Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:37
Static task
static1
Behavioral task
behavioral1
Sample
751c97e1a0c439ad6fefbaadf85f4727.html
Resource
win7-20231215-en
General
-
Target
751c97e1a0c439ad6fefbaadf85f4727.html
-
Size
44KB
-
MD5
751c97e1a0c439ad6fefbaadf85f4727
-
SHA1
339584ab005a835ae2b771488bf968e3d49b8b61
-
SHA256
6b4d0caf422b1cd502bbc8a17fae96df4d9b425d7e729797b488e2e193d40960
-
SHA512
98bf741d4d688d88d4fba2afbb9260781953c29d8bdd74cfac80f0200a2ea85bc6ea7707cb02d5dc53240c684233f6ab85dbd8b463bc0863b8fb59eda3c83db4
-
SSDEEP
768:mwS0l/sGVLsk8ejW4mTNn2odLelg/0XFQYDrk:mZJt3Lelg/Z
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000c660b1e27be85925ee76efa68318ec5c1bf27738a1dc567e5e8e16662e86e24c000000000e8000000002000020000000330c927c9b5e27f5023cf7ac9d6e3548dae5458f1be5005e3c3926ac743b0bf120000000f5f413b24d6d0c252523971b4e3a08aeb2cd30b2855ec54cf36c722f8effef9840000000c8d656e0e970c5cffe44c8c36cdbc04233f90dd20ae90a7708fe9c69de2a7965a67ea44041402c4d29e2defb328b9c00bc54aec09ddc74f6ea2191f1cb8cfa61 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412366111" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{65AA3F21-BBA8-11EE-BA54-D2016227024C} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa000000000200000000001066000000010000200000001c77270e6f4a291e4a315852098c26573c673aed9f2d3f1b0e610c8480975b85000000000e80000000020000200000006c74505241abdac9f3a083965d5a5868e2b96b0f85d6901d4c6f97e77e290941900000007c08a86ae0ab39a6800ef33571812a2e1984b141f407f9aabc77a1567ec6ebcbc35792b775da7af151c549a463aff3576018ed9e7cdb9be6ab37f2560ebcbc66ac62605b8b3f2a00cdf520bbe578f4de19e58f6150d3dc964d4b1f06f165e5e45ee70797a813cb81a7edf2b35d1a001f83fc1efbb9e12a5698dc1a3b89a1543ef5ff032bc50005c6139233ea8d54b90440000000710ecbfb04b67b1b94b4afcd60694b0bea0c195b0a3d20af0805552d3e69fa04d8463fae468e0e8e9e6700d4fa083e2d219c215e46c6387da6108b4aa88d017f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a00b2e6db54fda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2512 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2512 iexplore.exe 2512 iexplore.exe 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2512 wrote to memory of 2236 2512 iexplore.exe IEXPLORE.EXE PID 2512 wrote to memory of 2236 2512 iexplore.exe IEXPLORE.EXE PID 2512 wrote to memory of 2236 2512 iexplore.exe IEXPLORE.EXE PID 2512 wrote to memory of 2236 2512 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751c97e1a0c439ad6fefbaadf85f4727.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2236
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d7227bb68dd2b1f8d4571b697e27ab19
SHA1f34bcf0b777f162771517bec81092e0bd4f691d5
SHA25623ea947811d8553b12220dc776f4d8177faac2262199bbf4f411147b94d16227
SHA512c64ae73ee296396a16d83336d6fb2600ce9e9be686587460a37613c12ac6a3edcda99205c55e9fd31b3ddf5c49f6286f75fb6ac4f307ce41d6385ea55a26679e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b9c7553d029a370f5c8ba2543c66240d
