Analysis
-
max time kernel
132s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
06-01-2024 22:16
Static task
static1
Behavioral task
behavioral1
Sample
474db9b63bcf0f1b62202e0155f13829.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
474db9b63bcf0f1b62202e0155f13829.html
Resource
win10v2004-20231222-en
General
-
Target
474db9b63bcf0f1b62202e0155f13829.html
-
Size
44KB
-
MD5
474db9b63bcf0f1b62202e0155f13829
-
SHA1
da80a9f7344fca1565b60e1618ab144cb409404b
-
SHA256
8b231842409fe8479be08347e621495a2891bbb30c69141478f0db624ac5564a
-
SHA512
880bd84a8c4a96c75afccaeaf9b5247438fa5ae81c9e730333f8865672135185433bc3fc39fd05a74155c5cbbe2bef8ec6e9844c8cf9ca0db957835b41f09956
-
SSDEEP
768:mwS0l/sGVLsk8ejW4mTNn2obQelgKP8UMXLbk:mZJtNQelgKf
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410741273" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000f8dae6232d5367099f8d8f094eceb9b80c48affc6bd4f9ef54e40da75dedfb5b000000000e8000000002000020000000d2a3d485cc6663868493a7f418b96a3c1a5ac129680e4e6422e3ee11930e707c900000000dff046b3195fdfdd38d83af680dc5e39a7418c7e4c18b6f40c94d1268c1e8a3dbc32f8a5c9355e65addd195e1d38ab747f3fc9f62af10cd1b230c83bea8a787caedaf929d73b231e5cb3ae540b0e5f8f2b25d070c9c1ca12749a4c4a5b2c1fcc48e82f7269cd6c5eaac0dad1bc1b052e6048d5cc63fc0d0c9ffa13125affae80c1aea8712f0ca9c55602e4ed64c058e40000000e5923f2732864ebdc853068cb530d2f02c2bf3d9b68c386e9e88bebf16f87b585e92212548f864f69b1a46424db24614e58b48793b79f6d1345e4a229240b914 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4045eb42ee40da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000005271094dd76d6c9056d98c9425dfe51b5af6a038227d81741e8a6ece418715f2000000000e80000000020000200000004c445f6fa7e583262b063cc33b344f94fbacf1af4f4db214ace59e5a2ed58568200000006a905c3139265263e4e7ee429b6df642b350c57d88c6fa85d9e22a587c8c7c6c40000000bfdf9184bd0a0684da3e29de893d9220141763173a5b201d24027a74765b85914145da8e569999afe2bd97ae58e2dda39d87ccc19a083cd52e5609ac63125625 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3BC129B1-ACE1-11EE-AC0C-EAAD54D9E991} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2848 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2848 iexplore.exe 2848 iexplore.exe 2476 IEXPLORE.EXE 2476 IEXPLORE.EXE 2476 IEXPLORE.EXE 2476 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2848 wrote to memory of 2476 2848 iexplore.exe 28 PID 2848 wrote to memory of 2476 2848 iexplore.exe 28 PID 2848 wrote to memory of 2476 2848 iexplore.exe 28 PID 2848 wrote to memory of 2476 2848 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\474db9b63bcf0f1b62202e0155f13829.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2476
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f949c33566e4f8ad6d4d8110cd27216c
SHA157508be54d5c95a628f1b445cb9f740b5493b773
SHA256d8cea9161cc9a9ffe7e98669363baaa64928134461047119658d4010f9d87e8b
SHA512eb339b57c9b8736a1e613b021510f061bb7d1169c0175d710428cd96c094dbed91db8fe980c1fe84fc332787232dbf5df714fe4aab760799618f016ff1912638
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD551f0bc6afe56fd720657a55aabe82f4e
