Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 04:12
Static task
static1
Behavioral task
behavioral1
Sample
4a6891d519b8988e2b6f37477f04908e.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4a6891d519b8988e2b6f37477f04908e.html
Resource
win10v2004-20231215-en
General
-
Target
4a6891d519b8988e2b6f37477f04908e.html
-
Size
57KB
-
MD5
4a6891d519b8988e2b6f37477f04908e
-
SHA1
8bd62c325604b9080e3bdb0b20d6f7cf0ebb39bc
-
SHA256
e21ee3522f6a95767ddb9e975d48db72b9a7f04921fd117ecfedf26a362ff689
-
SHA512
c4d70d1b1e609bc7368cb6e57f7fe3ea4317f981766d5b0cc9f392895f08f7c3b0cceb30d16417bf951282d4e77f3f58933d35c0de2cb4abfb5a7feff6ce8984
-
SSDEEP
1536:gQZBCCOdH0IxC6NFzAgFVLOr4rj6tTWTDbmh+GRfcCIxh+uxvdf0c67iZkTR/k0O:gk250IxrzAgFVLOr4rj6tTWTDbmh+GRG
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410849063" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000ac21b28a0c85dff12404aee030e6f8d81b769d2080080b6ebfa78681dde55ca6000000000e80000000020000200000009c41f9c535f14c0faf1f1174d625a77707494e23ec3cadb998cd2b245310db73200000001296f5d7af64c9cdc771075d26bb1eb838e5efe118ec04cd49e9996eaba6357940000000e0f5e5ccedd0379be70f92b2d260ca975ca4e3e6461eac407fc5679f55bfc0dc593393d7e9275ca61cbc6961146c5b9072ba027d53def7bb84da27cd9e2c32ed iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 206b2629e941da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000002a82151a8013cdde240b1a8e73cb06ace9c8998d8222455dbc42d67bf0be821a000000000e8000000002000020000000408f56e84ad1acbd9fa40c475c5a92d92d8112a28f7794a5038667b617a5b35e900000007fea1771799b18f3840c48dde091918e06e2e5090a76216177a89a1e733defa2871aae2ca0f3e7cbb043247d8093338d452b0d01bf94c6610c08b27876724cf44308788692794758afa607054024be76f5148acfce3d880316536dab69fab56d36c0bec6a9b893fc7f5689b4615245e47412eabde5b785972fad1410bf375c1116628780bdc55b7e4dc8aa04a8432fc940000000bb732afeada9e0f7ed3a3bfd68587d7ce65151a9015aab3eda215abed7a16e1832c52c20cdfa6c238e88c9afa507aebc31749c868f84d291bf3e431a04e8c7b7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B7E4F41-ADDC-11EE-9B2E-42DF7B237CB2} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2128 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2128 iexplore.exe 2128 iexplore.exe 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2128 wrote to memory of 2744 2128 iexplore.exe 28 PID 2128 wrote to memory of 2744 2128 iexplore.exe 28 PID 2128 wrote to memory of 2744 2128 iexplore.exe 28 PID 2128 wrote to memory of 2744 2128 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a6891d519b8988e2b6f37477f04908e.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2744
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51914f8a28625ab8cf1d58f6219a6323b
SHA13e1280e19e7d8c01123df69cde83a3782db8e5c2
SHA256c495f65df9672e983a2961f3b6f19a441c9517221c26b0c6dbc4d9582f856e42
SHA5120061d58f67c8bec4aebff7ba319e660ae2ef262e684fa48403b7085789cba0670a8116b6a36e64586138a274e72506bd01db30c7efd1460d107d2a6d4262915d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b99bf0924769a23f74f0db86ef13db75
SHA10727af2c6b7b8efa8457f3eef049be55c9eb40be
SHA2569b118e2ef732cc4b67d59b13f403108079a1e80f693872860184bfe959b30206
SHA512648edf7221690fface17d19a13bbbba28ca75395b9a03040df54bc978c42f59221a3cfa5b9942d9517544f38ef3e5f6d6adf6d270e0ae182c0be2d5ac7158ace
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f2022ac17bc414e60ca8d045ef0be4cc
SHA16937a685b90b44002ecd837cbbed7ce91749f8a9
SHA2560c9fa44433b3cbd4d8f889693b46fb07c79cc71446ae57f1c6238aa0718acb5d
SHA5123fb31d402a9b84f0c31bb5fd33d98a6e2c56a68c42d9da4703b73d60cb122340d5248059ce0f7f17814650eed58485e28f37f4498718dca02fde5724b23ab1b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5257d02328c28b8e7912c54b8e4ebbc38
SHA127c5d8c48e4ed54e7a7c4eb169e2b3af1957af00
SHA256e2bd1292c56ba12ca55a076a3cb335b49ea329e035884a0f0f5adea73419cfc5
