Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26-01-2024 06:23
Static task
static1
Behavioral task
behavioral1
Sample
769f4eae27200ec1ed0b507333a17b4d.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
769f4eae27200ec1ed0b507333a17b4d.html
Resource
win10v2004-20231215-en
General
-
Target
769f4eae27200ec1ed0b507333a17b4d.html
-
Size
15KB
-
MD5
769f4eae27200ec1ed0b507333a17b4d
-
SHA1
b4c6fdb8259aa25a23f719877e72abe0a429be40
-
SHA256
82770be39dfc8b7a76296f8e949f1f96a627170a6e59e563b2909681641f57d5
-
SHA512
4896bf80e4ddd79f7c6834b9d89462bd5d5dd51d403561fafcaf0b9c7ff5e26fb085b88e9826db8ac9d0eeed2d29b6a16adc3fc43e691822712c308908223450
-
SSDEEP
384:pllWuhR8NFxwO9LXWwhV0qnvT+AaxvdgqHgY0gUQFZgBvT+hVsxyq31:vCzRl
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412412086" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{71AF0C91-BC13-11EE-B07A-464D43A133DD} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000c6203772c9c87fe66bf9b8cfa355b34c510588866d1f4186b05d6f1380751b8e000000000e8000000002000020000000ee15f138c159b526b5b22cbf6530412b66e3454f6ce2674ca03f3fa25b6c8c692000000065e6d22c0f6b2bbe7c7aba668db99ec352747119f63617829b309f128ba64f7940000000bb6b02a5fd229fce5468a042c0ad42e982a129c796f15b102a45a2dd71593a544b1b7f2211bf0e5d6023becb6eca0c59f28ca08ab7cf2b886c4672fb979a1370 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40cc56462050da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000eb2283bb83148489e38b98d5481eb296ea8cdbbfec71410a7f637b647aafa747000000000e8000000002000020000000803738666dc2e137c859dc28096f8bd8a3da74245cea42d0b1574faf3858db4490000000fdbee7df2887fa146a2345276f4f8c3ab9c30c7c68c74cb627ecce27ebd972712e659c23d9b7c4959281a3d12668384f45f8384cd41a994e3250704b5712178d24a42f786b55cedee58115b85aacc5699ddb23e17687996254aea1d8b83315696766f57fbaae7f92a4776775b02997eb317c7d43a1eb95077420ac1750c1deb1926abdc866c0e85592ed73dc79ff4414400000006dea88a28ddbae7a8918bb139c5a9cb15ab188c5124546e48ef1bf04dd848e906c4d16e6212c8b199af9193362854ed698756790e3954a78ae497f9aad5bbe35 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2884 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2884 iexplore.exe 2884 iexplore.exe 2064 IEXPLORE.EXE 2064 IEXPLORE.EXE 2064 IEXPLORE.EXE 2064 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2884 wrote to memory of 2064 2884 iexplore.exe 28 PID 2884 wrote to memory of 2064 2884 iexplore.exe 28 PID 2884 wrote to memory of 2064 2884 iexplore.exe 28 PID 2884 wrote to memory of 2064 2884 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\769f4eae27200ec1ed0b507333a17b4d.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2064
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d59b9c79209246938263cabd0dc2c336
SHA1015fcff06dece02e1ffef09368745dd25b8418cc
SHA256f1ca8e3ba1566f58c6ff5c1866775c10262a2da13062e6b1c7d6fcdbbd5a7ba0
SHA51229dd65b62bff2613522472c51bc103c1745a804a53974cf6cfe155c4ce215d9e447af592cb64111bf1e2191006fb015f9a60d20d42eabb64f957a7c209077a9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b6651ea6694932b0fe3704e3872672cc
