Overview
overview
3Static
static
3iiswall/ad...in.asp
windows7-x64
3iiswall/ad...in.asp
windows10-2004-x64
3iiswall/ad...ck.vbs
windows7-x64
1iiswall/ad...ck.vbs
windows10-2004-x64
1iiswall/admin/cmd.vbs
windows7-x64
1iiswall/admin/cmd.vbs
windows10-2004-x64
1iiswall/ad...ig.asp
windows7-x64
3iiswall/ad...ig.asp
windows10-2004-x64
3iiswall/ad...ex.vbs
windows7-x64
1iiswall/ad...ex.vbs
windows10-2004-x64
1iiswall/ad...st.vbs
windows7-x64
1iiswall/ad...st.vbs
windows10-2004-x64
1iiswall/ad...ut.asp
windows7-x64
3iiswall/ad...ut.asp
windows10-2004-x64
3iiswall/ad...in.asp
windows7-x64
3iiswall/ad...in.asp
windows10-2004-x64
3iiswall/admin/md5.vbs
windows7-x64
1iiswall/admin/md5.vbs
windows10-2004-x64
1iiswall/ad...nu.asp
windows7-x64
3iiswall/ad...nu.asp
windows10-2004-x64
3iiswall/ad...le.vbs
windows7-x64
1iiswall/ad...le.vbs
windows10-2004-x64
1iiswall/ad...pt.vbs
windows7-x64
1iiswall/ad...pt.vbs
windows10-2004-x64
1iiswall/he...��.htm
windows7-x64
1iiswall/he...��.htm
windows10-2004-x64
1iiswall/he...��.htm
windows7-x64
1iiswall/he...��.htm
windows10-2004-x64
1iiswall/he...��.htm
windows7-x64
1iiswall/he...��.htm
windows10-2004-x64
1iiswall/he...��.htm
windows7-x64
1iiswall/he...��.htm
windows10-2004-x64
1Analysis
-
max time kernel
90s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
03/02/2024, 02:20
Static task
static1
Behavioral task
behavioral1
Sample
iiswall/admin/admin.asp
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
iiswall/admin/admin.asp
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
iiswall/admin/check.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
iiswall/admin/check.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
iiswall/admin/cmd.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
iiswall/admin/cmd.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
iiswall/admin/config.asp
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
iiswall/admin/config.asp
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
iiswall/admin/index.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
iiswall/admin/index.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
iiswall/admin/iplist.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
iiswall/admin/iplist.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
iiswall/admin/logout.asp
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
iiswall/admin/logout.asp
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
iiswall/admin/main.asp
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
iiswall/admin/main.asp
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
iiswall/admin/md5.vbs
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral18
Sample
iiswall/admin/md5.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
iiswall/admin/menu.asp
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
iiswall/admin/menu.asp
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
iiswall/admin/rule.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
iiswall/admin/rule.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
iiswall/admin/script.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
iiswall/admin/script.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
iiswall/help/产品介绍.htm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
iiswall/help/产品介绍.htm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
iiswall/help/产品购买.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
iiswall/help/产品购买.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
iiswall/help/安装手册.htm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral30
Sample
iiswall/help/安装手册.htm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
iiswall/help/用户手册.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
iiswall/help/用户手册.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
iiswall/help/安装手册.htm
-
Size
9KB
-
MD5
81dce7c8d777d59979a34229543d5f49
-
SHA1
330ef17b01496500c607f329d3abce062f061e5f
-
SHA256
1e4db4144846e88f9b4dc3b472bc786c8a928a78d74203781f28dbf5ac5a40d2
-
SHA512
fa49a798034785cc957f4e752b165992ae1e29429cb916fb3dc5d09027afffc07059bfcd543c101ccc99eb2261799c68d460f21a48dc12f0525e30ae4db1b739
-
SSDEEP
96:IBaoJggwRsSwGgRg3ChGRgWUs8JYWp9Uy2d38IC2JaR4tR4X8C8V8hP8ld48GdVJ:brZ09gNcMTueNFhaM9++Xg8q+lFg
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2985788292" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909f99b24756da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2990787837" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086151" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c0000000002000000000010660000000100002000000017601193bbe5613cb71e3217572a8a06dbdaec76775d9be260c91e697d5b1a9a000000000e8000000002000020000000f60759f0976f9e0d2bf7f464b85a0d0f972539eb1262c291b1517392f7d8450820000000a05b1d2a9fdb69e478f835a956cc439e22994656b49b858ac4ca1a58227a8fea4000000001d14f46c30494407c03c0a69177b32c91e9e96f16bb4b8e6f9a358e63705b9580510f0e02646efa02862c80179ef61d8238549979a6e947f0dc76e97e40403b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31086151" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2985788292" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086151" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c00000000020000000000106600000001000020000000bd6f7ecbad62b0a570829a5721a441105a73a9e0f350bdd2628eb5c5dedbe646000000000e8000000002000020000000ec7f990e8d3106c098bc40a3f3ae97625f90d95e538560b63f708b8cea4a333920000000f55f5714516ca87c29efab3917aabdc3f36601aed8b3257685f8532960a30aaa400000008ddee35a1266a06cb3e64406326d6ac62acbb7a18743cdc01ada439ec57ca7c71d9f8dc3a70a8f1bf1ae7cc0fe03da280d6d41f9d4b6b7cfadc5f39355eb86ab iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 805a9eb24756da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DD8DF423-C23A-11EE-A0B6-667A6D636A0F} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413691832" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4976 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4976 iexplore.exe 4976 iexplore.exe 388 IEXPLORE.EXE 388 IEXPLORE.EXE 388 IEXPLORE.EXE 388 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4976 wrote to memory of 388 4976 iexplore.exe 55 PID 4976 wrote to memory of 388 4976 iexplore.exe 55 PID 4976 wrote to memory of 388 4976 iexplore.exe 55
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\iiswall\help\安装手册.htm1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4976 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:388
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5cb99b6d5040641081530ef8f6049f1aa
SHA13fa9e3148cbee0e561da3787919043483ee5e5c0
SHA2563e1607026f332ae19539f0621c8b18c820245d196febf8bf258253667ebc94d8
SHA51213cdc5995fa4741d474c00491ea55b26101a88ee3495327950249e8bef1e16de29f46d0c1ffef3682eac0e041f0b06545d51ef8152a33606f0e13fe35e6a1d83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5a839ddd06abef9095431b0150ff530a3
SHA1c4d5be45b3eb0b7bb015f70ce31a131ad604d37b
SHA2569632bc747cb66cbc887fd00fcc5a42ec7400fd08405571aecbd867d4ebe875c4
SHA512d2e4670da705bbea88e8a3be2a0cae310e25ca17b936adf4b30803f7a043ab098a6edc0954edc95c3e887a0f13c794c8b9fc2c09c9ae913df95f10f32be35e28
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee