Analysis
-
max time kernel
141s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 04:13
Static task
static1
Behavioral task
behavioral1
Sample
4a69074d1e6e14d8b1fc1cc978bb76ee.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4a69074d1e6e14d8b1fc1cc978bb76ee.html
Resource
win10v2004-20231222-en
General
-
Target
4a69074d1e6e14d8b1fc1cc978bb76ee.html
-
Size
123KB
-
MD5
4a69074d1e6e14d8b1fc1cc978bb76ee
-
SHA1
7d1dc430daead544e5b2cf0045b06b44eab5e135
-
SHA256
fa55987a5366e8ce3dcf3c0c722a6e255a402bc7aeea22ab7a857712b40f0b9a
-
SHA512
2e23024c2cc5b59c4ed3939ff590e029ab9b7794990a2a3065017fbbb3a53f99c8d287c1bed9e6f6cf135480460cd17bb883e3f803554964656d7d731380a2d4
-
SSDEEP
3072:t7UcjvG8rMUcXmNRS713WwF1tb6wO1t8KNG9jpbpkND+JTPZ/M:LGXmNRlt8KNG9jfkY0
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410849120" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000c99bf5d4212c5295a070e380ebb2939c2190f741400a344bcb3c6edced3b8406000000000e800000000200002000000065a79670f7463358badf7ba48876d0dad9484c8f7c5e90892de4898957d9d96c2000000018dcbf8dda46d6c2bd48770f945e01e108a1d0aa8e3af5a84afea1cb914560f240000000bdecc3fd4eb566ca217da4223a2fadc7df54ffcb6a461ba1bbcc83f8f2897a319adec525d801069ab906925b57642fa720fee9ad880000d3c3edda1325a69be4 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60528836e941da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000007eb4f20078ff39c031382ba75d00bb82f45b1f902d46d239f5db097966d90a3f000000000e800000000200002000000087efe5e90a34c770e212c6c16c46f13bf11d338d1b8cfef9f32d01d2c734deb890000000a7ec9788343c0aed5628313c2503c63ea1d903415bd04872eed0ddbaf2678e5ea2d7b20070d99dec29eced75c305120549471360ae1f694c1578f833e53e41aee12258746d9b074b32f440b0fdf5f458542976d088b929d6aa3c486e49d8cf354da182f81bc8a3155e4738fae78a828106b66e2a4225c47de2e1b2408a3b02fe73bf74f8870402e034caebe252ca0504400000007e2d18e4413aca9c484ad4bac506b857a96636f202860fbb36ca1d878a629a1b5752653bfb154475e38543092d1d0aaaddf99d7ea0e2879a064e40c0a6e0bd21 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E801231-ADDC-11EE-A892-DECE4B73D784} = "0" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2144 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3052 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3052 iexplore.exe 3052 iexplore.exe 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3052 wrote to memory of 2144 3052 iexplore.exe 28 PID 3052 wrote to memory of 2144 3052 iexplore.exe 28 PID 3052 wrote to memory of 2144 3052 iexplore.exe 28 PID 3052 wrote to memory of 2144 3052 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a69074d1e6e14d8b1fc1cc978bb76ee.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2144
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD560a5e0473de1471940dbbea528dd3e33
SHA140b5e0f3932093d5106d1bf53a912c6cd48e1e9a
SHA2566f76f374963b90b7a8e18c72f40f8836ccef657a08530bf6539ea5bd03dbc494
SHA5121b18e92207cb28cef1def502ad7c8a380deada35e727421b5fadf0c8f32af39675009da07aa4fdbeb4693b516b354d0d369faf96f8f39a53b8ed81680eae5c30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d3e444519703ed4f44c5870d368ff0d0
SHA14ec0ce783da186963392f53f5b5ffdf9f4f70454
SHA256bf5a1a7b848b9435d3c3cfa602477cfc19e0a6aa1ea6b186ba7b7349191a5872
