Analysis
-
max time kernel
120s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 03:57
Static task
static1
Behavioral task
behavioral1
Sample
0da7dce6c412179e0216b466386f1260.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0da7dce6c412179e0216b466386f1260.html
Resource
win10v2004-20231222-en
General
-
Target
0da7dce6c412179e0216b466386f1260.html
-
Size
8KB
-
MD5
0da7dce6c412179e0216b466386f1260
-
SHA1
6150919552406dc9a09f7cae4fa0ba43a77f0052
-
SHA256
06cce57f19941b0ab66319954b9a2919bad7e6e41ac9f897c0eab9ce9a8d73c0
-
SHA512
b5dc8bc9e5acab53e1be17cda16582221bf1b994d0ac3514bcdf64b0c2a62f77f13ff8e494cb2a09a39f42084635007eb8357fb14ecf6ee6daf7459fa90117c5
-
SSDEEP
96:qHb5V8SEb79eA/DJjicH7sje2/VMdeQ/6XkrLKi2:MFVJEb799JjiSsjhMdAXS12
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c063f9f10f3cda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000ad9bf2be2c9417eb1b314dea97fcaf778bd28befd774879b26a1e5ef35a879ba000000000e8000000002000020000000f219b8b07dd6a7be3a3d9440a7e36dc03b581942952770bb84afccbdfb0286542000000090033a27276956b263cd980c694d6f504c2f77d42af2caf183836053f96b2c794000000044acb07c9d7f0d7b54d04362a172719c5b6e771f5518c9f9dd35852c3c68fe014c4d689a4c7c9f6d3eafd17ae8beed8b327d8202b36641c0649ce104c47267ea iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{176DFB21-A803-11EE-A508-CEEF1DCBEAFA} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa000000000200000000001066000000010000200000008bca230c8f008e2ee96ca71d3dc0563e4067ddcc8eb54d4267a17a5254ade020000000000e800000000200002000000073ba2d5ba4744d8be93334f89e8a3cbade248bf5bbc937234a4b1a8329b53cd99000000094d5e070088b7785ae24bd6f153995a453427d2cdc90d33c8d9573677cd524093f45e1a5bc276871ad6f0d03c57e9e6bd0583ecb53ce6480c07976dd559dc89b7473eedc6cdea2ce23520add5f68e320059c287ee0c670cf7b93e3e90a149be8dbe043e28178d0c039d2394083ff11d149a8670bc24b1275c9c58e2e4037cfe7507f8cb7e0ef42db93a5c879f6d5514140000000c6b45dd41aae74d095537fc7f930eeee64e38782bbb303a293eca495dad453d636f2a389b8aa80ff22a6ce2c3bbd070b38c99f93dc01d095147be932405ca76e iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410206065" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1704 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1704 iexplore.exe 1704 iexplore.exe 2672 IEXPLORE.EXE 2672 IEXPLORE.EXE 2672 IEXPLORE.EXE 2672 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1704 wrote to memory of 2672 1704 iexplore.exe 28 PID 1704 wrote to memory of 2672 1704 iexplore.exe 28 PID 1704 wrote to memory of 2672 1704 iexplore.exe 28 PID 1704 wrote to memory of 2672 1704 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0da7dce6c412179e0216b466386f1260.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2672
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59a5d0184ca9323be9c7570f20544ee4c
SHA1fbedd2d131ba30192e6ca538a1f5daadd6b45136
SHA2562dd40d980278bb697b248726c80a065d58c68060284d382d35dd909eb5aab2b2
SHA5125b2b8859a0dc6e8c1f3c7ec4acae96789dfc433422dc0d878e785fd2b2dd2622250a282e9a85c23cb0df7276a18af95d37f47e58b0b19fe02da9063526d65374
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55a75f8e8eb38e17c742411da6c9b797e
SHA1d8ecf15268cd6dbda1dbc9bb8f9c7f9beffe70a1
SHA2561b5a394cbde074aa4cbb56708722a49085672935db6e049f7b5740eb9ef44ea6
SHA51256cbcd01b9c8e0cbf9b997c02ca4a59f43a18528c1dfa89b4356ac751c1ddfe7cf679e94a05b4f193d4df5a08b381b3e2be726b14ce9df3390dcf8bd5e2de3e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b753f6a8195d3060f86039987cf942c8
SHA10b60068d534f91b1f5119a312244473b101fa3d2
SHA256b155dd0c6b964f4a8f9484b471c2894a3f8b76e00251a9b43bf96e95d6a19b53
SHA5122ce3f00bca012c72b2f97e0a65c9246f9a22b3afd94841d5e9afd646f6e5a79b3cf101c470b90fd21d578660cc87e0b791941781b1d65181cf9c0aebe39cabd2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d20fafbcba22325137e45b9fa903bebd
SHA1f19cdde8f5ff12d72ef3f0934177c87ccf5c6be6
SHA256e666a5cc69020a8997544899fd972b9f6a97f0133f359760e7b11ecb668e8c06
SHA512c064ae824f1bc1ca107ab4166c60deba9f0854103ef86ede13c81f03fe6cf943bafa2942c6aa66958cfee72e49b9c0d93257e7daeaed82adf4c8426f88e30c26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bfc60f02637a996d6e895a203b10845c
