Analysis
-
max time kernel
200s -
max time network
238s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 02:53
Static task
static1
Behavioral task
behavioral1
Sample
25483e0a7d8a31790e4a78211d4c5763.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
25483e0a7d8a31790e4a78211d4c5763.html
Resource
win10v2004-20231215-en
General
-
Target
25483e0a7d8a31790e4a78211d4c5763.html
-
Size
14KB
-
MD5
25483e0a7d8a31790e4a78211d4c5763
-
SHA1
7967112e42de258b25f3b6f6bebca282c84052b7
-
SHA256
e09515a6860ea02b9d7c20ecb7e5a93522bccaa5a4182ada516c722fa46f4039
-
SHA512
e98fc672bac6befe849c6c22dc4a25090c961c416e1b2ac324776115c72ccf76eb66358903a09f76c80de8f90657be5c65188b108b9b42afcae2fb6bfe4c220a
-
SSDEEP
384:ZS7McEKkVsMToljWsXhYZGZn4H+e4ooklLi2V:UIcEKasUoljDhBN4HTv5
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410318662" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0097940163dda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000082b26e052e941757cd25024ad478036247985b1daa458133a7db93b7f104b6ee000000000e8000000002000020000000e83b8936b0bed7bd2ed926722ee2aa0bfe22b20a6dd8ff33a86c24f19d90880a9000000014367468f21d14174e0861119dd53d25fbe66efc870eb5a28c2a7ad0c705eafacdd439bd2d2d039b15bd6c958b7177caf7ed79863c556c84ed4b40445342b1e26e1200219d61af0a4009f657d5aa6959c8002912a750a323a42ff54839697af1d1843eb31af7ccee20a00c5b8a64497c5402fc6a1f027032b4df8a504e404af9222ec7005cd25548c88961c73aa73a80400000004135b5c129746a3d76696bc034d95157d3dcf3686926be2430543e06046b38dcbd24d28888443eeaa08f11e032d2f93dacee21587f6fd3a6e4172c01fc6e6631 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{48A598E1-A909-11EE-9B2E-42DF7B237CB2} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000008ff4654c53dd30805ca3be838d333fd6cc32c927228c8311d06fc04e88dd0cc3000000000e800000000200002000000050561ab17b5e3e52803c46b349075a0b23355f2ccacce1d7f727e634119c09f720000000badc6c3248237a9609843ae30552cdab2f85940502370a9b4f79580e38ed04a540000000d8a3625ec0dd25b808faff6b88d123c0916a9b9538dff00467f39d188fc324964f6125b0c7e5e305df849a7daa43841f41ec3519932d6a1c52ec8fc43b79a80f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2732 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2732 iexplore.exe 2732 iexplore.exe 2980 IEXPLORE.EXE 2980 IEXPLORE.EXE 2980 IEXPLORE.EXE 2980 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2732 wrote to memory of 2980 2732 iexplore.exe 30 PID 2732 wrote to memory of 2980 2732 iexplore.exe 30 PID 2732 wrote to memory of 2980 2732 iexplore.exe 30 PID 2732 wrote to memory of 2980 2732 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\25483e0a7d8a31790e4a78211d4c5763.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2980
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD599c1532f6e3d1f20da227ed8c5a9e6c6
SHA1f99efd3fe03e858d1a240e06dd25db4c5f35bafd
SHA2565fef6e0142813831890505cdc8774b0af19b83f952ef3e83037d27f6c2da2721
SHA51220d0e3b5de3001214937e50b8a0a0a533cc6f63f55eff8e3db34e461b9a8919c3f6c5979b9fa64efb7bc25b0d7dbb5d1a45c643f7875092323df1c79af8d0c4b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD558e5169f74664b276199206bdbb39241
SHA10fc3c76f437c9bf1a0726c9b111936bd4c6e432f
SHA256d6709f42c0ca9c0f6d81d461e2070d8b35502932768609d9741f3fb6c2c0b1d5
SHA512be44f4fc5f9b59ab9792981316cdc02ffd49c04afdf59d2cfcb4df17db963f761a2fb7078a80ab07322046effa940d7dbe88013e7e1f917ac2c15ba471bb14d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e332d137b308871c04fc9e1e5779c4ed
SHA140cfa4f2eac6b159d985a68bdb01bcf09326b99b
SHA2560b18bc21cf1d30b457ec0551acb3ebcd29c2c053b2d5827b3d0853f43a20677b
SHA512fced71e705f7b7a15ab8035d0fed1b5ce92f6fcbe9a147fe018ad1d40855e6bb70b9fdda2a84165c5d36f53564eb38846809683a33bf5af9d85040b848b603a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52196f0ee7664e235368bbc3a71f4e6fd
SHA19a0215fcd6ab2aed7a8bd175491c87aa08881414
SHA2564b7cf233261e3c09f5f499c779cde661595730233220e5ad1a4bcb7ed5a01aee
SHA512592986cac926f02e9a28749d5ccb87f138afe650d8188338a12521b3e1e16a5d49fab9a4050871d86f5ae127cf1dab299780a55bc3dc0dac91fb081d873bd12f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5904c493ae5e894936e4a1c67fb72abd3
SHA115a05019fa5088c713b66d7c4753454dae206e3f
SHA256c8193bee1d97279af33afee4f7c4c2ceef71654b699dbc64195f69fec20ad751
