Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
04-01-2024 04:01
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20231215-en
General
-
Target
sample.html
-
Size
22KB
-
MD5
01aece55d8b2b0234a156b708a0b2731
-
SHA1
2e9acf6f5bd43af807f89601728ed4ab63593fd8
-
SHA256
83084285a5ecd29981342f6e4322696ea2ac27b507e6c3ffc95816ee6acc514f
-
SHA512
12fc8082757d23cbcb783197566074d2099a326320c2be0313d9e5814bfa8d03941cdaf653344fa27628a146fcb6b759f5180115b0b74e1499740bf40773f062
-
SSDEEP
384:+SFpvshhDoMCHmihlh9C02Juj0qDEkrk3K/1RFQvMotdvu3hl:+o9ECtHmirz0uj0qDEkuM+dvahl
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410502837" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000072d0791b67f5ec3b64e24bdbd143ea433cc97457b53a9e9fde2fd9bafac4b84000000000e8000000002000020000000193e792d1630e233e85c67bc4ab5c9e757701a5acdf04c35c7eb4a7e684fccac20000000874f5fc3de693bd88d748ba44a9a95c8a3374e8b2bf0b280af0e98fb2fa9a86a400000007ae1e1bed63c8727839db7cd91c0f7d65abbeee016586441d5b70b75e14147fd24fc8fcf680137e2ac36030c3868c2f1b4120473fee4e87f2b9b39dfee501f06 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C765171-AAB6-11EE-8383-46FAA8558A22} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5081c8fbc23eda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a000000000200000000001066000000010000200000004297ca7a029f3cc016fed293b3a00bb3110b9b00cf76490ef7a1f1542d09afaf000000000e80000000020000200000008b39e5c9f9003735b65d8562534e2e675fa2efafd7680354ef3694980bf541be9000000054b379f073ecfd08f6ddc6248b59ecb93f2ff33c3163c1c280371ed02a616cfb336a895b7f7852fcdd717de3eb99fbd8ef6ce9b0f9f00f72a86d6134ab38c73333055de005c0937eb438e30f870cae5376459c00e61e7cbb385a602d8ba56b036e602e7120722781f1768ea7eac431b83f30225ad53e5aa9d985f977ca3d1a4d65a12cc540028f47f5120ef7138b0597400000007206632d8ddf392121fd7e290b78b3b1a8a20ebb2050029f19be7fa3699929a79bd8c948a0b9f36b31d5d162102de907a555d0d3f2a68db8e86014b32b0975e3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2560 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2560 iexplore.exe 2560 iexplore.exe 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2560 wrote to memory of 3004 2560 iexplore.exe 28 PID 2560 wrote to memory of 3004 2560 iexplore.exe 28 PID 2560 wrote to memory of 3004 2560 iexplore.exe 28 PID 2560 wrote to memory of 3004 2560 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3004
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD516e58d0d92c8f6f6afd88232ea0f40b5
SHA1210a648efd2e1c0106c93a39f43a57460e1eefd8
SHA256aa2c832a04b6bdd117fcca756a278c6b3d4286387ef3f17b01a856b9815303bd
SHA512e5a00de1db32a83a1fdc7959316258cd6c5c8e0876b12518b75b6a1d44d7257af3a46457a9368ddeb01f529b89f382c187fd83f14485c574d6aeefb3ce3152f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51442d3e1db1ec0d269645463bcfef19d
SHA13305b35804889e8d8f110b195eba38f0546ecc5f
SHA2561753d1c59ad5347cea21b68bfa3666d3972ab69c9a1e6ec42accc28194d0e585
SHA512fd6be4187d5752e84288ca777589b8568f99b5bb0c9fad6a0063a19e842c5b541edc36bf2d65d8c054d82455c3329072ea193cd241c2f0d5fdd5388a2b38e3e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e56732a145286992778a8a8c4c164e7c
