Analysis
-
max time kernel
141s -
max time network
208s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 11:10
Behavioral task
behavioral1
Sample
Terminator.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Terminator.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
.chm
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
.chm
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
սV1.0ڴע.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
սV1.0ڴע.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
˵.html
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
˵.html
Resource
win10v2004-20231215-en
General
-
Target
˵.html
-
Size
3KB
-
MD5
f3d0373771f533c824ef71930d30d001
-
SHA1
4c37e7b8a49087149432980e29477528718901f6
-
SHA256
cfc9c3cfb4f31069941870cd9deca1e66b97097279c33f2104d0911130df7cf7
-
SHA512
136c4934d74681b30dd398629e4ee61218572541d7c4d5a8a568d6c69784bb22c5638c056896a9e1bf7a1457bf8a4fdb1abf8cca3594cf4c7f36c5d9f06e4f07
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000048a6482652416cd5f0b89d3998c18ac6d95f9105d574bd1f01a954659792a422000000000e80000000020000200000001ca282857778662d8a99c5a31c1f98942d4291b8a1cf7aad3579300b584771c320000000144addba40efcc44e1cdf6e6ebf7bf560e4752b78a21d57353063058eff755e240000000b105077524823a9e96b662c01e01736d6844da69c738c4ffe097430fc581940ecf4d81029bcdd73e0d08ca846ec1b0619ae446cc0d2f25ede86f8408d77bb131 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8FFD9721-AFA2-11EE-8097-6E3D54FB2439} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000009bd807f65c3cb8b0e3e4af1f0385705ed790b4f93b62e588e59a335cd3d859e2000000000e8000000002000020000000c517c9044f4ead264cf08d71624ad2f2c083a223f0d8543b0db4cbfe80993e3990000000098c1dca4fd6a4c379a2824d699a163c3759327015cd266248b8b147c8bc43262c6c3f3c81b5c42c3adaccca64e8e89eb461eb1b3006652db6906ea6f0a09f4d027f5c9203b10cd1047f05ede2a54bd767d3073cbdfad96af92dc07a62b5cb79a8841e845c67dc24d491744f80b9dee47aa913ce3c4008e9249fe59a89df538f098160204f6cc0d2cd9b2aef528b443540000000bd691c5baeede04db792fd86c45eb2b678b6391e8d9a11413b1c1e858bee386e0ef6119533f7887244aa61d289d890cda6d0ef32d5a4fd61ba028e93bc8be0ca iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411044216" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0817d66af43da01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1892 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1892 iexplore.exe 1892 iexplore.exe 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1892 wrote to memory of 2152 1892 iexplore.exe 30 PID 1892 wrote to memory of 2152 1892 iexplore.exe 30 PID 1892 wrote to memory of 2152 1892 iexplore.exe 30 PID 1892 wrote to memory of 2152 1892 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\˵.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1892 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2152
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51cded0b1f4c45f5903e0ab62b3750b0b
SHA15f10ae729b7625336e2f310b73f1c226aae6d7a2
SHA256f5f28f91ce372b618bcd2516a8b9c8e29e81c818a94b5e382d5c0967708c56dd
SHA512550fa8c8babf2f6195890098664277596ed121c8f49daa8ce4b2b5ec0e05f2997959b260fc73d0960bb6847a74e4b947e850ab312faa3286985c80954d125346
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cd9cf50a1fbecb58fc407e8b6849e3fd
SHA1e285839bf69cae9c9ed0132bdbfb5ed051614ee5
SHA256ecdb02bc1deba0590f7424cb97847e2d1a52082dfda2483bb00c884fe9c1d941
SHA512798efee3ae28e27043930271b15410b5c98a2b5f272fc0b693cd5757862d037794d2b0792f8d8422ed924c37674223efa57865e20c75dade88c7fb613521fe67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5042f90f9605b6b8c91162867a07b2406
SHA15079b2f984f0103fb468b3cf2109b5e87798f51a
SHA2568aedc9c50fe99475ff6783ef153235d44ab14e1af46cdd3f68bd4bcfee8bc2bd
