Analysis
-
max time kernel
120s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07-01-2024 12:31
Static task
static1
Behavioral task
behavioral1
Sample
48fd3e5bf9c1ad6c63e26d2fd18747fb.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
48fd3e5bf9c1ad6c63e26d2fd18747fb.html
Resource
win10v2004-20231215-en
General
-
Target
48fd3e5bf9c1ad6c63e26d2fd18747fb.html
-
Size
965B
-
MD5
48fd3e5bf9c1ad6c63e26d2fd18747fb
-
SHA1
35e49ea5559b07892ee83355fdef5991f5577c8b
-
SHA256
36c4e7a9b276af22ced25535b8f225a6828fe2aa7fe479e1858efc882c4b529e
-
SHA512
7cb2c1e2d79bce0e00c4d85a1438a3564d75c121215a579620a0fbfa57df6edfed1491b479e70826a9d40940660c6a43d497cc3b593c8bb4e9c2de8eddafa817
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d4f6496b41da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410795040" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{756B7621-AD5E-11EE-9905-C2500A176F17} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000004d0291f2699651366905e6b8564726a5b44faed6057d0792a680ec548e95d17b000000000e800000000200002000000090b5163c4c0f8ec553fdf5ddab15f75ff95e4cddd51d43dc0fb1f1a4b5b33ac4200000001862fe82b026ae3d401cc7d4401d56d3531acc250161b64d0bbd6105e1f8561640000000c32175e3655861e769e4807c28e30582a8098914f3b4283c99783cc4dfd50f70853bcc2deb4675969b9d67657b2d3e5c3fb2726d8aad62a6e424ef00bcede5d1 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000c679011520dc05bf93aa2cfc8f042183ebc6da007c4c0b1ce2944490c488ce2d000000000e8000000002000020000000b063ab5a2f93f8b0bc83fb32d5b1faabae1b3236b30fcb97fe43e1142f4cd60690000000a37613c55ba0ffed228f60411a0f123836f4e133a1407816ce50e7b621fca3af5729a843c25b94532094b7ed7c4b90310a5ae7f526dc4c5d50902957ab3378471955a7c2d1b34ec51d879f1f09fdeedbf9cba97ad8e0688110d0fd0bd0fd0080f4babd40a795226e42e186776eb162f166df9eea16d54af5ef5bc6480b0aedf51f3b8b59bc2d9a4f871f2fbeacf4a3a5400000007131e259620541f7aa2b8193945fbf838fd8f88c8a984eb2dc050c7fc78d7f88255e6072aa552f309a85a5cb2bbb51eee9e4fb3540dd2508bff1c7caadc0bb7e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1784 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1784 iexplore.exe 1784 iexplore.exe 2708 IEXPLORE.EXE 2708 IEXPLORE.EXE 2708 IEXPLORE.EXE 2708 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1784 wrote to memory of 2708 1784 iexplore.exe 28 PID 1784 wrote to memory of 2708 1784 iexplore.exe 28 PID 1784 wrote to memory of 2708 1784 iexplore.exe 28 PID 1784 wrote to memory of 2708 1784 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\48fd3e5bf9c1ad6c63e26d2fd18747fb.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1784 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2708
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ec2c5db1a99f48ea873d06f424f9ad8e
SHA12bd1892f37e0f84fc2e933d9843d4a26d3e0661f
SHA256247f7a7a9c9b59008f3814f7da11e0b95edcba2b9d9eee23cb8344da682729ff
SHA512fd9314551e59f2bf94ccdc79a9136fe8851b65338c7eb475a5cd013d941bddf28a663730956ad535e23cd5b954344521cfc9f7307afc165c9064966b116d00f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55c33baa7862d0aed41605ca352312e82
