Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
07-01-2024 10:56
Static task
static1
Behavioral task
behavioral1
Sample
48c72bb9e7bed5363c83cf6f6ffc270c.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
48c72bb9e7bed5363c83cf6f6ffc270c.html
Resource
win10v2004-20231222-en
General
-
Target
48c72bb9e7bed5363c83cf6f6ffc270c.html
-
Size
31KB
-
MD5
48c72bb9e7bed5363c83cf6f6ffc270c
-
SHA1
5d73757e3231518904f3a1a24717cfb7840ca336
-
SHA256
60ced9e0132b8e25047709bf7c9226d076ef7bc6b2c6c6a30f0144788e6176a6
-
SHA512
f66d588e44909e3b2d24d5a75f082436038c32020b61d7b81a5296222e07499550a4baebd5563b88c37e11eaa6be4c4051386fa3793c6bdd1d82f85dfe310996
-
SSDEEP
384:gaHtJShr2Y8zx2ElIaTm2XJE7ItQdmx17ra1aqWEH:gaLShr2Y8iem2XJE7ITx17ra1aqF
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a6c73e5841da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410786855" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64FC68C1-AD4B-11EE-882F-5E44E0CFDD1C} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d7800000000020000000000106600000001000020000000a170c752ee06183676eb4d926149bd19b0f01bc6b57dba0d8ca6478c5e0ae14d000000000e8000000002000020000000641d5c6f548b413965254df31b64c07712f5c1c205526cc18f4098f6ae511d2420000000a7e25c825e0d4f71653774db581abc46d738c1af829b4394d02e6bbf051bfdce40000000b76da0373893d0bffac9a244fba2b041143f0a035ce64b8f2977ff2fc89ce59b197434b2dab1e868d25258ae27c24df6bd2f730003c8c31901a9ac2835f909bd iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d78000000000200000000001066000000010000200000008b5adb82ce49e99a371556cbda2a0881ca91903ca4be48aadc520c8a5862934f000000000e8000000002000020000000235de2e8343e02cfdbcd54b7ab9a951ef1975e2937478917dbcccebd0fcc07bb90000000c732de834cd5dc8b960ac2f84fed7ac0906063246245ebfc471e37fbe3fd889d5e1fbc79eef5d41e6e28e264b56385f7636690a1c96589aa686c3a3002a935cf005f65a5e81bc15ff7ebd7cc7aa377b2f3e687dd7669e8d692fc0f5715c337af6dbdbc82d6694b2629c665aced6aa8eea6795ad4bdae8d396033fe274c92702fafa7e9dd03d6afbc3e79176b0c4a255440000000a31441bfc8051bfac4ac696da877003044cc34a4a88af552462e3b04aaf3d87293f8e7a8fd22f667209eb87431f22c5fb096b7637367040926d4686d1fe06d80 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2912 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2912 iexplore.exe 2912 iexplore.exe 2984 IEXPLORE.EXE 2984 IEXPLORE.EXE 2984 IEXPLORE.EXE 2984 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2912 wrote to memory of 2984 2912 iexplore.exe 28 PID 2912 wrote to memory of 2984 2912 iexplore.exe 28 PID 2912 wrote to memory of 2984 2912 iexplore.exe 28 PID 2912 wrote to memory of 2984 2912 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\48c72bb9e7bed5363c83cf6f6ffc270c.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5ec13a1e17c2e899dd735de4b27577c39
SHA1417c63f0c492723eeeceab32aee24d07feeb0152
SHA2563d097204ba7a3e3cab913a4283be54dc61623b122c9377b67baa1b14bc89363b
SHA512dcced1c14976b7c6ab20ea200a7dd16f4f4bc73577e7dbef74ac6c09df184d31f10e497b428de4b50848e101f18b702694fda6f8676ca7e70b60ab5c20bff9d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ddb7f94b219c5439f6aeb60d067b3c97
SHA1e1ce74bb876e49d94836100bcc5767d70566bd9b
SHA2569f5e751b2f3339fdddaa8910b9aa2e0c67c327afc3ed4eec05336eb2ba69f724
