Analysis
-
max time kernel
141s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 04:14
Static task
static1
Behavioral task
behavioral1
Sample
4a6942b672616600921e656dc71c33a2.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4a6942b672616600921e656dc71c33a2.html
Resource
win10v2004-20231222-en
General
-
Target
4a6942b672616600921e656dc71c33a2.html
-
Size
9KB
-
MD5
4a6942b672616600921e656dc71c33a2
-
SHA1
544367afc9b4a7f29cacaf4611035f4f385036fe
-
SHA256
ddbf5393ca613b3d935b2e65059a1c1c04f606bb8cbce464aba8e793f0e98b1e
-
SHA512
ee5039a4b3e305365c2ac30faec89aae8c257cdbf6ce9a2fb4749264773b48e27aa3e8ef88cf57987ab7c13541261312e1d92e57ac643187ffecbc39abf5b801
-
SSDEEP
96:uzVs+ux7rdLLY1k9o84d12ef7CSTUaGT/kPs7pUlVHcEZ7ru7f:csz7rdAYS/HuUPHb76f
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b71c52e941da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000f1918176ec8453efd1048fdbd47711ec6c1fc4eeafd952d7c5b261493875cc3d000000000e8000000002000020000000440355a1a96dc007f554f9e61c1ced127cfa090ba6290ecc5930cd262b62f45390000000d95c45941244d5bfd324541272e8519fa8f30fb386a8152b30ca6d39b264af76fce6070408815f8dba92a5af626648917cb2ecb12cad1e229c54fb13c7ab940b352b30a7da13c888744fddd0ffc915c996ebeecb003dc0ef096ec99ae27aad7c0678e78dbc27db438aafe4c53e554474522e57aece6b845a11edf28707e7ee75f36205a07b3fe07bd6305a4feb08ee5a400000001d6baf67fc9af905ab548ff981d64f9c90aa0263cec3cbae3c2746c1da684b43394a6a5deb3d29ec7439be786cbcd72bcb10e36e85d181f57218e0aed0ccb8b2 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410849168" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000296a08aabd7e28c9d27c63ec5c8cca10bd28fa069e4635f8f4f7ea82fc746de9000000000e8000000002000020000000443262de026f2ed7b765f0e7adec88b4e205bcfdc9c315a0ff6ad111c02fc038200000009c34f270859f56fee60aa76bdb26eefbe339a14e9ac48f5b50137028c8c5b221400000003b3803f56e5a842ec17da079d560c57561c1db5fe025dba52839f2b10177e923461a5c1aed274c5e58a9db21fe57c6566f31b3dcaee831a5c96547a2c0f8115b iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{79390371-ADDC-11EE-B59C-EE5B2FF970AA} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 860 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 860 iexplore.exe 860 iexplore.exe 808 IEXPLORE.EXE 808 IEXPLORE.EXE 808 IEXPLORE.EXE 808 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 860 wrote to memory of 808 860 iexplore.exe 28 PID 860 wrote to memory of 808 860 iexplore.exe 28 PID 860 wrote to memory of 808 860 iexplore.exe 28 PID 860 wrote to memory of 808 860 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a6942b672616600921e656dc71c33a2.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:860 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:860 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:808
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58a9f2c9feb94cffcc2b89241b408d2c8
SHA1f05273875182fad99c3456c12df5b431a7a221ea
SHA25661340c0b7ca582b67a6d97f98adad554be48269b1419dbead2d2e7336482a643
SHA5122ccb8c1b8e016842c763b4276c134a056f3941714de2a2635fb1354aa2f6347e74fb7275af987160c24165aed01cf2accec52c31b33e2215b769ec9cce586497
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5595e635bedb2b9ad1df81983f37a2dbb
SHA141602e0e7941b6e459f5f7aa8ca51890bc9d7e1c
SHA2560374a81f0361aff4d4354387925107af793014cf1dafd1ed77f14d5ccd290118
SHA51264cd978b49ffd2c5f64b668a4ac9815f8dde49ca5067b88beafc5e2ee1eaa6c16e7400caa132b3af7823018b0367f5061dc568186a39563aee682b231bb0b019
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52c12cd34ca28aeb966016b99dc552cc3
SHA1c8154c69e75913c90cd636d1ff8ce89c0dbb9b05
SHA256ad5bc2eced4cce3899317a91f6c8d073bce35957cc53f872566fc8f4b3940a50
SHA5126b5e05b9b9875ed48d8bc69d58e608e692dc07f3d6b656f6d23b4f97ff979cbf2ac66d4d442e6904585d612030ab50e0dcfb01c6c9ef31ed02b99d524fbeff2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c913ac838add514438bbb65f6c44f5e2
SHA1c4e381c35fc3593a73803567c451071b33d1e885
SHA256619b5843920df24ded639685306edfc160ad7cc9611ff098013e043dce2b26d1
SHA512ed072b82e84c692804d8b7d4fbe1786ebeac9063c75106b76aabf7ed2b946b413c8414d17a79027340058b32aadafb3da7043169ac5063229b43f93b5012ebe7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54dd6e4c6014ff383dd31a17577a3b56d
SHA1087ca974684e95f3a622c414e7c9818762709d21
SHA2560c65abb6cae93ac9ce16aa332038275ad2f54989a7806dd118e85f38adec1854
SHA512339f1c7d5885407fbadf7f01c945cf29da3d871dd6c948f8ff8906c15bf197488b3a443ecbac5abf8102243e3141555b5f19b0691c645f98fda1ef2e659bf50a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b14322068e84dc841c1d4b4affbbd959
SHA1e8c6a06e2f37e2084cd7be6b61ce3e74a7e45a98
SHA2564039503a764e000ecd936566172e422268d1404d7a3bfb0e4cb20375e9f0602e
SHA51285eb2b47d07c87fe5482cd37c397160cb9eb2156bfcccf8efe85b885534321ab3eaab3de561b4195ad25343d00ee72f1bfa2a700df9e7104efe270019c8a47a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54e76dfbfd8ddb9ad6f7212ff8bd66856
SHA1f875d5ab217ca06b97473e4936d9642373f9abae
SHA256befebe0b80dea8f49a324c19c4d3f194d74555121ab8fdcd7096c284f3aea25a
SHA512a2c627ad37c970528ce5a56f2486a432e3baaf3c8ffc4338640bd961b968279201628bf544407a234bab42f6ee54b9c45cc65c8141fd83c1cb0ef79b5a9f8936
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53cea24e54dbcaf9520cac105e5aa5362
SHA1ecf2c5ea3ce05b00ce547efeda8202c3d81d71d1
SHA25693f1666b2ad6aaa6343811b29c11029715cc2f4306d8cd41590efabfb9666ffc
SHA512d620dd47d016aabcd0fdb10227301851b41afa09059b84a9022c6cae6424c45bcacba26aef98633a20ad82aae674488b0474dddba3d3e4a2725dc6a79b1698f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a166651d4f628315c7df227a38221c6d
SHA13c491da91c513a91b7f1bb5d85e79c3d956d8600
SHA256e4eede7a6fdea6a6890a1bbf3b75ce3f5456ce559acbd1781e924490592bf83f
SHA512b4895e91b38bd455a7e12940478400984b37308b84b65214c2505046b81ed7bf14573d8f0609935580f5afeb817da198de682d41d193f00112b335282c6875b3
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06