Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21/01/2024, 16:59
Static task
static1
Behavioral task
behavioral1
Sample
6d8b5dee21646bda3dcc782ec4e53200.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6d8b5dee21646bda3dcc782ec4e53200.html
Resource
win10v2004-20231215-en
General
-
Target
6d8b5dee21646bda3dcc782ec4e53200.html
-
Size
181KB
-
MD5
6d8b5dee21646bda3dcc782ec4e53200
-
SHA1
94d0a243cf198b5ad35c1daf4daec9c226697892
-
SHA256
24ddcc76afdc2b1703ca88a7802f69d6deb1d7c4b2f69f6ee4cb4071bd3d0a03
-
SHA512
87d3d11849794d126bf23871b2792b61a5135a4e4ede76ef14ed2878f64241b53d05ad0732503ec3c15350077d1e78dfb053f4443a901aa49a07f3df9ba435be
-
SSDEEP
3072:EqRcVhIVs2LQegU0Dzvj40MZEPjLpUxAfYxslxNcl8CLcXmNRS/HDeAmcTBVxohK:pcjJ/jXmNRqBboA
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31083659" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31083659" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412621372" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1448935194" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31083659" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1440341273" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1440341273" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8128C5C1-B87E-11EE-8024-4EA1437444E8} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4636 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4636 iexplore.exe 4636 iexplore.exe 368 IEXPLORE.EXE 368 IEXPLORE.EXE 368 IEXPLORE.EXE 368 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4636 wrote to memory of 368 4636 iexplore.exe 85 PID 4636 wrote to memory of 368 4636 iexplore.exe 85 PID 4636 wrote to memory of 368 4636 iexplore.exe 85
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d8b5dee21646bda3dcc782ec4e53200.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4636 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4636 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:368
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5ecbee8be1b3e68b8e56274a975f204a9
SHA11f1c78785a4971aa3f1bb35fe28417795ecfd6a4
SHA25639266a7cfcf244879b79c5d99dd6b259063f954bfc47640558e773810eab1be3
SHA512eabc00ddaa5d31c3b80515f9923ff193e89c1561e3f65dadde2e52d91ad249f6c215d34971b58e54d2643368e3712a01c1dfd7ec362f651f8ac3cb4bc8aeea3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5d6e28b968e14bbcbce169cedb89563ff
SHA1ba9e1b270cdc5dc29963398ccb882470440cf017
SHA256a301fc07defa1b75165f5af1a0c10a4d8c746eedf526e2b4adaa3714450407a7
SHA512b9f0a44ff91e82b3bd7b0d5a5bd786da085676f1c00b3b5b3a75de977d4086f6cf013efab3e7b263ffc95e7373d2d685eed8a2d2e48c18d378344b901e51dea6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_33A22DC5622FDF6383E749748D25F47A
Filesize406B
MD5e4976564ef49eab2c49b3dd778448290
SHA122c0f46a920997bab31b601f09464dc2fb4a37ea
SHA256a48f9f41e8678e2d6e1a2e6ea79c5dcb46a06036b218c35b736debca80447c8e
SHA5126e239bdc0716c2ea4de255ad1e766a861c56807f2d35f2af5677a636ae7d2ac6d1f6c7ceafbac3f48e0af14b9868feb8bd20de7d7b97e848cb2a328f40997eba
-
Filesize
56KB
MD51944af3661da46249991197817b6cd8b
SHA1f952df40ec79fafc7c798f37aff92878977376ed
SHA25663326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5
SHA5120bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
36KB
MD5b346103dbcb5498b0b284f8af6fbc6bc
SHA1f808b26060513f751f0d6e43cd5ad927f4303238
SHA256cd39df47b7ffbd4d17bea4d842f47fabe5e5984df1485c74bf2a924929619faf
SHA512479733f1ccde7eca16112e36c10589562f3a04466c3e435acec04a7d1dc75ba496b80484c8827e641c5306803df60ffef2e91eb8ea7a196f6be7a7992b270fed
-
Filesize
133KB
MD5288c5ba5b7001fe841c32f690f62cc93
SHA129aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789
SHA256c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52
SHA512e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f