SHA5128778094b6d5a678cd9da416ef23533641dc9726237fa9f6765c568659cd3c9fb93f6692901508ed9723ae9eae832faeb14c3a9a53d16404a1f1447d67d963ba9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cf3896eb281b54aa32edc7dc4bf281ad
SHA1bc9b03a1911662be5dfe76e6f309601e422b797d
SHA2569ed7f223a84a6feb7051354807f98d76debb075dce8d8e4b71b51630c45207bc
SHA5129261d97ee2444df8c727bef8e48f996c4e489a6abd80b28efd638f9ce1ffcf6525a5eee73e9eb30aa258af5f219b02838990641c5d91cc4658dd6390a32cf730
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD526a44d17846ab6230ce4d210c47d7627
SHA1c4b74ad5560a2347974e4f56acd08b4788c56c20
SHA256243be2718035a404bef3701c635dbc030c2f4eca12776fe2010938c9ef811758
SHA512592c2f68189467d27e0b1e350be4d55cdb3974b85473f2d898ca683451262d1de495df6ef195c5f19742279a506d9f83dffe68ec95dd3ffe7e1e1175d3267613
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bae369fe8670e556ae04df3249dae91a
SHA1649692607b04bddb49398f5ba011e784af18de9e
SHA256fc6b637e697a1910001ba45ca139cd7dbd3b041a24282cf4fb327eab0aa7d9a9
SHA51294eead6e08c1ed82c7d4878659de22c27bf15a98ecace992ac9975a44cc5a75cdd18066f6ccbf29bfbb51a485a7368c2cdc874e9da489d54af0d6c1a2662006d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50acb4e80b52433e9411e5c5c8e19d72a
SHA164cfec80f4562ea6f63cdfaf46637549723d140c
SHA2564536f066b83d1dfee0a1eb2f6538260ecd216e06c4a633b149a963a2fdd8fbec
SHA51241b4bd940f87cf601238b9bec5ff5615e0f824d6edc7617a8c95258711da6014ef4c83b73d540fc3dbeacbbd95d869637f4d3acd6377b6d570b9ba2653a36ad5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fdb2dfc6a9141af4bee7db4bcd9bb0fd
SHA15d946a9c958f6f47faad203c917c7b36d3972a2b
SHA256b7e3ac2de220bd3c5d58a18a3d26e33c517144c2738f23970e295d3cf8eb5dc9
SHA51262a08c2203ca2c8f15bd96247d72edd89c899c832dc0c2a38532c7bf46be1899b1dede1931eb426cd9c4e28623d0bddbab2a2b48f3aa35f75d579a5d593115ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58f3aebd2093b75faae0eb5049e1570a2
SHA1c06528d72f000a1d2db493d3b4b8abd83e46359b
SHA2567e610242e42b87feb6b55fc6a43baf0a9ca14c52aafa58bc22b21720006052e0
SHA5129b626366bbfb58b8080f0607e29f1d996f6336d4534d06cde7198cd6bd602c37cd19c7556c5a160f2aa5102192d7b750913032c0a14c38b070acb06255057220
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56bf488481aedea67dc002573a77877a5
SHA12ab870d2c14b4fbe69d751d7a382dacf1f33e5ae
SHA2564898b61008db4270dedf967068a762201acdde168d871cd3181faf17a7c5e960
SHA5125d0b2dfea5e7576d456609e9478160cf4231f3e02804ff29f903d7296a8db50f0ac8766a3d1413277bb88a08b82914ff63eaf3d96ed2a237eb42fd490401dd99
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c741c79d8e81319421cefd23fd3e911e
SHA1f6abb7b545bbb37170ba689bd8b6b893735bee64
SHA256df89fd6bf4030e4be4505cd6df862961f9e255492e529326ccca247751c20527
SHA5125a8cf278b7caa3fd749ad67d125595b293ac69dbe177663bf6cf72ce27d591f6e4ceee72e08e7de9a0cadaafe4f95162050b1c794433cdeb6415cdf996f6285f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5b156e158dcc1a075b84c37fa34271492
SHA163de15a062c82693f4ee07d6ec0dfdb15f987b7c
SHA2561f238f6c4ba8c8d5ccb9111239f9f6f0f8db40ab8319e4784d510e5053a4ecb1
SHA512dd8ad7a23661a594573c0eecdc603b442a1a9b03f041302d7511cdb2c72dc81b62c1e29022460009b66ecf65b8e119aa7e04f972e9f729ba8d42183de47a792c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06