Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
10-01-2024 06:12
Static task
static1
Behavioral task
behavioral1
Sample
4fccc514a5d6cd427b8694ae3a4555c2.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4fccc514a5d6cd427b8694ae3a4555c2.html
Resource
win10v2004-20231222-en
General
-
Target
4fccc514a5d6cd427b8694ae3a4555c2.html
-
Size
432B
-
MD5
4fccc514a5d6cd427b8694ae3a4555c2
-
SHA1
e130afe5bcc25a8e1372154760e139c82696b572
-
SHA256
9edb160bb7000c1667f179d4e44afca4f1280d591346bbc32abe241852f15503
-
SHA512
56e678ebc4443790007182af802abe03841401550bfc8f61a7d2aaab48f9ebe5d9c9e1fd291c056af980446ee5b5cb5092c75c158c606cd425526edf77c25bbb
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411031798" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0F2CD11-AF85-11EE-9075-EED0D7A1BF98} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000ef08e87830c66ab04b59bece569d330d3a9e48e7002de0b5b6bd454e52f712f3000000000e800000000200002000000093cdbd5647ce7ac06c29ef3fea4293c7928e3a7a45790e99c07411592573af5f90000000410ff6f1a6702a32a15318eec96427945d2bbe2ce1afeeaf1186b4260a97ad95123fe22c584b18fa3226f29a58a0f55e54ddd8c3966821f5baa3d3d7cb48556cf319910ed74f5aa80bd8818691ac883f72d3167cfbb072d8a3739c76327be427e847b95f38261d0930bd9a5a71b0c266180089666e0319a823d8ecb6cb7a3891fde9800f5c65c921d4375b89b9f0a11a40000000a26d1318c6f778f455263fb5115f8cda2e0d177137639b6cabd8250fd55553f098f3970df6bf36f1e411d204efacfe5d899210af74905fbb4e9b913262202d82 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000efc1022ed409a1ad6a423bbec0b2e135c2ded70fd760cfb5b222326e8fca3995000000000e8000000002000020000000368560adceb9362ec5e4eb33a53ef95666ff978e1d59c047e1f76ef21e501569200000001341bd8c4af8b38fe0be41de147b71334deccf0d65cc8095a07dc658c2a745d64000000003208f92a88c64d4c800468686fdcff5d6a458bd0ab8fbf86922657bbdeeaa8861e127299a4e56fcd55e0f3c96b0df39d9753b09d0f145b7dd6b20849419ea09 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4086d2789243da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2228 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2228 iexplore.exe 2228 iexplore.exe 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2228 wrote to memory of 2644 2228 iexplore.exe 28 PID 2228 wrote to memory of 2644 2228 iexplore.exe 28 PID 2228 wrote to memory of 2644 2228 iexplore.exe 28 PID 2228 wrote to memory of 2644 2228 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4fccc514a5d6cd427b8694ae3a4555c2.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2644
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cfee02594b5f9ffcc0d6f145cf6b5318
SHA12217286cd2343c91a4fa3f49ebdfcfb81023f7e7
SHA256fd29a4cbf32e848726f00bd9241bd08dbdc2b991640c6c1b15672a7116944cb7
SHA512f7e841c5d38718296f2e88f8a391b6d02baca640dd775c99ea0b170be8e985663fb8ad91e6d358f1b2df35c770d81f974062293846bd80f9e736ad020ed87898
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5df209eb80ee931ab4c5122e829b6b09e
SHA1cc7e330355536dbba46292a8644c4631088e25ee
SHA256e021d08dd72769e194e1683a2ce47dba7513390624eaadd1caac70c0fe368255
SHA512ff08f4ab4a66eddfccdfd8bf3ab44f7bef7d7dcc25ebce7d018d6179306c36c420b5fbd35ead17b31f5d91de5965c2a6a38a4ec0864a8011ec67013ceae454a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD533a9ae0c7792375d44be97838d035437
SHA1610bad53c9e0d111c0e85f35b39777862ae3d905
SHA256115a6dda8ebce86bb57771ec58f19b96e63c229554e0dcca70a0fb884eabf20f
SHA512515d89b2be40ece114d591f8b139f64826d9b018d9a98d269ac5cdc0762c9341924b4538268e0452b87fe99a41dd2016d20c25356750b023799198e0d2fb5370
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56667daae5e1d8dd755af5cb066f6b56b
SHA10900a4743a261f861c55aca937a243685047cc63