SHA1016a96a26e8e916a9b71154ce3ca4283be62931e
SHA256c907c28b539f5439281327bc52b8eb4ff022118b51a3cb4ad315c925a09738af
SHA512811df6fe43cb55299f1eb30c27ecb0afffd141a084cf92678c488727ee37da25d2b4a704a15aa32b17d653acf48e23aae4cbf6c78bd57bfc648e4c3a14608caa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55c9087e84b0020f489b1e4349e271076
SHA1b1cee9158dd7b70a464c3950965c0e52e48e98f5
SHA2560535a18e978f33bf4b42e52c4104a3bc246c32ff623e2ced059fb92f01b81091
SHA512fa77ec2086b8fda836ebcfc129b3f3b18caeb7b30c079ec5048e97a4be73cc52b69dc1fc86390f90f66443655f22480031006bb551e620d2f04988898ad15657
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b876bc6a71fc6e696cd789003467a727
SHA19049c4fe2376e5779dadaded0edbe22f0f056dfa
SHA256957489583163a4c6e737105467296fa3ee70a9dd54e3a647acb7d7c9f8f3b7bd
SHA51286d2037400d98cccd8f395ef732970cb96fdf7662303396172985bdce4150d78acfa8fd3517ddfb1fdcb54612c630c787146044894cdb895d33ddfc24a60935f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55fa96da009f569d2cabba38991f25d86
SHA174b41e70e17b21a3b5db6e2c06d9d42a3d59f6f2
SHA2562aab7dc7addce347b288dda94dbb890f4e22333b9bc976c41a4ec333adfdaccb
SHA51257cd3dd48269c7510115cc09b1ef542c4fd8d6c4c4cf06fb1f9377e157226b4f66edd545e98cb47f8465430d75a6f4f96f0506beaa413e254dcb5d1f465a3625
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a5c3c140d0aa15a2e52fd5bc5a714c3c
SHA1bbd0ea6b02c3591cac592246744b63d3e4f34d23
SHA2562394a51ca20db5465d1b5223ea661d8cadd8fbe11e946dc1b8e209d17f4ab540
SHA5120d8c4c31a9eed2f4dc04fa94088b10f626dc1381b6da07a1925bf75fc0ce4c7a0e2a4ae5936c81d622dfa946940d18c7e64a846f5a4d89ac9a5ecd80f89b205b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD504e96bc1a65b01b5d254f31ac6c9d7b2
SHA15a270e92b6b4da2d0f7540abfa71a64fe4960621
SHA25691f4d55a9a68aecef56224b9c601ff03c81e6d3c56b6cc679cd9a40d6acc132a
SHA512fb1199babdc4b94c7e7a214fe3cce4e7f3bd48df7b19542e2bd1f1deb9c22cc2c3722d5b62f34b180bba5b62f655a64d101f6a90fdad9db66a6a449ad4228aa3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD548e739914895af9b1fdbba2540027a28
SHA10de1abbfac0d32cb8766dd1b449d105709793d99
SHA2567f5d778baa7e9e21232bd71a6d6f5490e1ea09813d8ac7ac234cebf7b8504a09
SHA5120e8fe5cdb3a64b8922a9993ef8d132958a1d0311f8255312fee2c3f4963c6807ea973d307fbe2f0f7e9049b4273790a4ce387752268327ce433272648f374fae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54f98831c225c2e013ada391a4562ccf3
SHA1e72d15c6dec891311e1a0753b8667a43efcdd097
SHA256001501ae0f979de6fb48e8e1a3c454d8ca137ae6c45612e91fa0e9971b56c5c6
SHA5124b633e8d6fa400cbc9c30b19b08cc82124a17a2af86f1624155b6e8c8e3eb8422fdb7b1557bf46468223f1746deb8c7fcd3c4a15257d32821591ac807f60eda6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD500baf7c1f565813e80adc372ffaad166
SHA1f4bb1f2b053d7790bf8726bc4fb1d965b7d834d6
SHA256f499ef0fea86ebf050659b4684aad9a0c75aa2ded31ebf33c28880ab672cc59e
SHA5125d95e40b2613a3a79f10e02708de5d943c9be0e5d4a92d89fd43c5961d8720eb4a734ac111ff0d58dac9a7a3dfca31fc04270a4a9bb65a1024787d966b5b583b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD541f10f818ce592bf70984bf93f6d2c5c