SHA19d1d0fad4a98ad1f5ba4dada492158ff286691f7
SHA2568c8d660e7a7bc41a963c19398521b24cc5791f2c4a819ccf1a61e4e16edb7f6f
SHA512ab8fa1020ab380f9cd663ac172b788a1bed737b42018279f44b976b3bdb14941778170e510c220eaf8d67071f9609c24a5789cdf04955a38b38415549bce88f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54fc69800db1981c18922a7de8dbb729e
SHA1d9bb03c904d0e31cb6301cf37583922480932bd9
SHA2561d704ff72384a44151fc068f64b0bac4a38f0d038f3086e009512fe1147b4838
SHA512cd17fcb478731c0d82b6c0e4d07332a567f6a562dc69e507d3b9a88191c9bddd9372351bc5298c23c93b9fea58b6285a5165d4e22ccefc092245e60bd13df584
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55a99bd7ba35891fc13c1091ef1a738a6
SHA1a41faccc86ef3eb8aa351827d47fd15c7f1dba29
SHA256fed1f5039b86b85e42e02615825b5166f8694755eb10d8932a23b25649a55e68
SHA51227fdaf879153a2990a6fd281f9a7fa6239451c514364e4b8b4408747b6df880e8ea61b1900af4aa913c4ed70c31ca456d9d6bf702b1a0c0143af9dde3887540c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c5dbaef729d86cb7542d7edd6978bbdb
SHA14a79f02e33f6e7dbc0193b201410a9aa65297db9
SHA256e9614e2c82e1512c52c4bc63f6b5dacf4cc0e0beabca578bbb225de0e56dd288
SHA512a3f8d532f8e672135d650450db497989cc6418389f90e0fad58f2101899c773847fcf9954f6e7ad440e21a0aee4f9b49932a1247e1bf075cd8be8ff9fc19247f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e75a2af778d2b873e9da65707ee90e24
SHA1eae9d800e2f486bfff8176c05a15213c72191b91
SHA2563d0a95520c6520a2c598ee4a3c6f6d10e4e6e9c450fba34f915ea110d4aa08be
SHA512a2ab20168a84bba1da931a07312224dfbf58fb2ec3d2e1c6703aa03efa430f71e078c2091c7c3112da13de6a3c7b91a82599e262f141cbfe22370ab717329aaf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD545c2f46c49853baa442029917c8dab83
SHA1500b113d1a4999f1c2b36a8f1f3436e72c3ed9d9
SHA2565db8f33f856ed0190136e0dd80673e33ee1a260e969c7310e8dc22c641676d8e
SHA5125f7a342fb0135a5dc227631fa779cfc7f90a23fd252b5dbeff217f0e123e135b0827ef4dc1cdf2ea24d9e2a11bedc5d54d167a6fbc417c0c4125fff3d1add5fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b5bb8550de6aae2beee668406d7c9351
SHA1bc898c061971a2919a8fa53a4cd5ed6bb1791e35
SHA256597ebc6a2bf568a858573ef6df7b685e4b2ba6f7847c3ec922d10a18acaac59d
SHA51294f990108513ac134e69c2b17dcca396c471bf728132bcf40362c6355b0a193437ac2b2ca73d996f83010de59c97e43ac44b8287b94b5413a51b2e8d0fb07c96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD538346acba83fddf83600943a79d6fee4
SHA184ad5ea1ea9f3292ee3dd1de4041e957ec3632a1
SHA256c3546e28a828d9b167bd6242adda8f65884f782b5addfac2f2984633ea55bf76
SHA51247fe617b903f65af2aa8785d22e318928610a65a1caa07cc517f8cd2af898eae157f721933892ea77ce11187e650125028c6aacb0704aa8916dac410a70faef3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58d3c609cacedf6508483c7793cb2c1d5
SHA18fd4c560833635dd732346faf9a5b461b8514927
SHA25603ffe97cbbfade69039c387bd02aea311c8f8b94b7a4170b1707bc37b1ddd879
SHA51226130d2cae81e40e05b36e9d4dca688206a64226b5b5ed1ecac7ff82e9f620944fc8d5f55edbe7f87edbd3fbe1f94623e18d76f6ea294186bd968dae88e326e4
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06