Analysis
-
max time kernel
133s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 10:26
Static task
static1
Behavioral task
behavioral1
Sample
15df230b82ec5a0b5da581d644dd389a.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
15df230b82ec5a0b5da581d644dd389a.html
Resource
win10v2004-20231215-en
General
-
Target
15df230b82ec5a0b5da581d644dd389a.html
-
Size
1KB
-
MD5
15df230b82ec5a0b5da581d644dd389a
-
SHA1
29258e7d4e8e6129295e19f2b4a1b34430ea947a
-
SHA256
ef96488b937e1e00468878c029a2b47d869ef5bbe5e27085a6be4bdb0b0bc630
-
SHA512
89848ab77bd0e7f4ae0b5dcc5b1177a84959ec3590942318360b23462d3d5ebdfa34cecd373c28a23d405cb8b459d6e0c9f182faeb9f831f97a65bab777d19e3
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000cef20a5710b3eaf4c6b8a4120d7daaa274a4fb702f7e41715fd9fd2dd0172f82000000000e8000000002000020000000e46d071067f2a770e20dca5fc6c0f6e5f7512b361285d8b5fbce9154d80d37d92000000037e8e41c60102e4bcca50a7cc9859c4f4c6706b1a01ff62020f37de056899b1b400000006ccb0464ab051786e2c1e5c81147b88e35df819c4023cece64b66a52ff2eb1187f40c8be1c8a9e7bc8cd30938a6f2710df308366eddaa1075f88ced803346c25 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0297B321-A7DC-11EE-9FFF-CEEF1DCBEAFA} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410189279" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000004ed6300396b182f0c7648f04fe9d0b94112cac5ac9470e85e11d2b7ad8840215000000000e8000000002000020000000d097a628338b8949ae305f718a2b87463ad3b44179173e789c3d3275dc68e128900000002bf265302f27ab3582326a95b55381e1eafc32460665632900e756e0f6ccde85fb97d59479d8987a3bc5dd27ac9ab1ca24e7fb38eb31ae14d16e5ecfb17ef49344162933b9d4c38be02151fbcbf579b0662f4933e921c388c42fa3ec0832a435bfa8463ce699f34ab72290165d607e82edf54755dd581f0e9db6e112973fffed17c29129c3aba454346e48d24fab5bb5400000002af365332bc930fd3330c6ffbcd40244c8e703c4d9f7bf8a092e6625411c66470ec28e47a5653f8aff054b3fc6c740597edb25161c6474ce63c5c889932f8396 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c001f8d6e83bda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1156 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1156 iexplore.exe 1156 iexplore.exe 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1156 wrote to memory of 2352 1156 iexplore.exe 17 PID 1156 wrote to memory of 2352 1156 iexplore.exe 17 PID 1156 wrote to memory of 2352 1156 iexplore.exe 17 PID 1156 wrote to memory of 2352 1156 iexplore.exe 17
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\15df230b82ec5a0b5da581d644dd389a.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1156 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2352
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cebfb6532f0cef8e892f496a674fa53c
SHA11c96444bba132c1815c199f2351b02dc34f74569
SHA256f323d1d877e81d09cbfcc5a81831a7c2ae83822743029593aea70fdfd7f26f3a
SHA512abc63b983668076865029f4eae6e3dd88243f8827af06259f3199527e40794d100d53d94af1f471d51107c386b7bccdeb289bf38e8376e871392fdf9124d661b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a14b37005e1fc6c45015a7c0ceeeedae
SHA1976b34452da0ac3774ee09ada13e78df29d6acc9
SHA2565cf9c68f344c0e627048e44dae25deb23ab72cbaee0020441ce8cf3813d0896e
SHA51252a1c0b25724a8acecbb80f80b88c6b8f05af4e7a5d38a90bca28622c67653ae55a53fd18578646ad7414c17baf11252ff4dcaa233152b6c66cd75ff3325f336
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD510b672182e11610a677796c3278ad4f1
SHA1a388d8bdcb1a127bcd2d8cf41cb1ab78127f2f69
SHA2564ebdfab201705257417676ef885b136b63f8e2f915f3fd35dc68a660c2461f9b
SHA512c99ba3a16da667c5cf9ff61cb80b78916c9c0aeb4eabd59f1cb10a36df389a65ef0e762a5c622d55ad1bb686746ae35f3a9853606a6ee1752e544009735bf8ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b3acbca9f3723e1c6dc95aca881bd979
SHA1edf55df755b926879724d00ec877fae46aeea62c
SHA2567b36fe2471a586f9686bbdd95ac5108831845eb806c4d97cac99a0ed05fc6008
SHA5124ede57b4a4f72c367b40bf61fd202656fff4f5f3a85f6215cd0ef3b11adc049e87afbde7fef8808a4ecd8439985dadc01f36c90d2a3963318d12129e9f38a115
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD596a921bc5e713c5c23ed37acccd70881
SHA1a0cfa98af0fec6439e4c3fa62014b6d4e2155aa5
SHA256bfd5e1fa7c0a7537dbfc1cc6ebf0abf54c389e46024cdd4d4727544f45686124
SHA51277db5b15b6378f5acdc5484562596c4fc3d4ccee8aeb5191df82085c4fe0e7d07939b98ba5e19ea4947c730806237fd395cddefdddf6d6df859091111b3f7119
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a0d5cdd953999c99b78216508347b140
SHA163b61962e83cccf89c0c4b176cc0d007f2355a5a
SHA25684c67c5c4c6c55ff320fde394b1f2a9bb50e671236d6c8b3099c4bc84853e364
SHA512d1dff9346ef2b3e532bfadc1ff8525e5f22c7fce580a04f8c06de63932aa2c19986a991b28a2e4ad98b4fe9dd4ef08f3c115ebd6fbbb7e425df5858952551b9f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06