Analysis
-
max time kernel
144s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 04:15
Static task
static1
Behavioral task
behavioral1
Sample
4a69a280fd261fa8d4c2358ecb40d47e.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4a69a280fd261fa8d4c2358ecb40d47e.html
Resource
win10v2004-20231215-en
General
-
Target
4a69a280fd261fa8d4c2358ecb40d47e.html
-
Size
10KB
-
MD5
4a69a280fd261fa8d4c2358ecb40d47e
-
SHA1
fb224977b5c05aae7bbe6088422ccd4a7e41eb08
-
SHA256
24b0046a8cb64dc65e687ba1edac1948a194ac7b4806c9a82e19457968e881c6
-
SHA512
d53b48db6d6de7b35e95504bd047b64c58fd926e3643151f1d63fc796581411ed7c776987ebf8aa2a88c4be0a7cd55ba66f0790adfdccd666559aa8e3962f620
-
SSDEEP
192:seqyXkIC2W1SaJrh8EQYFkVj64u4+9nRrcVN9:sLbIA1BrhnO6J4+9nRrcVT
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000004e8d35703ae50073ca92bf371e7c34cd6a2749bf3ba91f4d5aa6fc692e578da3000000000e800000000200002000000082ba56ecf5e2c2823193bdf329957bb6f912deac25af174ce6647faef4cf8a0b900000005ffd25356a84dc8369fe912c1d1abf4c73d3f6babd20e22405994f94873fed8df4598b78dae4ee441d019656a3070a2b6ee55610022c43e303c28dccce1a48fb2e7cbdcd83a3da1b35842c356ddc3d84986f4e0dd3594139eb877806d8fba2667fdb3d6657481b5ff5dda5dc2c63e6d90145043310ae08fb7f85f28a5e3730e98b71fa31b53f30bf29e82bf85d8c01b340000000732623ceab0ee9735843fb58257f80dc8f0987af357b7d575a5f52275bc86524657f48578afb8c8c8da755dc255d796429a893210c9be1ba801afbf27d00fb4e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000655f2bbddc0d8ef6d9da9db9fd2e09f8e1b07e647cf498b91cf5ae017c7022ce000000000e80000000020000200000007932eb03a0f4209f7b723d5cc12ee2b079fd547b71539260a8dc77cfdab239f720000000c287ea67982dc7025f4f4b94ab804f1f21d7a294c464dbc084716039d43f5b29400000001750478ef1e64c5f5d9d62e67d436209a81591bc55381dfcc0db05d1ad457e08aeb6f7c424feb1c3d0c4d95bcaea1f62807da8cb8ef335e8d9b89093e9bd28f6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A9C58A1-ADDC-11EE-B1E2-4A7F2EE8F0A9} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410849227" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 104da172e941da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2112 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2112 iexplore.exe 2112 iexplore.exe 2968 IEXPLORE.EXE 2968 IEXPLORE.EXE 2968 IEXPLORE.EXE 2968 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2112 wrote to memory of 2968 2112 iexplore.exe 28 PID 2112 wrote to memory of 2968 2112 iexplore.exe 28 PID 2112 wrote to memory of 2968 2112 iexplore.exe 28 PID 2112 wrote to memory of 2968 2112 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a69a280fd261fa8d4c2358ecb40d47e.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2968
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d5ea6d393e19acaaef9b65183d9bcfdd
SHA165bbdf775bf90902ccf5e6c76798d070f2cd2bab
SHA2563e3ff5c088a076020386521d13a069a4b23a648503179f0b85f23fdf8f8ffb39
SHA5122e5ad49a6bf7b4d5d377b60e260f0782263609dc88a08e6ca40e3613f26550ad3a79568f596314259155a4786097d97e7027cbbffde65b39b4cf45b0a6a00cfc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD500ee08a02cde436f3ff8148033c4f7a8
