Analysis
-
max time kernel
122s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31-12-2023 03:43
Static task
static1
Behavioral task
behavioral1
Sample
26c56264186fcb0ffa0b8cbe9960ed9f.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
26c56264186fcb0ffa0b8cbe9960ed9f.html
Resource
win10v2004-20231215-en
General
-
Target
26c56264186fcb0ffa0b8cbe9960ed9f.html
-
Size
10KB
-
MD5
26c56264186fcb0ffa0b8cbe9960ed9f
-
SHA1
dd8373ed5f54f075ecb186b308828db4af8db889
-
SHA256
77f9725898f7898f02ba482c4753281694d0b538237d058c5ea9f9cf6717f5af
-
SHA512
c64d8c1f607a6c9666079d6111913fcc109a58f4baf7fd4f6014e77f3abb85bda3d2ef772b90ea57b39b07f2e976b29044787c5a7f1a5422c6c82f06ebcf8163
-
SSDEEP
192:AUqrsoWmrj7jzp/kczczZIbKXrtxoQOQb1Mp6+uIfQsM:AUqDWmrfjdsczczObKpxoQJM8+Xu
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000056abe84d5200a8fdff24da056af9a479af80c4bae3206632f3dd79bfcdc63811000000000e80000000020000200000006e70d3a9081c02a1af7ccee1f7a72d5adf58aedff82f24b2119ac66b548d01a6900000006bddecb7a1c2ac3a82f00605fcfbea5734df1db402bca65d1daac20d6a7c241eced9ba9a3a75d13201ed0cbef530500218d1fb7fe77ca476b383f18f7b00ba5dbd0e45baee7964293402545ddd502e014a85cacf848c890539c0ab4fb14756dfefe9aac5659a2d23946cebc77fc58922848c33e6e0c288f2271b1f3f3b8136915c1ac8e09950af98ae61028293c41bee40000000b408fb40b588d56db7348e8dc926a793fea1692368ac760c0254291890f052c9cc35ab30e36ddba9f86de1817b8f65c4921cc1654651706de0e41de51056f533 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{92E239F1-A91C-11EE-9201-42DF7B237CB2} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000de19a6d0b69981ff03509c8bd9ecf308fd5e77ec402a9cb167371f779de641e1000000000e80000000020000200000005c2a29eb06aea5ab5eb4352b761409f9402a392c931a44250f33e5801e021af6200000003d62d537c9581267696331ce73c0e908731201458158f228eb7f43e58bc1255640000000fdc2f9516b6f0f27c3dfe1278cb5e56aeb5e8c66cacf3e04ee5b50987a41d0ad064701d242818a219a84ed5492d8b18ae24e9ccdc0367e11731f22988a06a9c3 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 807fba67293dda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410326946" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2088 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2088 iexplore.exe 2088 iexplore.exe 2312 IEXPLORE.EXE 2312 IEXPLORE.EXE 2312 IEXPLORE.EXE 2312 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2088 wrote to memory of 2312 2088 iexplore.exe 28 PID 2088 wrote to memory of 2312 2088 iexplore.exe 28 PID 2088 wrote to memory of 2312 2088 iexplore.exe 28 PID 2088 wrote to memory of 2312 2088 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\26c56264186fcb0ffa0b8cbe9960ed9f.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2312
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD504f0d033283d7498d7dffae81f1f9a07
SHA180b5913dfc6d74367fb4dc507b0b2f84e7964a12
SHA2560ec689097dc859e2eb71b18a4d7a8c3ca077e58cce0e815d69a2dbbb3b5e477e
SHA5128ee1f850d51cb355bc752779376170207446a999b8aa35d3ea5936afa67c6265fe8022ac25a00b07b18d79b30b198aa27fc35a60f65bb394f565d4e257a1dded
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52fb7f90b6d381ee87c9b5a559eab4b4b
SHA116a78c068fa77c1aa9047dc4be764cd71d87adc3
SHA2561b08c850a9bc009c4651025bbe7294e24a583fcc441e6c736e88db3581660b1f
SHA51293f38602b31004d70d06d9bcb4ab9e7f182394390c86655ff5a5ac1d2b9f34bb8095585fb9ae706d10188b6c65929f61cc57dc0a8bc5a4321a6d0f16842728b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53bce196eb4948f225124bc1b0111d0ae
SHA16e6a8b3797e4a5e4121a01edfa98c38c02362e50
SHA2565421316d97d5c46366105d11880dde18fdfa548ea248a4c93264bc4dc697b60c
SHA512c426ca9c252f53b6db444b64af4a28b0667184bf8522d1b5e184754f7dcc79a262a8e9f9566e5ba4a12603585094a728f73fd3bb58da5b77b71e220ad7d320f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bde55d5d012440418227048cf337b75f
SHA111c9fa3ef7c0cb63878cc7a822785f10fba58666
SHA256f8a8056af4cd20bcd7f40886a97ad18a890cf878618170388fd21b28541a1410
SHA512804a82032275ebcb975c7cd427868beb2d8aabdbba6b2799a32105becf9e7cb498d15d5b57be23bf2028e39b01dcfddf164757acecb5e19213d4e00c21d47a4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57383747f6b372372988291d63a66a8e5
SHA106e951f13f02fc0b2f585ace33f003fb69135464
SHA256cfd2a5b91f6de00b84981e86e2fec86890f0139f4f7001b9af672d14400b5159