SHA1bd80ac19765d52a7435b9a659dd69bbbeacdaade
SHA256cdc5f0c4fa2faf63453b0939c24b64ddafe6f7482e68ce9dedd9724f7d057e98
SHA51202844c9f4db2e8bb834385c04779ae03d716c75f4f1cf536d2026e992e82b99f636aae967df1adca71e1983728f87f3298a9066f708556deb5dd9d6c71943369
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD534df0eef88a3ad5cff0d352bfc48c41b
SHA19610ecba3c55d6e895a53b00fbea654477f70fe3
SHA2566655362b73db65accded6095991709fd1b4d82f533eadec4c97b3ffcf880355d
SHA5122e44240179747166e3effd6624e2b5fb210ed9d2c4f0b8034eda15274361c13ed76d001e5a123a199040b62c4aa431bd5de751fcaf73c821b1d84619e918f2c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD536d73a94bfbb7d4569f97e0616e18673
SHA127873d4366bee1dfaa55334d20df146c1646cbd0
SHA256f69fdd05a047e61e2efe306706af1dc7469f01b767fe27091713fe3c1351c342
SHA51217f77cd2d2ee7c6fdd1a630dc6509c0a210060e88b5676712083df75d20dba4415997a7c571f9d213dc0eb24689c168ca480376f174336fc54cb28ca2c7ee4f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD588ca52295739bcee0cd4d799d5fe6d71
SHA1a5422ba3f86b72aca1083ce5e4b17352f4ecbb2b
SHA256b39c44724345f029ef9d62a61e259c09fcb4f55d8b50b4ae921525ee06b7e02f
SHA5122f01fb3a5de611003335eae9724efc71c9efb42789ba8f332437051f17027edf1df103c8ab73c21903fcf02d30d746b5c211d2902ca14e9b4c6ad53509db46f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ab2608fbdc4bcc18861926a37eb35713
SHA1c1ca768f59a80200bfdcc77b60e5853737a77e1d
SHA2567a19e0d1d3c10e3b489a895388d55872df503452b7b9866deaabf121e4fc3479
SHA5124fa64a4b270bdaa348cb87aea054460262f1b584672124898e6d0810cbc32432e4a6f222d45a2d73ca1e813f9b8bb910bb280c8424559e8f612c1e13bc8924a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD534e80c84fa99fe955a7442b2411d2f39
SHA18f3a3128c453c89f2c0872e5bbd478cbb6e2f45e
SHA256e5972bf0786037428b8a5cf121b634d552f7abb4f282c3b24ca9504d532a2336
SHA51294b9a30f6c1c6bea0bfa677bd238fd5be9c003df6b76b960bc8b4ccaef58df172fc4e62c925267774b8e75f08857df98a356cfb9daebbaaa14a0d1c504d4dced
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56d1a6200466875b7d73f4c74cf4ddf99
SHA13e4283ca12942d186893400bf982792091b3207e
SHA256646f7b7b5b5e9485a46b019934cb345c9d5b3f0b2ef3571ed8b0054e7cd8c4ee
SHA512229507118e5cfa79f9178b97d40cde309bb5d81cfc5edfb470b89a3aed1bb838a9a6c37bd0bddb3c0a4a841df5c55313b5d030aa23c648923d3edeb32417b230
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a927bf3305cca9fc7791ddb04f72cadf
SHA159dfa4aba0d60a13b2fad769c539b06609c5eb18
SHA2568c3ef20ddf30e14cc02673a1715ccacb5c6a20ead41e0673529866caa79bc2e0
SHA5124b87a72dd6091e4f306e15fccd4d4f6d0ea503b424848618ccbae2d323c691db0d8d99b7b610f7edcefb56b20c77cce4f4c2e47a639f206cfe2cfebe9d50d0ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50f5ec4c484569a85c3b1814857c72e52
SHA1a183bd5d793f1280e366e6b6de0d039bc2ee78e6
SHA2566336e9b819462be72b2e735b4663638bec4d6962a200a722f9fa63182a78da3f