SHA189ccf66c3f9bd47ecd53464725194ef10addb16a
SHA256da8750174df5a7b03a6998831a722ef8110cf8123191e07f0ff2ca6a245bbaeb
SHA51227a5e5bfc089797f67bad3ef9e9b025ff3b1c96f62a975cfd3cc0c7ed35c763cdfbe3c71adb4e0ef9830d06ab1a71c673620a8bd34606323b0bb9a7f31273f78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5711ce90497d6e6decd34aea3977ca3d9
SHA1610869a2c3e09639a189b1003151c990d9b3eea4
SHA256090c20e6488ffe5a2100556f6d088858a2317f7bcc6ece0418fdc94e2ec0427d
SHA512e59d8062034661d3af9378012a4b5b7eed0ccde4b608bf4ee1e14d1373fcbad95bf2a6e21a79be34702f6413663fac8e603ade4a6941f0598655357f86881664
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51c823225a920204657c3383f61a0c92d
SHA1c0881aa09491511ad6a504728a5c2956350f6be1
SHA256f38e0c9d13d50300c5d3fabb8893694c047fa60da237a9b70f1988ef37ef26ea
SHA512febaa29f4498e6b939ea33ee38c72cca882c2ff9d71f5355a6a4fd5846bd61db0490482461a810104290b7e5042935f69b5e5d38f5aa4f18f9702ec93ba1d9f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cac834610d1d7744d2ae374303c0de2e
SHA19580f6149f99953762b88614cf4841f5e6a2276c
SHA256899bac32ac88076bec5dd37e18916fa5af425e20edc10e156cd21241771a7c2d
SHA5126eb8de5f882a64897a4a744380c9cc025d1a6cdfd47f83c0d5c34fd893b56c64d65b0be00c88cfe1f5c4f3ff5feb43f49ce5b033d587af2dab62816d3409361e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c52a5f2874b074f2e44940d2a66e17c7
SHA1d19c061266c5f7e8b88201da9ae207222c66ce2d
SHA256347315543005d3e358e1e4af1dfdbe209baaef77871016483b18845384040e46
SHA512fa2152794a3a0b379b1e700a8e8836211671de3a3d84be92fefdcb4e9a6d458ee7ac42ac27f9c33c5601de4b9229baab38f0ef4cda84b8cf61508201fac4e190
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57e90f514398372e22f2524074ed78422
SHA176e6632e035152d8ca56a3b78ef39beaee168500
SHA25628eb20f9f8555460779b1d05fa78055d9644d4e3632fcddf06f2a8c806da5afb
SHA512ec718fbd1c3dabeb610fc9b15bc834511ad4a1ff1533ecd6865b1743296d9025722a4666bd3ebbc244a3fd43acddc4be5fede200f3cfae29276012f28449209c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD516e0cb47a932e678470c689f939f4a7e
SHA1c1ef636345e8e61bbfb7a1e3a7e1982307757dbb
SHA256ca063e170a2db0095071e4aafafa81ce33a3628fd7a82b5131ddaf67db23ff05
SHA512af39a37d38df6903393f3bed0cf38635a4aaeb99fe73043fc9cc4c4e2593622d6f944879c0d84e2daae242f3ff9650da512b97503eb8dc96bd70fc10a2cc658e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD555f677e737372641eb8afe17f25aeabc
SHA18cc219c3525dc4c3bbce2d67575bfb33ecfdfb02
SHA25611a4e03aa47030823a8acc23f6133b8154552a70cde4b6075bde382533c23c93
SHA51282fc231a43aa656bdd5d2cdbfe6a873b1079f11023f970d9da70c7e7a34cd742dd518a8595673a5ae00c393ff55206bc775faf7f0881ece2066f7c63d0fba373
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD528dd8bb3ea0ee49249f68fe7d9ae45a5
SHA1ac6a9e992931b66fad861dfd8d9227fd94b82762
SHA256520bbc238a13f0430d116d9d2730bf75cd203e191bd93b82919decd1b497bb8d
SHA512a6296d4ac8e2bd298068ffb10fcd6c77a9407ffb87c0740228d95cd716ac08390de09c8b6bda7594342131781574ba437732a0b1dc62ea85ab912ccff3bae130
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06