SHA512eb42833a0a55e17759dd793ffae851f0b172b6202f062f63126c410911fe604c68e6f9160adc763d2c3db71652fea749979cfb3d4e8bf7fde0b1e370f927b8ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d4c22c8a66f24edce1b5fb558c7eb476
SHA1cd7361c367a9e8f2499c5bfa7d3f8648a8be1dbf
SHA256a210c14dc6a0233b877982142faf87ce1ed7e9983141794b70b08254dbbff73e
SHA512205f31c2c08a0105947a6252fa6ff2b94c918017ad95a8e3cf4b5a0a29cbd2b115f926005f7122940e3fc93316337521917a09e2a612562a50249400b5b22b80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54b57b62ebc5e16850195acbbd051e8f2
SHA1e299c6ec062ad94f136dbd2504c222b5ea52d72a
SHA256a408ed8a97a836ba62d91192ea3d6ad03cf6ccac701f331521d467e646d1ad7b
SHA5120a80797ad0dd06c18baba488ac2a8d6f280c0f197d9d18574e27f8fd43790d2492255335b9307df137c76f779e2c57d3759787614d8a16b3e021d797c00986ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ba84e682b631064cdfe72d467b73d8d1
SHA1efe4571d037394bc4695a267614117bcf63f2ee3
SHA25629de32c8583d7d9f45d007fac5b4cf95ad6e328fae74e4657c4e02e48250faf1
SHA512f5050dc489063bf38f7679a34c44e7882130fa56db9ed9d5abecc2f220f16251b729e68786bfd8a04542efe8eb007a027d5fc22a5311a7cbf6df34cd0bfa289c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e6fa04c82f218b38ece5e94cabac3499
SHA1bd050fbd893a70c91d1c123d7b5f7e0c373edf9f
SHA2560d6eec0ab22464da6d08c1b58a6fdaaab9bf5e5460e6766caffa3ab06ba329de
SHA512a6a0590e270c848581652055bf215c7acbfac58651aa786f7838d3550c4c167ea84945cdaefc0b199894ceb8fbc4d96ea6d92abc260747ba0f953873b09a4e8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f6dc165029829aa8246fa7e25d1c9602
SHA17857253f36e98f19991134a8b35421378325af30
SHA2564dc7fc1745a9fc0124008caabd1154d89c1fa99551f9d5ff43c7e3685a86b76b
SHA51243d2782f4b1b43df8a3c1b695606384661abdf530bc7109d562be0eff3456c921fafb42c81633a6277f926a9ea9d0b9779815c0c721caa5c55f7a9cbd95c793d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55277d40a56417d629290eec258a564dd
SHA1a2f85457fa9df9a60d55a019fdbb9cd1de4ef4da
SHA2560fd599f2d8c2d680433cffacbcafbbfcb18567502ade9ea63bb9e96f785c7f65
SHA512dd31ce6defd936743809b302df68cb7c2e3fc37c2a8812ca577f87b087589131bbcdc95e7799bb863b553389adf95af3e1c308977e56fe2b6dd13360597c722f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD506072ebd9eb77b7bd0edd1d064b0f933
SHA1d0739b4cff048239c1029732c72827575bcd45c4
SHA256dcc59ce3fc240fe3a1ee8e522dc7649a4b9ba03542c6e7d6f32ac77f55687baf
SHA512b2116ca771aad0253851ef7c93c85d000350e10ae7d2c7193592e00091760013a2f8e3435c67e89c99879f8a389f3cd284280c8260a4c3e9299ed533bc707ae7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5819dfe0c23fc75cafdbbc866b28f2b61
SHA18a305018b134ca579ed763879219bee7ca97dd66
SHA256bc102d0678f201cdf6608d85fdd9d075a0acd183a10d4998963732294119b4a7
SHA51237173402706b98b459a08e4a9827ed939380c62212050a53f7f232f3acfd15047141381f331e33139dd07444277859c85ddc6167e94416818b95e85a5914fbcf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55e9ea00cc4a94a0e60c530531a1ffe9c
SHA1cdc44a7109066ef3630e73a2eb805eb4d011af5e
SHA256820566ab1bfb481d9310ee1041ad703e8779173f41f3650015fd9d2af4e6416e
SHA512d412af3434313ba557ab9e751c252130cdf0f784400a33e442050e29a3258936f4035814a383233a2497c45a9ca7861f167bd8d106973632fd3a766019015fc1
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06