SHA512a892cceab52f932334f35cb567c37d3dbed25ae6e01a5579837df387e2251882aa7832f94e3de2f8d4db253dec58451d9a29638b1c9e7bf1b3994c3270a699f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c687999b41722c664ff0e36f45e8f95a
SHA1a68d499983ebaaffc9142cca8dd74d1993e2b750
SHA2560c6784fc8ae9ea928e452365d9acec6a0d299a89a47a99af1ee74b7b97860275
SHA51281ff60f9519bd8955eb0c3a4d7cce31e993da1b4e01a25b3d8feb8515f1c319bdd1b5a3f447222b827412498ca9dcc8c9a1e676e61694c66d8cc389b007a0796
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50658b208e9245f365e547206a07ef5af
SHA13c0d17d57a5a27e5d9cbde11f0cce1f2197c0ce0
SHA2561d983fec6a30228809f43b69c08f7b71abc5b1c79a1856f97121aec6b859326e
SHA512049e93611b941023aa94894934faf0b6a700432faa94812837acec8991d15799f437e09c19a028722476c931063f63521addbe481ce49241546818f5baa9554e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56511f3c53ff5c59e2e513449cef06f57
SHA1c3a2c5571b52631c31badf1608442245912cd2b7
SHA2560c49c8d8ad7add6537c63a839217cf51a888016361f0497a2405ba210c5e9d85
SHA51252c34819d4de2d85be6b8473d3897808159b52eaea143c8a99ec1cf8e8b46475d2761579cc79a6fc62007fa509659ed064cc6f4261f30b56b31d3895060b541b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c056a0175129034039031ce69e180ae4
SHA17e754a891111576b25c0b6806b146070f40e3dc2
SHA25688b4bed5ec898888c84970ba3e456f71aba17f7fd2d82b5e3349e825fb685c7e
SHA512084d85293c7d8f2b05bd78de91cd5673e67a94592ca7e8a419cfb2ff0515f397e1c273c17989722ae61ec629e8de00b6c0f8f44ad691e9ca73f87b6a3116ad91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55457bc04ace86f8e5a1e16ce9b2e59d8
SHA102d143ed417f720460612550f92b02d0eb8cdfca
SHA25657ed3934003ea09fde498e1abc4a0131823bb0540054a9316e3bc21a05e23b67
SHA5129356488f3db388383bdaa0d23518ba27b7dff858295dd8ba7bc09dc8f4f73b768e0e20168087f10029964518f44452ec0b4d76b90c3d24f639a260f519230fa9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD568d605c6366d758ccfbb3351a893fa20
SHA18a9a2ce3c7dc75dff36cf4a9e0115586e0344182
SHA256eb8cd3cb491f59296449cd45851907b9593e739887cef512ce96a4973850b531
SHA512fe52a8bf71655f36991986e929465656eb20ed94d2f84d673f02a32f96f41e6003247da45163d78ee37c48d26052ee1196d88c131248bf2d9999b1bfeb5520d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5659f2b49867aa0ed1e61433f06ad5c17
SHA1a56ae24e6f25bc87aa2919fcf90d77c18d96d83c
SHA256ba01ec0a300e1eda63604615db1e2810ce7d8a7fec790c27d42053b1676049d2
SHA512afecc66718fb89a0ac861d80b98ab74afd58a44ae043bec7f71b3bbf68c8e8011ead24adb421b650dc583b787e3d1c9b4892eeee3575bec83c64a4e948d5aa57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cacdb7957e168a3a349aa7c92050fc4c
SHA1cffcca6b5b1f5a744ee9cb320db51e647a91acea
SHA256cd7e55cb203d6f77a1a62320918e65b5889f688304a6281ef1c1cc20fc31e617
SHA512c3638eb7dd647e1981ae8c4d900837af3190353e04805f8973f50ae62b36c5f149b575970b87a060cefaec28d881861867a2e3da07d4c5b49185e305a81768c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51e1e984bf26674fa5d1965bfaadb8f53
SHA162b7ddbf42aeac7b1a1bac92011f010d958b9efe
SHA256bf1bd19fcf38bb9437be3e8b2634e967177af03afdac178d25a19cb925614c60
SHA51208d7a1479e7ea0606dd043c71dce9ad52066ee7d22f51b9a9a4991983d389e846bdb42279ccc3c8edde00cf5c64346a2a4f1af7a07b74f006d9e549abe9dfb9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5789b63eb2aec362b35a10dc01955656e
SHA188750a6db2650294ed60aa8c6156a658a343b9f4
SHA25679a24db9d3b1ebf4044a4d5f064a56df94d937e6d8993f14eabce922fad5f49f
SHA5120f7b4cde1df7870ee503e8ee66e4b222631d9760407bb6826e33fafe2dc53d4a2ee0880267770cf788537aa7a727549c68cfab0a2784b8151438e7ec66e155d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD510bfaa59b7b60ec27435ee45b4cdfe9e
SHA126fffd296fc900eb532a23e5fec2f08dd8df213f
SHA2566221c71782861ea299f22fe3175f45ca6fd7445e23b4d5097079245c87b8a4ea
SHA5129151167b876cd1872a2d002b3e87f9f4284a525375b74d1d01bd5facf346a4165a9e1f0e8264be76c61ecec46864a35b2fe000cb2fd05332227c90e17d441b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fb1575c743620c5f65407ca8624d399f
SHA16ba1cea5a5a27833e7c8b696361b93bdc114d10e
SHA256575bbf46debf50aaec8c21e77c3036f9d5377f4669eaf66b363658b36ea06f54
SHA51277c7dbe0af17435c37d3a1ed9e07b7c1de90d69ad36175cbfc88384760de2ae4c8522c489810494fe676ed81261a2045eb3bd15c784eda3236a8a49ef5b252bd
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06