Analysis
-
max time kernel
143s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 05:42
Static task
static1
Behavioral task
behavioral1
Sample
104116d671205ef750dbc9679f793830.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
104116d671205ef750dbc9679f793830.html
Resource
win10v2004-20231215-en
General
-
Target
104116d671205ef750dbc9679f793830.html
-
Size
57KB
-
MD5
104116d671205ef750dbc9679f793830
-
SHA1
56e7420dfeebda6a6d81df615d4b3d98c8b3f00b
-
SHA256
ddfda1aae430deab61a506271b629b04d9ab54f38b4f33ece3a8d52f3f58a417
-
SHA512
9b222cf31f5e59da2e442cbed6d85479fb6b2208ba1541624b2abd836f67b574f33e84d61a1b58244d451d0c1c41353a5bc0e08671964b0f2357c7d9fddd4f57
-
SSDEEP
1536:gQZBCCOdT0IxCv14Cf/fCfPfUf3f+f2fBfsff0fDfuf7fdfSfMfafgfHfLfYftfB:gk2h0IxOX6ncPmupEfM7WjVKEC4fjgl5
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000bf4b6697ce45679eea71423f5c37e739834f2aef9e714831b526e63ec7ba5acc000000000e8000000002000020000000d4ed5f5438aa7b019fc98c8cb3a4ee6cbba1d88b42701c7981376283dfee70a3200000009a8ed1d4924b73344c322fcc8aab329f388cc3a6aa20177a147815386f3e30b440000000152788d3527250cb5102dc49b09d589a89594c4ae7f9ff901177cc3f3c4aba82f26b0d2388351966d0c1f4105dfa112bb16892c492a8cbadcfa6b48cdec81466 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000003c5eab5d7c8162bceb6b3ad3b5b1a4c70247d8dd14715eca26ff3cfe9ae64614000000000e8000000002000020000000744e360313299f550cd4a715ac50b5804953dd4ee7b88f3c05f21929ebd9051090000000d1f7445b2c45408cdb4ea84af1e2fbff17ef187e1e1697d93797b2698599f225d25cdb783febc38598cf8907f88aa813982004c20e443ab32437f8890f64226b1609e77b25b615acffc7974f85b8c78a18c46bcf54e17cadb18a98362b3935b96d2508eaaf1ced561ad5ebcfe1c92fec52521b3594e1a976391355b56fc60ccd5e50791d68352c2207103eb59ad94d8e400000005fcf0488b6dea412f60f9bdbf776c7fee58c076b4f677bb2e14a9485cb9d6ab13b018ba7dfe28dff213d9435f6fc75bd48941f141604ca6f8d061fcf0e450bdd iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b047d1185b3cda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410238290" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2ADCA9E1-A84E-11EE-B3A3-EEC5CD00071E} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2312 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2312 iexplore.exe 2312 iexplore.exe 2668 IEXPLORE.EXE 2668 IEXPLORE.EXE 2668 IEXPLORE.EXE 2668 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2312 wrote to memory of 2668 2312 iexplore.exe 28 PID 2312 wrote to memory of 2668 2312 iexplore.exe 28 PID 2312 wrote to memory of 2668 2312 iexplore.exe 28 PID 2312 wrote to memory of 2668 2312 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\104116d671205ef750dbc9679f793830.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2668
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59f9fc3b70834c2deaf0cb42ecdc7af6e
SHA1abc6395159be4824335ecb2c868cc6faaad19dc9
SHA25680d41f254aed7731f699901c72275ea43c01865d55c4086052a61871e15be330
SHA51244de962b8314306f28b229b0f12b0c2a341168b07f4632ef61634939187b49e73ad0aef977a7468bd9b0485b850d6d60dbfb3542fbf8f0d89a89601c6f4a4bf4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5310f3ad9fae07c2ce488bf39aa13f485
SHA19f07bc69c9834c2fa12dd80f793960b185edc380
SHA256b499177dc169a6a9fe0e7666e1fbb7178ec3b9938321dd6cec61119a7e25359a
SHA5129989eb7a4230eba225be3a919b9f582a57be999b7f8760cb6667df9138a8de77a11a8f506b719e81643da4b3b4db0358f12cb25cf997798be555e68064e56ffd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59eb4fb26a0f36dc800dc73dcbedfbe0b
SHA1897e06ba12850d2920be24d8d0dfdf6c76af5d23
SHA256ad26b51126c692a58ccdd19b1be1bd72a9ceb9a564807f22f464e3db73a1d3a1
SHA512645b724d44eee4f140c7af86cc0fe8503a50779bcdef3404ecf1f229e4639cbd77e71ea0ffdbfbfb22a272ca06d03c8873d7429a11bddd0c6f0a8bbc7b21b985
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dffe21cd9bf5f7ea670249a47c97fe61
SHA1fc9940f96d6fb5cd4624e11a3eaf62cf417a69bb
SHA256f04c3c5f31852323184c2ccbb29285a140f2cf1c93fca9dd0bfa73d278bec43b
SHA5123802563727880a6b6ad8867a43a0636166767c183e29553080aa2a0b23d4feffaccf397c2a11b075ec90267175a4a9fcf2991ef2b71b9f70e1e5fc49fb9bc3b7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54a052baacd4ae539782e6622e3c48132
SHA1e1238ae21dfd0f4fabbd014dba8d3c4d4f4c7180
SHA256335fb9356c49d1da77b578397396feafd598d4ad598e6065582cf94a04c566f6
SHA512ff770ff0e00cb7b0a0ee40f020eedcfc6b10f265cf584f66e11b8e4ca7208ad7bf0b1f6a6f4cddc53cc6f5f1df06e880f9f031c05676df4962bed67bcefa01de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD512a51cd9a6730fedc911d46040569b22
SHA196f0280b5f4ba148adeca5e651b82d13c1595f88
SHA2566c21430f25abe0db0c5ff1d255c20bbd087366f59aa4099f7b4de668605a3cb4
SHA5128f8de2de307624a6598d76766f60e4de5e658da4d6bc04cb6d793d9f7e1014ab4b8fff0a31411f229703b3c682e998f67fe5f703da1ac5e44b3cc25ca4ae2269
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53e70526228a04c13f9b5a53f7903ea79
SHA1e35218df9d071142a4217714ff6cdc623b8618c8
SHA256b00b3d1150cb22b3a4208d2d4d1344b0fbc5ae0c778eb6ff4d0f6f4170f05892
SHA512e9ad2a379ce689a8701e7f3b538e064c180aa23f143b20b360223f5c1235bee4e5506271fa06549eaa953c77275c1ad513429221ce1fe871ac79667c67b2e33c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fbf1981c150ab4fe11dec43a8e5b2fe3
SHA1b13c5fd76f951ad82280a4a0fb50d879f9be52cc
SHA256082810d027dda5ee6be53fb24b9d694ad4c5481fbde802008208f0bc368b9101
SHA512caf076bc933bfc0eec5310d4e0ac0549457ba3264463c3a28883388a4fdf35a043807e73f7d63db985dd4b1f5e2ff4e4ca9f5fbe82f9ecad97de87776f8353f8
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06