Analysis
-
max time kernel
122s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-01-2024 09:52
Static task
static1
Behavioral task
behavioral1
Sample
56224c062b738566c85c25058b184f54.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
56224c062b738566c85c25058b184f54.html
Resource
win10v2004-20231215-en
General
-
Target
56224c062b738566c85c25058b184f54.html
-
Size
31KB
-
MD5
56224c062b738566c85c25058b184f54
-
SHA1
4cb13d8f786c648ff3f96f28bcf9ae041ecea197
-
SHA256
ffaadfb927ed7b524de00a740f4868e2e5326f6598012ad11d8ea53c283ead59
-
SHA512
56374c09e43191dd2bdfbec576f50f9ff5ec163e263846ad5c4f62d08bafac65c65f5d3de967c3ea42ffabca82fd00207af5def3c37bcaa2bbcdcb4cb27c5269
-
SSDEEP
384:HSFVGQFCM65mfMfcl+71w52fEgFUT2Op2DaU6MTFNW7+3csR6P8a/h7yaVwOm7b:yFVGQF96I2urgl6MaicsRI8a/h7yKwBb
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411215059" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E3B9E01-B130-11EE-B0BF-4A7F2EE8F0A9} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000a3cd607911c71026f8d889d83e6c7571c341cf4ac0b4cccc14b01c80d8f67f84000000000e8000000002000020000000badf25e312396a3fb2f16db4142b4a27e9a7acba7739b7dc1a7a22c4ac3e56b02000000066b3caee06541da939aa37825c11ac2d733f716781e0c88e2c97da48b941878840000000e2c3ccb6c9d6238999078bfb7a9c5ef8fa6e5e124b27a8e039e56b49f8c07933ea1cac5b3746c9e165b4794647ae006767dc71344930a211ab74531b706d8d91 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100d314e3d45da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000006283c528c49ce3d60226290df609b8f3f2fa62668ba7a5d144dfc657c5add62c000000000e80000000020000200000000e1df7269cc22581a128b10ae059a3b7161a4f8743934bd92eabc4a674ad261390000000e157b160db14b008b9e3a9ef65a1f1da93eddc5b5f07dfed206ff5f70f4d1e121403bb4aa855c743b52247e672f340a9d4375464615136e99826e9e06c2d404b94d906d74f4317b5a4743e5cef5dbfc783f8559399a8107f452d68bd6e2d1cd5de6b9573c0ab85f1731f8c8aa99657e2eb33cdc2211888042e09a519ce8dca1aff5467f1582de5785efef33d4d178c1d400000008a79f4420cdb63ec08d8a380fd38f14ce907cd302591ca78e2db195f818a00f6b30bd8a11642aa69712c55d1d1a7a46a1bdc0f7451a8c12a929442c8bb960e66 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2280 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2280 iexplore.exe 2280 iexplore.exe 2696 IEXPLORE.EXE 2696 IEXPLORE.EXE 2696 IEXPLORE.EXE 2696 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2280 wrote to memory of 2696 2280 iexplore.exe 28 PID 2280 wrote to memory of 2696 2280 iexplore.exe 28 PID 2280 wrote to memory of 2696 2280 iexplore.exe 28 PID 2280 wrote to memory of 2696 2280 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\56224c062b738566c85c25058b184f54.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2696
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_6B35CA97D64473FDECD81A4E11F9025B
Filesize471B
MD5b000817bce9334bf60f1e00e4228792c
SHA18eab82a132888f4645b526b929d0a5cf5ce81288
SHA256922c0dd2352b4affeccc3690510efee9629efb77c29a0363e87fb04858489eef
SHA512bc74f020cc92837c56b58fb0d62dc7e070b1c2ab88701c483b612effa3bb9d7cc1a4082d6775c575b8116b2b2473d349ec13d7f83f70c2171c796e325a1e7ccf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ab703099462da877f80bf36e92a46af0
SHA17f711a9f53b0cd53e5d175d13d85f27403531907
SHA2563d1d16c3b2b73e59f7acc412edd5445fdc4d56a4877f102bd7bea6e43fafac80
SHA512c41614adb16a76eae23ab5f17c9fd04a68e43d6b21dd842b6c54dbfeed8d98d73dbabf052a8cfd07b7dcf52d5594408cf8efe8ad191d6c302f03356a8422dde7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD539fb1461fe475e0128450b1154be477c
SHA1fb3e02be030ecc7d26d1a0f8b732891f53775de3
SHA256916ca7342d966f360736fe6f52ff24eec1300bbf27d1290c5b235cb377708163
SHA51294ab9608fc0ab568e012f7a4ed058ecc3f6decda6106eca336a3d757baf82930f9e33f0ec3d4e23a0544ee6619ef72bac4e76d9454836d1f27598fbd9c32313e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5da4c5814a2f227968cb3c06bfe0ca748