SHA512e6b1dfb7f477677d7ae695b2be16b77ca9ed071c9c8d5f3e92e976e54b4a3cb1f4410556924612c00d72f74a20ed052d09b27712d5265d5fb28ce25bd595636d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52b85b2bb96516b227dee1cc4b1701d7e
SHA14e2f262f3104383ef1ee7405d62c055038366690
SHA2564b3588d0cf2931407f74734916081aac417beaf4513ad779be5f9f59359c0b7d
SHA512bcf90b38d7d2144f148fc716d483a0d1af655ade3f7e7af16925493bf54f922debb39a032d606627b4a7b421ab818a6d50a4b0de0ef5bd98ec8970c75f0fda9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cec5728b5f1d7e8f2c1e148a3713ec0b
SHA12697bda60ae3d722a8bb1efa8b13c1a7f56e8e42
SHA25663b426cfc1303006829285f9867b51578fcdec46d5b304ff72c4a5786c4b6380
SHA5124dfd40ef9c2a129615e8ab6654d04e6f2e6eb9aca646df7fb4ee7a150f98538c2632fd3b34256e3327a6bbaed6aceac5bfb1ce616ed823a441e07dc98d54fff3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e910837f2e0817d72e7e3819af4a830e
SHA17866ad7926296afb9244dc141b3c3b97291cca2a
SHA2564cd93b64b392453fe2da68d902c5c204e1d1981b1cca3d55c87b5201dce44531
SHA512535ce697ff2f764826dc7c1eb418252cfbbeac1d71d77b33d7eddbd39dd766ab1bc1865ea1e62d807153ac73d70dae379419919cd486721673cfdb86683e3c26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fafe58c00a9767f9c7981a45abfef929
SHA13e69eedd0a774530d4246367b7ac2a852417a882
SHA256a50719c451029c663cff4c60486b419305d07b6e2ec28b0e9858c8f8041c59b1
SHA512567ab3c1b8dcc98aadc0309064ad7d9a7b2c2bc80493bfb3ed88e8e6970ac8b7b861966b450590df527472a9700ec7545ff0178fbc1306a45cf2cef589aef4f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55e41109d2c75a095e8f7989b8a097b7c
SHA1ebdadc4a14a7c020e758d360885b831a7f016e57
SHA2563017291e82e038f5553f91a50e1c6ce793f707bcdbff008ad04dcdc8c469d23a
SHA5125c4ff1b58e14a0b6deead384a9aaa3d05493407c85d2488ac2aeb13fd968ec51d764362b16aaf7059cc1111739f3906f6ac136b3ed87377610b00d7c79af1f6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51ff5c59f9403c85c36dcb74fa853ddf7
SHA19168941c0376442b07ffb6edd9c63908f801b753
SHA256d2b13fed25421bf59802f0f1175f068fce9ba2053b0874c9342d10ded9ef6dff
SHA512e6e006cc8a91d8a49bf45d9859d55054e76c01b160c04abe89de4c41469ea76118de72c42f45017a9ce4f822a4837567881ad215b7e6c075659ab6a3671bb3a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD562301426396e2a570de7b76ad6dca850
SHA17b8e4e1b6d4d7a112b8ac556099b2ae8516dfaf4
SHA25630fee184f76f9f414e5bca281c1d1b696f0d469af9c8addbb5514267e0ccb081
SHA512f5f77c8380e1b5991d0c85cc325b25d262951d36a889b46cbcc9851cf32070cd48513a8bbafa3bfa54a1a491d5eae15c267e8ed565a64482a05e674f6b80a339
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD599a8210a2b4b228a6d18094439177b31
SHA16b2b258bb93709e2c922f6b3830d148b406d6072
SHA256aad06d15f3afb5c72a25c9f53ddee7ce69869c748ffaf0698f3b05dbb2da9c63
SHA5128ba8028b72f4dfceb9eb7f6e2485a52f8f18b35eb60392068c0a974ca030f3f4f76bbaf44c345c1244437f1c131fd3d71d62cad9c5ea55e2e4bbef52e68b86ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b14e7d9e0219db4eaa94d287c7783fb0
SHA11e16f5a40308c4c1f9e99c4a77be53b151679c78
SHA25689d2a90aadb847376b7b1f138250913f005790db9e29b427378d0e28286a4211
SHA512fefbf30539e408e649ba72be635bbff1b5ced54ee7961ec41e583cafec8b1aaf186c5111b0b5655e94673c021fadc7ada87f176884225fc4b3fd2fda5e48003c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58e59347c752e5f1b697cc7fc8af5f65e
SHA110b5bb2ef90745bffefdefc0c21188c7aaa20afe
SHA256337a80dad52f9c3ce331a1a9649e14548169ac7cf9eb52003aa46da25e02d360
SHA512de110306695dc10b0e8c254851ca8a7c96822af5c565747bc39196fa4f971f72d2e8ae818796f65d2d1bc44143f98fd8bb033b9833d4a3ce1efb0d1f839908bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5481ed11a557d52aef74cc1dec3af33b6
SHA10eed22a6a0d93ccd074181c13752562b3ee29bc2
SHA256e46887c061d8e0b79b29eff8a76b77af03b5134dc892da49ba07a2af785bafed
SHA51271c480166b9c45559bf40bb5539b5504c277f1576be3a3ce52e27b3db437cd51cc6b4f675dad3975ba6d63bb4ceeaea1b6741d9da5a79396cc1623060f81c5e8
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06