SHA51204f3abc1ba738fb887eb962815ddb41d69f363688d7374fb4f94d172dbd98c2fbc73154e8adab94af44db8fe02bfbb59f37ad58030123cd49d254dcac23e6d0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c6f152298aea0d75fe1251a79386351f
SHA167fb96373f6d09a1abbe6bc7b7414e993917e1de
SHA256953aeae82883619c76fda14c73589d6873b572f5399ef0bd6bd8172c12cf61cd
SHA512f7c75eb278d92bec3d1ce21581de1b2fe28fbf6350240334d97ecb225b2d092b4598b0750098838123127055d922c541d41e94eadaeb8afebb1b6fd430e676b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5681dbc4eed61d5187d0e2a2c8565bbbc
SHA1d33b9b921472606c4d5b06ace3851b8702cb1aee
SHA2569e4f0d50a6d9f1b099b3bfabdfc3a77e75b1d1b8169860fe3ac877f87955ac27
SHA5129d24e393df5241e74a3884583e330890b21500355d32b8f36efde0f7e8b02cdda8c36c5721be860e82f2572e350ebd59003b933578a8ee5b8c61370f82c6ce4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eb5f23ea08f06982bfbabf39a2b6d60b
SHA1c79013f0e475fce0951832baa6896c171bc45006
SHA2566b34b7bc495ed4385554c1d144940d83704bc6230d2679a244ab5813fb1f100e
SHA512aae43214279b137a40c5d4556d4b41407681a386dc2c525f8f2272a659ebfe534bc2c97556dc73fc4aaa1135428c755271c13af8a84cab7d77ff46ebe288d397
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57fb53e3d3a613a212e5f3048bd6bb1fb
SHA1024a3d1943776912f476ce086418841842b935a1
SHA256a971ddec78a7f5c85f01e935f1b9969fee26ad1eb5fdd74323d09445a1151260
SHA512b7ee45c18688a5b477a1a33a5760a7d3302051473d2f90c76026e91655a6d85be61a2062e0d67fd4feff48f6628c88cad78b9647162f2440639f17b9fd7066ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5661a9500f6551929e39be17fe1a688fe
SHA1990200ddd2e8f6473018ce7afc5ae15a8554a0ec
SHA256e4f4ab1675ebdd40667c3157a80ca1742d21757ea992e4ee91e416eaa28f5233
SHA51224f15b549e62e428f4c95886b30d880498044d5832fe39e1863a7cd72f7647b12cba1f709d801c235dc5b482a096f1eaa0a6bfff083d5b7a0fb545eb3b70dc19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57a1d4d91260b91585141d97e5dcea1fe
SHA111c9c88191c149d9e605bd9a841533ec4272c7b2
SHA2562ff3ffff6575df4ab7da24cfbbc4924f4be6ff8b8553af07f3c6bf4a9eda6856
SHA512e3cb158f01306be929a776d56a168ef9b49da4bbcc3fce74cbbcc8e0cf0717106fe22f2589159c2bccbc6a76ee4567b07dd267e27c00dbc25dbf28b538a1bd9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f3c1816a85b04921a941b654f4efba90
SHA153a8d5c22114cec25e10ff54d8d36ea5355113f3
SHA2560ddd15f1094f3c37a23cf402e28f2b1a37b1145e173d91ebb3b74efd4e8a1396
SHA512d58f1a90bea82eabab59f10dba82238f5ee493123408ca1037255e167d05a0da4c9e0c90e40cd45b9cbf64f4845a3dcb5bbefad7430075ec2278d67b8e0b6c53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5609e8bd583ac393da480b204da63803a
SHA14f01490679114caedacdba776a6ac43dcb3f0ca3
SHA25603a10066f2e6306ab3b99f155aec6dc8bd02f9f425b0fa5e62bc8af1f76e656e
SHA512aec54e10d21a5da5289e40f63cee117dd0f3b37c1f0b3550693b4092ef6b9f847421e39875c994dc7ac2ff59a6cd02082a92a77d0c4983e92930376909138426
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06