Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31-12-2023 01:02
Static task
static1
Behavioral task
behavioral1
Sample
227cd5635b0cde26d20faddc5535e54a.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
227cd5635b0cde26d20faddc5535e54a.html
Resource
win10v2004-20231222-en
General
-
Target
227cd5635b0cde26d20faddc5535e54a.html
-
Size
2KB
-
MD5
227cd5635b0cde26d20faddc5535e54a
-
SHA1
4927ce812e91b2c4001f08fa5ef957e77c56f257
-
SHA256
e9bc0d7cfcfd7ccd578821f6807099041c7f3c12657dcb4dd179d0127d20024a
-
SHA512
a5574928054f93907c5b4aaa6f14e1cca6d3f171128faa22a2e8b14899410465081f0b39c1e643725cc965f18ca839519b05dfb757b0d44e7f9578e63accf177
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000005e7636fcf11decd0299971d0912117e10f4b2e2b1184e5a8919d4079e2a09e9a000000000e80000000020000200000003af79db6758cc5630d9983439d8468599c7790ce481f3fda7277e86dd76a771a20000000082b3bdb9a42aad767b6deeef08696b65547fb58fb93274a09eafc5fea4ca3c840000000376a28a4e7be7ca26e2353944ae097f74eddeba196e2478eeea8dcbd887f279aea362e919b37b302807910239b938ec8e672ceafa565cca6cdca6fffa66ffc3e iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000006df2764cc50866cf404cd3530fb2797f4ed6bed8f0e1e39d8d2e32ff2194db3c000000000e8000000002000020000000d85d904688e55977f0044de82e9931d240176f0705560fd6ca83f9eafb4fbf929000000013fa595710b5ac6ee2f3c6c98f98cbca457dabfed790bbcd36b6341256bb87192c7d1585df6cc6150aaa19dffe358fd497a1a458bc5f5f9b6de6412c613bdfd4e4657a3fa8bfd395bf32bc8fe4ecb0834e6cce8afa857c785aca9190a2d8afd3421d31be57262a9b59b263b17829df78982bb29e5eea38aa9e53f62f3f29de5c692161282d54bb0bff3d92787ef7460b40000000293ea381e1e24e97daf87db2a864497646cf6565fd0fe8d9db6bbde495ad657ec5d79bdfce0fd4c6708de50b1ab5851218bf147d8e39355256c4585083cb701c iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410579118" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A873D241-AB67-11EE-AD67-62DD1C0ECF51} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a94f7d743fda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2680 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2208 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2208 iexplore.exe 2208 iexplore.exe 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2208 wrote to memory of 2680 2208 iexplore.exe 28 PID 2208 wrote to memory of 2680 2208 iexplore.exe 28 PID 2208 wrote to memory of 2680 2208 iexplore.exe 28 PID 2208 wrote to memory of 2680 2208 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\227cd5635b0cde26d20faddc5535e54a.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2680
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54e41147391101940679d8ae70286242d
SHA1d2eb701ba66c6a9efc980c93b4131b8cda876cad
SHA2566ae5b69a0c94032b71e5d89fa6a686fe3db7135f293c0924029b11c32a4442dd
SHA512973beb31c7fe6f459677c09f6a7a5f8140a76288b0e5edf3ff2989d08f2256438c831ca87436fed987337245918a40c65feebe3a40fe87dfc46bf89a934eabac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54dad60110d8331062e7d30cd7b4872bb
SHA1a51cd9f8766be9f9514e3105369cf71e68c69955
SHA25670477817c380e2546e3397daef68bdeb1e170eb9876c4bfd893f68fc18728ac8
SHA512604297e898bf407635c7a8200258cc4d735e4ccb18a155bf4ac1cd08b477f02592487e5995b3847262a756f3e598c6410375c5dddae700c057b7b412b6aebb05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD522b2748d65cfdfc5f17ced68e4536f55
SHA1c3dd2d93d062859466338e4cde15b45de5ddde9b
SHA2569133a8aa6a4a6868d8e27a823cf34e9444d0a6ea69acfd376c2084c8f5cb0a99
SHA5124ed8c091ba2664aa563fb22d8f2353c77cc7c033d4f832de73ad138fa07898756fc41643f7628276aa1f4c8701ed4f19e164997ff8bbd9955c522c61dc18af3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD511ab764b066991e116a4036902cc8b45
SHA142951e74ade3fc9c47b29f2dfde2c8cc42da7e15
SHA2565d00b1bc5bd4b55f56053cb83d32328bbe4843a1adbcc51e08243b7f45463ad8
SHA512843f75789405d1ebd8cb4a72547b92bf423675ab9f61d6f3d9592d0ab61556b6a1927aa02292d4ef288667da5bf2e63a641ec7219204dfbde0f03e0439cc6f89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5503b75b70d0a9ae18f10337bcc507c71
SHA1f5b2df47d3df4711f80239fcf024de2715d636a9
SHA256046db61c9e6d1f157e838e0e35f44ec0b95144c9ad98b17c1222aa9d524479b7
SHA51287255b9c548c83cc0edc757d8b1439bd194cc651ad4f5eb94f8fdc0d8e5996b24ad95f9c52934da944a99c7d2b215d91e5a6acea812954bad182c58f1911dde0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5943def96786230d8d2638f59cbb95049
SHA1ce70a9683375de7f20297b1907a3c7e1d9064d9f
SHA256ecd1aa81b27c6cf41bcf87b5e01676d63a26274738067fd36d75d18b4bb7a0e1
SHA5127de3410175c16d68766959142772ca2aa800ad169c4e8af20806c5f02135758646210341532efd63e512c385d427ccaf9b2b32e4be1b394e12c2de8de8c0c189
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58724a92368dbd262bedc0cbb110e4ec2
SHA1694b26e0cf3484cc937ed7840c85d63bfd11b43d
SHA256a88fd38837482ceb39f4e9fbf553de4755c3cc86cdc5631f31421cd4fd99a580
SHA512828748cafadc8b715d0cf3574fa795cec092cded9c4114f09e640ba75b10a4d1a1910c2d0873fbbe068ee9265384a4ec242fa151545ca0d0368a02d4297bcfc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55cff927174a5a959568d8c17a406e086
SHA181442d54f2e9cec485b3cb300fe93ac5827ec451
SHA256e1e82479d979dc7a3a6fecc55a095082a45ca22f6216018ef10466173b353906
SHA512471ccfbb3d88fca0166f0fabc8627c5156a2bf6a889b12396731a47743e49b4229097f89f6f5245ee637f9e0c257db4bd3acfc5cdac62167cfc0a01eb2dcd31c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5144f6823d15b7da161f26d2b96adb80a
SHA14933d44a555bc742a6651de6050654f1d5dc7841
SHA25602a2bbf43cf9897f9860fd4577893cf3f5b56ff5f100f598c25c49e18d1fb87a
SHA512a74261800a909e248cf4997c1eb322b9c1dbc49e138d76948ea6621b36388b64026ba009bc5fe60541327ebc3554afcb8046b060d753559a994e15030ee7060b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59488e439571115b1f06023a5107b386b
SHA1a6f28150d5f07a14c997b178955930b883d3f983
SHA256dad0ac76a8df57ab4008bfde3b23af5285fd46f73881972adfd2ee53ca12590f
SHA5129486ce13ff48607bf0029a1ef5af2588a9363acfe4551ff0b00976a0276e08b5b8ff8ac3e8553e23eb2b4a4c41ae2798a872695187fb866a44af044fd972a907
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06