb5dd405da7
SHA1a10785e09a3fa4bf7c72d2765a6891728a7fc727
SHA256659367ab60aeafb6588fcd651c0a2ab93d8d023689360b9a8fb8275906be8b6b
SHA5122c3581ea9c698c95cc6cd536192a0b5029dc8fb76b87c1b8fb8e1e29ecb4ff7fdff4e519f3f5e77d02882bfcd17c2e4294dd0384b2a3881154e876b04e29be94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54e4cc5904965891d4ae1e44f9c1a63d3
SHA16761da3cc8f0f4bd8048f4e40dabc8c2475cf012
SHA2569d3842dad90b467dffce676d65626b3e304ee2826f0b46a14778c2f19fc5b8c2
SHA5129117e6f9a4243fe65d7af35187b9ac1f2e164a0fcfc0281d687c83d6d4245dc95390e9e2e5f8d36c9690ce2851ca47c4f96070a46f912355402856f2c1c30ca4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5932c46e6f57d6c9c863b44638b5e6acd
SHA121f5d476f323135a43504c173360648f915414cc
SHA256d77ac9df2c3eb0986725bd545e64023d62eaed2f675f0a4d78db935e1723bed0
SHA5126cc01d93debfdeca4b741d43a6364d87307aec355da081d1740fa630de5c4a28f5be2bd54d08716a1fbbe707850c77a2827f473e19a8fa48441fe7bd333bb639
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56ec89dd4be9069f95a4fcc2f9d81621b
SHA16d400806e316c59bd1a96a86ff27bef69553e000
SHA256fcb809716d8d1514d564c79d86caf2bc73f5c3f350f39e686133050938d19358
SHA51241164c33c132f35a5a3185b2d90cdd022d93e48b26f38c31fd9b29dd01e46efd5530815e17afba5f75f88d9ae1215fa9730e899092b8ef4bf37980fa46c6f49e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56ac0322ade6fe9d6406fe400ef9fb297
SHA17ed80d70eeceb514403c43fb4513b8bd7538117d
SHA256be26b48ce858d36a909a1001f75048ec31d0d7eb9433c2f17bb35d0b7feb98b5
SHA512791316188516a054ffaf804119990aac853a6e88a44f9e0ae29cb70ce6f05ba963f3b0aceace4a15b5bfa872274088d30e1e9acd1e019d471d8bccfa8086ae12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e83bee0f23ad9200d5ae4a114d3d95ac
SHA13a5261e61050dd87edd0d829542f37c886e51fcb
SHA25680b8e24dc899e03d91638fc9e1ec2058706e15dbd1e5b611be907d02cd4f5e6b
SHA5129e1b573705872ae521ba1dfe39fba5197a7179e7d7fecc710698104affe34c883e531a3fc765c08a0c3317c02ea4ce494363dffa49c290f9df2f672101ff382f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5089dfd09ed8b8ae059b6cc6d4a674894
SHA1dc0b084fb032ead360470b6b4e36a3ac7e558bf5
SHA256881107cbe08cd5d75f27dd6240303b4a437c6a51a2eb8b1fe333e0dcea1ebdbe
SHA5126c349163bbfa9e05e46aee3d09f635582ab82d8be38c534fbf3720e91e96d7fd95e03497256034a45769857b842680a2e91330abe67a7f27569c0bfce2cf2ae2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53b6f2cdcd27324e90a88d579b0dad491
SHA1ab8b5aa990217d84b33db9949d1719665806f0dc
SHA256575340b60ab130b0e7a13b6b00d3198c0db2acadf7f1af56a9cc7a29d2beaf2c
SHA5127f84184e5dad3b586687c4b75f141f9b5a59be9505d9238806d987a6d1b3246d835bd5961568f5236d1619e5370fe0962649bcb9c10f9c70308ec7d6a6900e05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD520cee68adbe07e30d0112ffe1d8429b6
SHA1c5b47ab712d48782a7d03ce068887c6b1d301908
SHA25668644a1f0302a3f649ce90073bcba1b991bca9774ed57c10f3d3ef0400e8f8bc
SHA51210fe1c8fdd79dc2229d112dcfd8ac378038112df7459f69315c2b72b98ccdaf9c9a2034f9c13c7c32b8315fc5e07ef8cf130002fac89ea54ca57051b6ff28bd6
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06