SHA1f7a7dfc57a9c1343b5739350b515e64e5fabbcf3
SHA2566cd47b283fb17749054ece091771748d5aceadaf6017616f18d961d086f80b40
SHA512eb5fb8aa7eb6bb3072aa75295fb1cde13a417b86786de436d896517f93de9ffbec24254b49ea2d1f5307f7129290ee40fcb6336f1c15eaeca948e0f08359a1e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52c9d638ea7b54da083b23b1e3cf9bff3
SHA1e40c54ff7db02049b7396ef01b84101b4d8b178b
SHA256859cfd0969e4ddc8931048e308f2e2eac636dcdd2f18d9d197d9b14f86a789d3
SHA512e23bf73854fb7c48940a467aa81c782603892215169f50121276846c367c4325b829c5f94562de083e9ce5cdde8d2c08f1b61f93803f1b8b833fca93154eaf19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5312f3bf78d834b1ca9c772504255504c
SHA1564b77fc4819eedc2f6eed88fdfd3d8d7a2ecfc1
SHA256411b199707e9aceabbb089daefbfbb54e0a17d602aefdfb73ea7f4bf52cd6eae
SHA512d95ded3da8f94013bfa6607e7ef791905a61eeb421bd2ab893d05d346215c73185730dfdcc08dc02fdbaf6f1fc797b7e6ad176dd940f1f82d9ff6bdcf639cfd0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD551c6c59ca8a2dda567c568d8003568bb
SHA1a55c359c77d3e3a8635e65fce5e713cc9d3a77bf
SHA256060189b4c8da2fc182d28971c1f8304cef0814c3532e567826038070f36d81a8
SHA512fe7e5782a5f10fd19c269e560f084bbef9cc1f7fef48722e4335c7e6532c0177a980fda81a58f0a86ec6e883a972e53130c63c27093279b92aa7f252d92362ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58e2ed22c48658b198ad89eaf7da782b1
SHA1784c5da5d3956288d6946c2174c74d6141ae7315
SHA256f7366ea347e1733f9d21b61a93706f2d07301d1318729c100c0fdd47a3718ef1
SHA512bad5ffee1bd307cec1197ff06aec27748da789d4a7d783f7643a25799759a1506e20d16a773cb8429404010a06874a850c4cfb4bd0f0e6106b7e81476fc21aa7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50b875610d62fd5d88073a72523a1b5e3
SHA19f39d14b798a7710fdb63bdb8ad1f1f0125e2eea
SHA25604ed6b677fa85e1187df208e093c7802cea34359b7a98f221870fa743033dbe8
SHA512e208f920692ff9d6f366536eada70598506b7f59ddc590b4d27672ffd8bae0033c26023c7870dc0591e5798f2c06f7cf4b7479ce4971e932c21d096e892bc1b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5205349e1853ec0b484af85d2f5a2e62a
SHA10f8470bd62c85e5cddc2fde5b7830c12b34e781c
SHA256ad1036cc6b1bc597bcbe6b7384ee280266981c89393247728717010668749e9e
SHA5125ab77be6dab5999ef4c497476839b5b8cc0a544efbb13548deffab8ee1e12227d23a09d95d2efd644862cfe3c8694feeace64e601ebba52c9f0af9cd8104efad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cbab666100095e089a5a6d0da515f98b
SHA1b8f488933a9bb94ae1bd31988ebce21843683510
SHA256d360e5b4e9bd355cf7881cf8bfb307946d62588b717f94b218dd949c501f5d06
SHA512d2c87280b1bdbd7403cc9a342f505f5de2b5081ea8908ba8a9f809f13fa2b7efd6449413178d725c29a3ec2167b8f854e7a40cc6ffb9f0fd040884c129c66154
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ad33af173d187d0ade7631035bb4a762
SHA13a6553737e38439895f12d3d33ea05239d589d90
SHA2567d78665a42f5db958f24a29d7aecbddde59f042de6d607f2a39e216a7c8eab45
SHA5127ebdd4cded4d361e900fe7e7e7d1f372d11dfd1498f0495297f55db74b633bf3b1250cfa2842611d1efb913340c6fc3a0c79e8642beecb59ea5421c48682cd8f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06