SHA1ad251c83257c65f5a84a793ec697d74d61f13c6b
SHA256aef05e4be1c9aec2739f9c67724d926b448b84517694bb41bc558fda3e6056ee
SHA5121d89aaa7e2b62e5766fac642c3355f37aa8510be4a139bfc352070b700b3671be4dafd69c574c07b13b67ef726576815e3f233e0bbfd6a721e3763604e7d487f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b9d9f5d584faebb01a2fd58692b4526e
SHA1c2d78c4245ee36583b51f4f836d5429a1f98149f
SHA256fbfc6e998015505c764e6c36179c1faa433c7ab46345ea272dc5a41c0b05768e
SHA51293f9a906cba64ad6d8138443d97a59b0f08c07a14ea6495d796deca96f84fb34bdf1e1fb52c1bec32652c7edc81acb2506845a85d358f8e852e3fa53adcb2f86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD548957383d8ecb727c03f285e0657f49a
SHA16f2efa1eb7a811ae602f9a3bd93f21299104797a
SHA2568c9984d55f960e66b75ba7ece32cf1f34b1682d891e0a8c253a1c4d3ffff1bbc
SHA512a17f2878afe8d810503fdc614a83c4bd81ad13b9914d00d8b8796c7a995ea104664fd4d86bc9a063e86dc7542b99c28518d12ee78bcf7373f120cb9dbf3c0f98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59f74bf4a0f23d4d4c6857bd47f8225c3
SHA1777a984cb5d6bde1ac150e6f510d019435d5551e
SHA2560141ea0e9eb1febfae63505d3b128c1f7f4283628472ec7fefce9fc2a408ead5
SHA5126a5a16c57c1e9ac4c437eab66bacb6b2b61f853604bc81be9d294d0d49b6038e0826f5c47817a7b057a380b1b04206040c403aaeb06af61557873f723c981681
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bc4c125307da62eda89487c024379008
SHA1076e724e28fe62ad0fce71fa324bdbb204627e07
SHA256b40825ed82995a8b0abef1db3796ef4d85b20748c919d66eb4c91271af8742d8
SHA512af264319072a303af3c2c05aa1f1a5cd6dc92818dc55b336ee19ffdd9146c1715d8e4a6355795893e24248fe99048faf041d6d4a875a2a6a49f1d9d166f4261b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f36272dc27efbf152341e5279e1d5531
SHA10475ac1c2a6d23addd26e2eadadd4d41035407a5
SHA2564c91da3533dbe20c0cc7c2a84cd9a4960fffeaa7da8a41a90857b8c45fb9b559
SHA5122232da040e231d91d1460326b0eef2a3f5f1eb92f9ec0cf5be73b3dd1e4c69b38bc927504c21915713ed929624e93586241b4ee4ba5bbf68a37370f7228345bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5090878db7926f244d8ad7f1e79f8b830
SHA12ad3109a6f6123ca94b4c27f4e36f6e22a0585f4
SHA2562b07f1ec02436b0fe97b17926963a34f1322fcee56f68f37e3999fd178657f3b
SHA512ca0ee48f049e02e0e94310637c271f9a38acb4d953502c60e073dc29786ed29170a0cd6e6b8f20cb7445f79456290e0d0dcc32a5c88c26b2b2b11d484a52ccfc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f1a31b846339b0f9b44eec9a04c1bad5
SHA1b72df28abf3db8a985aaa7b39ef5692661697856
SHA2561c95f9f9704e4c3d32f339a3e58fe440429f014f0afecfe7a9914b03128a8b2c
SHA51240e923fec5a06964601007969250fbb096ca40dd5b40e4ab8e6a020d82a21b6092e8790d24c9ed84bb085618ddd80136bc6076d287dfc4d63cfefd683c79d60b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD578e19537f3b1b7b1f6cfd3d67dd155d8
SHA1b30d46b87a1f113db729c12f32d60a53fcace4e6
SHA2569782e8f9ecc295d8f49e550fde9a823eb1c884b7bb8dc01c90bfe4d7fb833fec
SHA512cdabd8686bbd12738a1ea499959bd31e642c3b981f5ee6f3a1200cb62dbb9cac1d88d49b50fa429ca89f2d6098369f93cff9aee92a5101f31f87b963a2e630f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e6729318f77e847754153b53959731a1
SHA18bdbc892c74d3fac871ce45d959178b5c964f634
SHA25649933a9809255069159d66de69434a86b4f6a4c1a7975028f197ac6d955b95e9
SHA5121d1375c8cc9afc75ffb226e22975b588d02449b15d0abbeb852df5d6f0fe1c651adef95deb1aceff3d0a19f1eb13c000940a23b74b548f2e9efe953c4757b84c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD517fd790604ba68ec9db59f238a7deef8
SHA1cf0768a470be8dd42cd601f0046286a53f44ed82
SHA2566ee0d6f900dd6c3a69b9723d6407d8fa460b4a12ae89b57953f9a3c6e9c4abe9
SHA512bea844d3da89bb0dd9725b1fdd91a2e3090348526d248526d929c6482b446caf49955ae2e0d2579ceb6e3fb9a78ad2da172eec5985585ef70db26c13fe9c6b8c
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06