SHA174875b910b699997b1025365be91097f1fc41d36
SHA256782c93cff9fbfb759020c7d7a557b72b2c55b474bc069fcf6698eb95fcb915b6
SHA512c76e7c4e5fa78ec7049f6b0ebee55f1e16e8c594739ae89773610f08d60804a8be9db70d59cf7f1141cc0ffa5a07d79de1f62fc7db94bb9e14989c6acf4f2c3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53475dfffa9e9464bd2584df0bcf5efb6
SHA184ece166e17300c2a7da1941291667fc7a52989f
SHA256e0f1cc9d4f2830ae05f8e569499990492087084ba271ef28605955d1e81df113
SHA512cdf7c3ba4eb22df5fb5e4d36efd101bd0aefab225d83ffdda4f6ea47f7d88febf1d8626088176e4f4553fa072d475c3c80ea1e77fe0c19f2a170d7c4e6a3df17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54a4f0ea7b20a6f01126281b1c28d4775
SHA1ac02c325afdffc67240990d7125f4e75981c148d
SHA25600ed897ec7c93bd5c0c65a0a42a4488dcc81902bac810613698310c83cf437ec
SHA512a3ed61433c26126453e5f84f3d2ece801cec0d2d8d60301d90d59acf85cfa05c71ce7e169eb4bb27f87b260e448d779ce6b00e70b571fc8bad878523e99cc3b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c8b987deaa3c3439061b8c1dfdc27c2c
SHA1159d497901498dff2ca3dfe2c87d4f68a5ddf850
SHA2568b42daf1b7036cc08c043334f614ec3c169363327594c8c7a751bc02badf4a5f
SHA512338dc5a316e32ec1e46b747477f496fe3704d4aeb88228c0f99c3cb56e7601883d72486f20f0f5cdb0b19d4881d4f565b0aea001af61453ec0f608d8fa866a33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e3f60aa257343918ee78853212315f6e
SHA189d4acccab2a1dbef962380264aec37eccc100ac
SHA2560935ffa68eb7db457a387cb30711565c71474df29c0745071a3038965f5e897c
SHA51251db3736a3e06e22d6a588aa5a63b01254b2b87e6db8eb8ce2f88f9cc19c3851f5a2f3d9579cb1761e541188af6a16afc2866cdfd31249dccf300252752dee97
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53a4dfba5affef6874cbe906537565262
SHA107a78816ce8866cf356957132b41b1bef1765d75
SHA256b26954afa05c9d22764dd2c6e29153079344d192a2ec5f27890658af071791d2
SHA5120c622d2f990da82cbe6885aafca760740963b254e2abcd853a594b332aec4d1770b1abe19ca96fd0f52b707fe2c49493de2fa3b17a2f114ed0eeafb1ae02c178
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55d90ae11d879fe23b4ffefcc238a7353
SHA1adbc7716c3b33f9bf40ad009236a7b8247e10227
SHA256dfcfba130e8f5ac5bca7beda41f2755c9af9931e9479a8a5ed53a683ab17bac0
SHA51262cbeeb0679a221adedeabc9bbce4b4bc007840a32bf25ec08ef5c14d763aa76f166d9e4d6ae6561c1da9e6d2138963789a88bc203118b9fcb3a72e40d9f5be9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59ef9223e21c649c770fc6a017ae37dcc
SHA1318e11dd6937ce7a7f20295539abf926f2a07621
SHA2567e7860b123a9f5cfd44c0ee53d00d4d7699323ba57abd9701aa9a4d971d9c08a
SHA512c3035065a638bb535b2f001de30cb5de4b88d92f6dab6e24877e22259e0d1c7e39e147349ae0049d71d9e84f87679e92b913b2131bf76a1443a6e87cbc326c56
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD505ae96daad38958e99fee0c507ab8cd9
SHA1de7246c3c9170c1cebeacae40d6d3273497ff919
SHA256f069a4595f83f326ef415909c1bc9123f897462c6d18790d28e083059da062f0
SHA5123a1bbe7eb21f8a329cb6f1efac758b11c292a300c02195b6c6ee57ed412dd0a4567a396a605fdcd9d27708d5c60ec4ced1eecf496cbe66aebdafa5bdd5fca9c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50d7ae2701b1be225a0aa144a1690ec92
SHA1760929d1db2020a993c4820a0e768a909577ecb5
SHA256127c6583ce457fc5285da9d2b4f69dc02bfcd817bc8cdee3269336aa5996df3b
SHA5128d89915269769529342bc8ae893ee0a596ae03b14e5d206db2ad3ebfa58373384852b0c129450c262a17c781c3bb347be36b22768b472e704b3b4eb8c35aee1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c9122a074911edd1e48ab52b1c3934ac
SHA19d10c592bde4d2c1280c819833f24f1812000274
SHA2563c71120f75da057f1210e4a6092694314982364ce00b840e04b0a49a39817b28
SHA5128092227710b69860e08e4fe82d0910f185ce9eb42312d9d0131ebba59e1d4aa059fe9aff1e678dcb88455cb2df672fd661400f76e5605d6a505cfc5de65f1da8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f625b8f72ea58ff88cb2373e8f761a17
SHA19d8490aa15fa11a129162d2ad4f0c04b2a435d08
SHA256868621a6345d490efdf5ef9dc7b5ae77ab27cfbadf8e53ae695800b2d6c24e61
SHA512361c799b1b46b05d0706adb1674dd812242fc8ce888266bf0e2dd808c0ec8d9009c3fcfb6901147670eaa466e166f7170b0f576899764f8ef86e525482bce0aa
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06