SHA256c0fed3b3f84944cd8ef81f02468bfddbd60d102a03288d74606811179933e516
SHA512f77561244604c324002b3730507e708a2b0f0762c0656936e7491e24fa5aa28261b3d6080bdd7c120c0e195407d2df1cc873a350b63b77d90ce912b6be4cf1a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dcbdedb4c5694ef7e63812e0d39801f8
SHA1aee6320d56a91a4549a5064a9c8f1a0fb5c514cd
SHA256783ef559a7cce013b31e4bc38dd8917cda5d805a4ae2509bebab7e6e76790938
SHA512b3f1717117ad1acb173f6be8b104a840b0b981e7886c4d261a8a94840860a414b6cb0796d890e0a39dc323aa7326573fc796614104191c8ba084dd7b2380d04d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD587c0df1b9b995b1b35e1be398c9dd708
SHA1560a839bdc049c72aebb17f37f41033e91a10374
SHA256746f7f640af7666c48b489b1666140acd08d2a88bf8cdf8a114a14bcf2e5f4e2
SHA5129b7a0b0dd8db3fe3931b63f238a77935b59c81680c45279a181ef27a612c073833289bf936e8b3e00be9ff0c43e69976d14906dc7bd3554f1f4280cb6907fb78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a4422525946093f2341ac53393b2d402
SHA16f47a1b7215a19115d0a7142f7e04a7536a76bf9
SHA256a4054e7c3375d4f5fb09cce721a4aaf0d3eb3ebbcf22a049ec9243262437dc6a
SHA512788f62518beadfec1e05e93add7a90c51d5f74df79eaa3685732aa5bd7381ae5b7966e827aadbe2bbf39f4da4e01de02df3649d6ffd186f30df298f59d517210
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ed48cd4c2470b919e43cd9c5110542a1
SHA16eff6791700746696d4302afed5b896aaa1ac841
SHA25657aa71c13d4e5ecd97747eafd5059cd2e065cc49c617285ef63f6e6626e8ba89
SHA5126c30ddbea5dc5f3c1bc3f5943af9e2b626c0a0a59d45236f38f85b8bddb0e064abfbf81b8471453a07ed626a90b661a4baee1963142d355cdbe54817378f6d6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dbaab7b253f9fb6d26ef7c09b9cf89a1
SHA1a07b9f85a07bca7a23901c605199aaa2e552195f
SHA256be5700a09c9e8b996ba9630d4ba6ae35dbf8a574d3f48205d3ed10bbafc5fc38
SHA5120819ebf07b63403ae78505094a1bef7b93a018ead6e74c1d517f554dd215800035c2a2f826b60e62587583dace6cb33ad464acd072c030445e5ac6427447a19f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50a14bef2affe3e0dd19f48cbb8975061
SHA1abbfee2efbe642a393e6b888ae34f0e8a4d2bc77
SHA2562bf50cbe5bf7f0aeadbf891fd51cbe830ab4e4e9d4fd79f0bee0f611446da869
SHA512f723f5e9a5122e537d49c98d821a20cddd71c7abf37a5028c15ade4bfb7833f3fec8aa940b6c8fac9d08cfa35890162e43746bf1c9a43a469477d5bea6914979
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58a66178ca21f64ed7377d384dab3cd0a
SHA1fb8c05da41ffb2c12901789f53c7abc2848c0cd6
SHA2564eaa9ef2eb806f96e492f3c7329795e508b8dc8825413bce426076c94d48f6a1
SHA5122100e7a5ece7fafdd8db8f921587a1467eea5f30eca6b5d03611589e0fde4d07d88b027510cad68633101fae5f4661dd72e7d2712f1a00e6df85b5cb310023fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5db612cc570762cd346c9237fb60533ee
SHA11d534087418fcd5975e1e71fc2c940239b868701
SHA2563b52b2945c81ddb49f878967443a055c7a550e5e0a69100a7b5b74659a3c77dd
SHA5122c0e55713335f0811f4adadba078ce823132b30ac91bfb98be52d10de6abe554ff5ec54152b72cbe8040e9c2b36ec7ff30ebe1129eee91d182e06de2a7e57b69
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bfc73264ae7dc42128d18720f71f9af7
SHA18fac85856b769889e5151cf20593ec10cbd9c5ba
SHA25662cf4034cdcbfc47deed13341516bb428d7c22a9093097a756ccc791c2625096
SHA5122f6ab82101322b8727bf42c7506327e8a633a216be1e3b66ca9bc75e1998f35385fc6595a951f7e47fabc872784f2251d6fee82f657bd7c321ae92dd25b653b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5731d5c236a7ed69d48ef91d91be363f2
SHA143d59663cb1a1ff7ca1363fc200abf67f96451f1
SHA2569ca31b04fefc1c1593d43cec7065c50844694adc197b36fc2c1e3520221b7349
SHA5129ebe6f4ebb319ca3a756c5965f195c7ac87385c4933075b2b11e8377d58269e6541a1c9b8cd518bb77d132816d1a4463f8dbc7c839766a255d3bd1705f7d41c7
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06