SHA105b399235bc0771f40c68da60ea1069a3affb770
SHA25614e34f606a6ccdcd43cfafe99b8d55b4ef32059b388f07f07499abd40e257e4e
SHA512b8b4282776c138d80018d537bbf245a78ae6127ce80b50a8071d57046fe0492d9cf21b4d36c9250fee08854b8a782e458c415c28bb54e7fa94f7cf179cf8e8bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5288f83be435abd360ab12d851689d498
SHA170199bf3feee5d66669385cfd8c547734eba8b5d
SHA256c0eec871629dcd5a4e9a66e63b8826c6f659b79b03ce71ff587a6e0cef342aa1
SHA512f952ba060a6e08033a3f151b647c221a702f3fa746ec16fe39843af03b09b8f4f777c86a4e2c7f697103b6546847d67ab8fafbb9ebc5ea4ad712b8c60d753115
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52aced96a9bf1429447aafa12e1d5f417
SHA10e1225ed11290329c95e512deeab56a55b1073d3
SHA2562a9c48da6d8eb777dbc6ced70b0f34cfeab55ed50854615b0ef840838208434d
SHA512fdb5ca5d6ce275f2ba598f8d579fd9b7908c236fae08db1222fe2390628082b8b6374eb7766f0172c171d53c4e46a27ae42d6735e1a8fc73b6f41abb5655ffe9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b5987e2472decc985951bf85a29c0f75
SHA1373fe62b7363f3b879a93f91435552f503123216
SHA256595b842647f74079fe872ce1d6eaee3847889431b2c834aa5fd56b3c6f9cc5bd
SHA512bbb567723ca9c128f5177cf70709420e77213cc0b3328b32d702d7a66a8bdd19b8ae54f880f45f3a6a2c35f02219968c0099251de5a025f04d45b4ec118c509c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5863e05be65dab695d127ac0c25119f9b
SHA14003a053600141231029b7d34d3f05c4c90d9ab3
SHA256b34c31cbcde21a5bab16f21d894e9c11379a7466c5da38f3839e7d30fac7fc30
SHA512af7e8b75266817d5744b6939bb1aa0e13d0aacea3c6198d82d2005e65ddb64b3c4b3ffe324e83098e1ef8e3ceaff69618288f532447506a8af23c538b31c1b8a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51d467f84b0209e9708a79ccbecdafca8
SHA1bb96582bf9ec9a154f25aa356b8a01e3ef221097
SHA2561632201c4cb9984788306573bf9d3ea42c67fc230bf74ff65791f8dfc8a18dc3
SHA5121f4593f3992122a0f5619898d37230ba8f58584c9ff16d50ac20c90415e5a87a0f3d4792b335a4f0fa618e24f09243871abf67dc8304e2b907b184d79afe4e1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cad733aaade68537782a8e8e599198bd
SHA1cdd5c6250b1224dfc328c81230caef9c9ebc246e
SHA2564fb736c65a5abfcbd9cf9513a7746ba24f95d3657dca42655e3eee8863721e6e
SHA512c2aa880d16f9be080e4f7bbe5985871a6dd77b67b6fa7ca08fdcf3d73886ad0ae3e789a9c7fec99e3ebfe4e66be61cd08adc3bacebfb4ee37e77923049d25dd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52cab7b6d4aa68943bcddde2b294b39b1
SHA1bd9dd429725caad527522e977c135a39dee70670
SHA256f812a45b99567624839a8452a9c9d0567ccebb4ad85cd3f9081592aaaf0ad0ba
SHA51218d12a715a435aac8d0bb4c66402e9b7908a9784be4b087596fbdda360a47f946ad636b41f646d3e80bc3344dac12d44e52dc8546d93d1b44c91ce4527859006
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5340fba222c324d8f04cbe737547c764e
SHA159e1fee318faaf7e2d1d38226620defb6d13a033
SHA2561ffba2bdb399c48271aed8e21b772b63a27c41c57fa1dc92f703560f97e29b9b
SHA512676c8029d2a790ecef29cd182abffc2973de65ae551b857bbf354e86ca2180deb22dd8b9e0426db2c0ee9b75a2443a0028c2d91adfc7481cc61ae8bbbe9c3e54
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06