SHA512df4a01e23286717ad1e48da0a9b4b4b40313047104bf6ad66512633b3eaac077388ce105539538fe73d9be630392147c161c754886ea928473c372423e30df80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD594f23d86373a95ff4a40ac1e3e090e5c
SHA140402bf0b3839152885c5b84494b0f3d8462f65e
SHA25655ab01c11f13f2131b81eeae64ed4f9508f67874abdcae47d86f0336d0401418
SHA5124954372575928639a542af3d2447e2d1c5828902d82d3d708b2c2c0b8e97439ca7c906dfeaec7d1d3dfc43dc39fe63a9c07ceef97075c925060ccb3ac0545047
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d8bef5ca0249a15be5db77b492d11841
SHA120962f2941bf011751200b202eb2adb8508be523
SHA256ca966b126c4189cc28a1944dd3c21d58970cc755a94280216576340dc93db49a
SHA5123621d355afb73f2c2b04f65f051dceaf6b1d49475b7d0b9e8d27280418611a34c89cf66bc2341f7428555ef747b6200ccd10795e6cea2afeae99ba52cd935ab8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b55edea147a57168cae9efc5aea95a5e
SHA17c2a285794299ce5d533f9b6d9cb53fd75eefcbc
SHA256bc00e54ad6a39df319d619631fc41afbdf25f4e6044108ed47ff5b92ae743fb1
SHA5120478fd533a8295a5f3efc1da8bc62b9938e62b2e1e92cd309ae81aa052c0c81a8fa5730fc8e265c79eab3e2d936d741ff4109bc267539a20349ac19f3d3107a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ee267ceee3593cef0a86ec52b54dd122
SHA1843f39ada34ef65955c5f7365a999acc153657a8
SHA25600faf8a06a59d0b2e8415fb0af392585712c95e6b89f9646122d7e8d1a2d33b1
SHA512c9fc243446482de79b8844f618696cd1aa4bbf9992a40f43f81cd44cde7656f2a2eb241c2091725191b4ad5759693226f20b0ddce013e646cb19bf628bb3f333
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f751edd9b837f84feaa2bc9182cd2335
SHA1c7e469aa1d18a4b88b08766e5ede23940aaf22fa
SHA256a0e826298c444186fb4e074551b884dcaefb8adc21b026990977272d839e9dd9
SHA512251bd08f9a90d9ab1755162f8e7977940e3c321a937c18d69dd49e8efc4a1e5b9ff22327a1ae8c9ac9d18e62a926247aaa36fc67ae2365f2b8236f28baad4262
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57c49b738bad36b4a176da747fe502256
SHA177d22413f18fa19e5876200ff4e34a99a74da307
SHA25647319716f1ba1a50dc0fa2992c6f608baa9e677d244995dc9e95d1453c083e10
SHA512c750ff6fa788104ebaccc37d7858e5a989454ae73e9b66c6a608906c08fca69c178ba4daccbeaf73512469c6a193dd63e128e5a8b90400cd95a2ea33cd358bf4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d23a87d8259a467cfa30f9d3cd83f8ab
SHA11841f75f8d445f98311c4fc94525e528e88fb445
SHA256b15bfb6033a6515d76537cad59d25e9f5e99dd932c323326a39ae9094d603fbd
SHA512c1b6313bb10f891dc297a3386ce3b80586c5d09284f48fcae513d49dfc6a4cf7a7099b31fc64999772fc61f57e19b08532f425d0ff6362ff55826030307a3855
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD594fee65cbd67d7d0ebbac1e7c76cea17
SHA131d10798a80282db1331a22eb3ff93522d965102
SHA2560f33ce302b38b64ad1b4093e5550a67747448f2e174196b2f41bdb31e6f396d5
SHA512bc275f85f2236f720c723eda09da9fd87d4a08ce1ca3d2fb387aae1c555516982ed378b562b0a06caa3088ee77e952577172b589de98569b6b574dcf725413e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c09f4c99bacffed13e36ea6b84481172
SHA10699211447d05f75c4a42d863ce3f824f00b04d2
SHA256731a81f1c936344257e2d9dbff4359cc82fb3a478a5c43f7d3ae17ce4b558ab1
SHA5120e08758c2a419d157757c543ccfa9787cb5f9554f9452d25d3cbc6b49176f5037e3d324442c025113f1398f6f3beaca93a1d663d7c125ee44be2d531b19cb810
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b49aa5e332b3035bf716ee27b85a4bf5
SHA1ea3a177fd23ca7e75f8189e123338b2a3aa074d7
SHA2563aebeaeed8fc87ea836535f1f114f64177ecdd5cffe48cbb0399e5fee68e49d1
SHA5123dd46a56c10aa40cb445df024e06253a374949cdb3ee366d32441ad96e0f644523e40ac18312e7dc74bbc0cc008ab1b206ec29f60f380aea64a261af1c9760a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52c0affb46431ae8683a78037f149f852
SHA1f3d526e87996d2d0d86cfc63db9849b5f22d3cdb
SHA2567578be9a955637ebca938fd429185f53ede2df9cfc8c140b179a4fe2be29a072
SHA512a35d60df76e4f5da113037d5ecf1dd4d65a67383fb8890dcae63998d0afb14705f35f5d57ad76a2d1a465cbad4e3a5cbe2d5c74affeb83481aaf7ab4104337c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b40eba8ad95c73cf3e394e2672488e26
SHA10d50971e1f77d6b51d9549c98ac491d603bf63b2
SHA2563d07d1dafcc56436987d274d853204b0b22f8747999b4c49e35b0bd105d4e081
SHA512fd7838246c9f0eeedaf5462495ded4f344b90839620002b2bbda4108c67215da0f3c56a4d1bff1744b856fd21d4d7d08d2d0bd04872fbd6738e69fff932cd330
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06