SHA1660935e9127684de1df468550a779768feff5a37
SHA256520d36270e97c161541a0767c25e8e98f54fd0b9161467272125cce10e45636d
SHA512be1792ad8a4d488881386b28b4950178554e6c5b75882f9a4c424f30670962a0d6737737f8570f243589ae32236e1ecb9b96193129b18b3025fc2c0447c12ae7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54ac047cd6d5dc0640751d7b18798a323
SHA19ad3ac733f348e96930246ee4bcabceb91466b54
SHA256158569b9fbfbb78cd30de8fe5f29dd51f077d8af7f8aa54730628adfc97927a7
SHA5124bd955a9f6bff77af4954c55ddd9508c24e8cb11792ea0c334555b0e694b9993e4202fefb25cb2109e7e19bd8cabe1d96fc333913f7e6067a5b2525136816e72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ccf0e78d753325e9d68e1fc1d333e7c4
SHA17b24561cbfb817ba3d7402a34484485c32383783
SHA2565378ae3884e1f64f146900cdaa736b91e1803fa430c86bdf911ae35afdec9224
SHA512a731e7dbf977309fc1c1c9a84dca5678f58a160a70ff4691fd7010b2e1eded879422c5c53218857fff79eeba9a5e8e39c0f55715805c527138ea1b2c4a537c8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b1b51d43516c20b8f74bf4d3de8c8464
SHA173d3f04ae62091b27b9b19188a845f28ae718db0
SHA256b4e95fe251601cd7c001356ec6869b1bdeb653c5262c650e87d16e3f4751f7c7
SHA512fcf00a5fe14fe2c6651d75759eb34df4c737555b5274c900551594e34891a43b96005a68f0a2fa3fe514ac88fad6583a9126adc60ef80d9a003735a98020f03c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f046edbfc69e512a2c9f8b8ded01f2e2
SHA1bf17543751219cb65c0afb33af5dfdfd572a926f
SHA25638019834cdb0cd48ea9579391cffa9f8c84e7b190cc693d44dd46edf2c7bd8b2
SHA51276c5ef65ce33ded167f6498f9058096fa1956128e251284894c77c7fc51b29e15c571637b8fc9ef5d02b9603042a7f27812da5009286981d174003afcbbb0680
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5140c2eec7c2f978181ee95ea3512e688
SHA1f572213e3b8034ab80bb43b97df8bc999411fc8e
SHA256d645670c6c0714bd839c73b1f5d3ac3b29f43fae22ab49d5961b393a3343365c
SHA512df21bce610c62345f2a471863e27ec2299f7da97a145edda55d0e0c3fcb0e1b15169d7af66b68b67cf22892e8941ed3b7957be32475aa002e9bc929ee0bae06d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5516ebd7a8fe834542902c19c9b83e70e
SHA13e0a146c2f5a0822c455cadc217b6c445954a0fc
SHA25617c1b465709ad1bf8a12397fe63ce7f5fa1d576831d43740009cedae7c3a908b
SHA5125c238c31762c5350d375a9435f833ec040f48cc4f9d1307fa9788349f59f52a5d3b58edba99f86e8f172d82c6ce1adfd1896bceac4499be1f7cd102c10ddd761
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD588ad511947a070792312d975e392bb78
SHA1788d699c496114bf5771315299c87f0e1d331770
SHA2566f2d388d1a73233572cf7b0493c9544007f321a77da238878e974c666b9d4449
SHA512572fe672dae522dbb3eb1b865b96134564e7bd3bb24d0c6470b4c58995966e15ef9d5ab0bfc8bbcf1d972343d21ebfaf129822d852866a24713794a1d38aefe3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f0dfdf91e533cca1127c8cfa625a8b91
SHA1af836753f3a2a3981b3a524c1c11c8b51af0af74
SHA2568a5a388d335f94023d5b2cc05f0ff6e5720564d84e71810cfcd8a61647e12f28
SHA512980f4c49969c814bc83173019b2d2204c2ed3b205b4d9eb609ef7557246cdf163990a73c989e9492bf8b12bff33ef0fdb60d818a1c901f26e7e24c328c2419cc
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06