SHA5120de1216afa799c2b6370f871fac67b4ea7db39f0ee5f3276d45b1eda1d5023c8c557bb9eca73bda678a9c5f3cbb6f8a745d93badf663787021770e7147497ee4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59c4178c7b9e6d0ce0a3f139ba4806439
SHA10bb7ea5402cd2c6c272a7ab809b12f4a45d29c25
SHA2562e27188c0db7d98733f82368adf12fe5995eb681f7902f8e47fcb26f6a2506c1
SHA512e569f04460017a5cfd1610bea1da28bab4d9c82e6568946e19e57fa30cca428c1a9e8b08f6563e4b0f0375aa948003da0fe0a64f298e0e4f7f7dd7bb2fda4685
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59f3f648d4d3d8a3a741dffd5f52c898b
SHA1a3b1352a7f88d63523296c79a88a7c45fd0e52de
SHA25630b74015cbfe605f12ca8090ce47434ebf4eeb32ccd2360c4fb4781e13da7bfc
SHA5129929ea37695e288d504d99575788a53b9f82637f3fd9cf00b4c684ab94a674a61ad0bb04b0f4fa1a4b1f9f618a669c70fed68e7aa50a897ca2d06acb25ef3b9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54a25a67028ebb978a1a8d11bab756e45
SHA15a35e05f40a6c780aa3e1e0941b844469fe3b712
SHA2562aec7b1fe823e5443e89004eb920af288cfd54e56069a348070d0511e8cc18fa
SHA512f88d9b4ec36e6f3be0bf9e8a16a269d2fc842b95eb652ca7146751a53b8bb39deab8281245132e1cfd7075066ff2cd0280b367391ac965235b506520979a9042
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD519cb6f6f9f6f20b56352f5680058b460
SHA1df49b7c6d9b20001a5a5a694bcca45198514e51a
SHA25613d6c92b6bf686411c7b0e724dd955bd77079ef783e6bb52b6b9ffd0540925dd
SHA512618e87fc833177aca6c67d7cdf5e92b3eed57cdc510b3402682691ca33110b7efa83f754a7622566eb1ac306bdfc8102835f1a9e52b74754421918d4bc84d81a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5def0af9f0e7d0488ef7d44a818a97dda
SHA1ee1e4a0df437f7f459aeba713e9cdc2f4e320bc3
SHA2567039e5ee3e77707cca8252c44d0455cfc485c4120b5849376a3751fb746fc0f7
SHA5124bcb8098c1990bc9e75b54893893ca25d60e2762a638a1d950ec2d102544662bb27e15a3548ec68ea63c89690fc497a75adb6f5c947421395d881cb00d798637
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c5972fff2bb656b7a9f0cd2ba101c515
SHA1a7e1f8cb9f97caf68d8b5dfd950e827ff60e35d2
SHA2567483871d700c5a426966f00eeba4eaf0d4931e9cc7d913186ac6dc0652a163c1
SHA512ca9870930d7dca983ed247144be51122963b259a1c1d03b3baadd1c1ea3173001914603646cf4134ccfd645014283c25caa5ee75ba3afccae75282e15c52b23d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54caa126717b2e524b295c82ae72bdcc7
SHA1454a87a2517a67119869b91e6da0ee6c6ba29c09
SHA256843c6f250a0813a2c46d0e3a037ff8a07194669f4e96f4e3be3e9a8f65c0aeca
SHA512cadc42c3e1e46ee008ea0ee705ba5f3129d03ebd029cc3c9e3464b0f359f8e2f9a562cf28db1435aea7175b97014b0444898268df839c2656a79a949a919ec3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58571aad1215ab2883a05fa4fe0d2d804
SHA1fc7f63a12537b4d29b8059ca0da905d2228f2584
SHA25688c27e225951ba51b94afecb7d4adfcd4167d91897fc9b3097add22f8b4bf25a
SHA512b30f4f56719dd45a9b2571bb9b654d1b376b2560424c8dde88e180a19ec0d16ffe5b33f538813ac0a0296942e6858e04a66e7c2493324e4ac2e0e27f25203fc3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ea4d12ecdc36794250d2a4890f3cb7f9
SHA1ec7438e1e09405c30ce237f10e2ea7774f3852fd
SHA25665136bc00e6b321941150dee68b3a833f2bae945959743b32adcc15fec971773
SHA51273effe160b70688d6dd24b55c5452d6182a585b05d9f9c562cdf1415a85ac1ba6861d126ae14ff718ea935370829e9e4a1ab67d003aac8f51a2b6fe211fbddc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c42f9cd877d61c2109ee1bcd4ed4facd
SHA1eec278472e052a58ee28d5f9ff419b176652321a
SHA256940dce65389687b38d28899cac31184c9f06a3df8581417ed5618b43e8a582eb
SHA5125ed3dd4e8a568fd265c22d69fb2e44967530fdd14ae751078389ab113ce8274618c97ca5f02e2d1cc61e4f0ab8883f18b12294fe3776589b29d88d2eb9a1b8b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD598ff31291c08d21ae27a4b77af2ffad1
SHA15ccabb6d7ee8dc082fff7cc52e5a3e8c40b77f03
SHA2565ed39bfceede62a69e6eeed90188dbc9a3f3d0ce0e6354d121ab72ea5ce747c6
SHA51208f67b44350edd2579c1a5faf59a7fe78c253142624567d1e97e4bb3aa7feedf388f724f38f04ba002c99db75d0f4e8e401e16d9e660431132781d6a6517c2a6
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06