Overview
overview
1Static
static
1weile/admin/addhyz.js
windows7-x64
1weile/admin/addhyz.js
windows10-2004-x64
1weile/admin/addlr.js
windows7-x64
1weile/admin/addlr.js
windows10-2004-x64
1weile/admin/addly.js
windows7-x64
1weile/admin/addly.js
windows10-2004-x64
1weile/admi...e.html
windows7-x64
1weile/admi...e.html
windows10-2004-x64
1weile/admi...tml.js
windows7-x64
1weile/admi...tml.js
windows10-2004-x64
1weile/admi...nt.htm
windows7-x64
1weile/admi...nt.htm
windows10-2004-x64
1weile/admi...ect.js
windows7-x64
1weile/admi...ect.js
windows10-2004-x64
1weile/admi...unc.js
windows7-x64
1weile/admi...unc.js
windows10-2004-x64
1weile/admi...ect.js
windows7-x64
1weile/admi...ect.js
windows10-2004-x64
1weile/admi...ons.js
windows7-x64
1weile/admi...ons.js
windows10-2004-x64
1weile/admin/gd.js
windows7-x64
1weile/admin/gd.js
windows10-2004-x64
1weile/admin/help.htm
windows7-x64
1weile/admin/help.htm
windows10-2004-x64
1weile/admin/help1.htm
windows7-x64
1weile/admin/help1.htm
windows10-2004-x64
1weile/admin/help2.htm
windows7-x64
1weile/admin/help2.htm
windows10-2004-x64
1weile/admi...min.js
windows7-x64
1weile/admi...min.js
windows10-2004-x64
1weile/admi...dit.js
windows7-x64
1weile/admi...dit.js
windows10-2004-x64
1Analysis
-
max time kernel
165s -
max time network
200s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01-01-2024 18:44
Static task
static1
Behavioral task
behavioral1
Sample
weile/admin/addhyz.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
weile/admin/addhyz.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
weile/admin/addlr.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
weile/admin/addlr.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
weile/admin/addly.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
weile/admin/addly.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
weile/admin/edit/blankpage.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
weile/admin/edit/blankpage.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
weile/admin/edit/html.js
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral10
Sample
weile/admin/edit/html.js
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
weile/admin/edit/html_edit/New Document.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
weile/admin/edit/html_edit/New Document.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
weile/admin/edit/html_edit/colorSelect.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
weile/admin/edit/html_edit/colorSelect.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
weile/admin/edit/html_edit/editfunc.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
weile/admin/edit/html_edit/editfunc.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
weile/admin/edit/html_edit/portraitSelect.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
weile/admin/edit/html_edit/portraitSelect.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
weile/admin/functions.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
weile/admin/functions.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
weile/admin/gd.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
weile/admin/gd.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
weile/admin/help.htm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral24
Sample
weile/admin/help.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
weile/admin/help1.htm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
weile/admin/help1.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
weile/admin/help2.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
weile/admin/help2.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
weile/admin/hyadmin.js
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral30
Sample
weile/admin/hyadmin.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
weile/admin/hyz_edit.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
weile/admin/hyz_edit.js
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
weile/admin/help2.htm
-
Size
1KB
-
MD5
cf50144721f09a879d3c91cd206b670b
-
SHA1
dafa53402b6e4ea1fc7b692d31c939af85a1269f
-
SHA256
098a1a0d230ca037d425842b1beccc298b82718f02dd0a7bdd4a190894c1cfa2
-
SHA512
9095d22f89fac2d34ba90133f12df91b3c998439ec1c4424f28c108c6a5a32c0c6ac5634213472f111e2cabb89d5c45c08dd87d9c9fbfdaafcd77feadc025f09
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079650" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F94468E9-A8D5-11EE-B6AD-DE9D3A49EF0E} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079650" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3454479080" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F94468EB-A8D5-11EE-B6AD-DE9D3A49EF0E}.dat = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3454479080" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1412 iexplore.exe 1412 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1412 wrote to memory of 3852 1412 iexplore.exe 90 PID 1412 wrote to memory of 3852 1412 iexplore.exe 90 PID 1412 wrote to memory of 3852 1412 iexplore.exe 90
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\weile\admin\help2.htm1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1412 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1412 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
PID:3852
-