Overview
overview
6Static
static
1Paper Mine...3).zip
windows7-x64
Paper Mine...3).zip
windows10-2004-x64
1001f3b1f9f...d1.png
windows7-x64
3001f3b1f9f...d1.png
windows10-2004-x64
3004a3ec09b...67.wav
windows7-x64
1004a3ec09b...67.wav
windows10-2004-x64
600595a684f...0c.png
windows7-x64
300595a684f...0c.png
windows10-2004-x64
300748ad27c...ae.png
windows7-x64
300748ad27c...ae.png
windows10-2004-x64
30087c701a7...46.png
windows7-x64
30087c701a7...46.png
windows10-2004-x64
300c8d052ef...b3.png
windows7-x64
300c8d052ef...b3.png
windows10-2004-x64
300c9bd5d56...c7.png
windows7-x64
300c9bd5d56...c7.png
windows10-2004-x64
300eca16b1d...01.png
windows7-x64
300eca16b1d...01.png
windows10-2004-x64
300f478caac...00.png
windows7-x64
300f478caac...00.png
windows10-2004-x64
300f61b9a88...a4.svg
windows7-x64
100f61b9a88...a4.svg
windows10-2004-x64
10107ace0d1...0d.wav
windows7-x64
10107ace0d1...0d.wav
windows10-2004-x64
60116030991...9f.svg
windows7-x64
10116030991...9f.svg
windows10-2004-x64
1012471aee1...db.png
windows7-x64
3012471aee1...db.png
windows10-2004-x64
30159f2faf7...6b.png
windows7-x64
30159f2faf7...6b.png
windows10-2004-x64
3016b66ed36...48.png
windows7-x64
3016b66ed36...48.png
windows10-2004-x64
3Analysis
-
max time kernel
131s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20/02/2024, 13:43
Static task
static1
Behavioral task
behavioral1
Sample
Paper Minecraft 1.20 Update (V.23).zip
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
Paper Minecraft 1.20 Update (V.23).zip
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
001f3b1f9f769f52223c2f882a07c6d1.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
001f3b1f9f769f52223c2f882a07c6d1.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
004a3ec09b6d4e210e4131dda31f4d67.wav
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral6
Sample
004a3ec09b6d4e210e4131dda31f4d67.wav
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
00595a684f2755c02d9dbb08f4c3110c.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
00595a684f2755c02d9dbb08f4c3110c.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
00748ad27cec5f574db952e8042951ae.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
00748ad27cec5f574db952e8042951ae.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
0087c701a70cc222e1806f5b03543b46.png
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral12
Sample
0087c701a70cc222e1806f5b03543b46.png
Resource
win10v2004-20240220-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
00c8d052efcbd73b6abb75e93179fcb3.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
00c8d052efcbd73b6abb75e93179fcb3.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
00c9bd5d56fd8a90f8eb544ccac1d6c7.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
00c9bd5d56fd8a90f8eb544ccac1d6c7.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
00eca16b1d739ada50658c18cf6ff501.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
00eca16b1d739ada50658c18cf6ff501.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
00f478caaca448bb2739a47a82f94500.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
00f478caaca448bb2739a47a82f94500.png
Resource
win10v2004-20240220-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
00f61b9a88ea6d63a6ff3f62f9e4c8a4.svg
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral22
Sample
00f61b9a88ea6d63a6ff3f62f9e4c8a4.svg
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
0107ace0d14b1383de7b9190a1abd40d.wav
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
0107ace0d14b1383de7b9190a1abd40d.wav
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
0116030991a5e2a4dc3aae538db90b9f.svg
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
0116030991a5e2a4dc3aae538db90b9f.svg
Resource
win10v2004-20240220-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
012471aee1efd71cc29e531eaf4e78db.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
012471aee1efd71cc29e531eaf4e78db.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
0159f2faf7a82639cf5a910a41e1966b.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
0159f2faf7a82639cf5a910a41e1966b.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
016b66ed3607b501e6ab35de80ad7d48.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
016b66ed3607b501e6ab35de80ad7d48.png
Resource
win10v2004-20240220-en
windows10-2004-x64
General
-
Target
00f61b9a88ea6d63a6ff3f62f9e4c8a4.svg
-
Size
7KB
-
MD5
00f61b9a88ea6d63a6ff3f62f9e4c8a4
-
SHA1
0f29585d5864ee2546fcb7bfb32f94005e28f51b
-
SHA256
45a1841dc18c9ea2cd68a1a55d92abadc2c5405dfbd2f4eba5bb2a7d85ac4511
-
SHA512
1da8a3377f7b622fcad2ea8d6152ac088681ad56a0969b650563a2f269fc2980084772a64983a3d9348a1d09c47ac852b047c3144ba52bf1db828155ef27352e
-
SSDEEP
192:Pb1wDrAb+AbGAbNAbhAb+HAbxAbjhtT85ttSKjARoRfPtmlYu:PBwDrAKASApA9AaHAFA7T8bQKUoPmlb
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1727374133" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07f0c680364da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700322680364da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415201816" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31089667" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f0000000002000000000010660000000100002000000097484b1342489b1c47c43a5495f2976a33efa15213f85f220b24f22e892819ab000000000e80000000020000200000005459812e11338907f8ffb3d3200a8d35fe75aa03f37e366ac3c3d6deae4ccff120000000ef121f184980a30bc79f3a10f7e90b3cd364a3a6eb29793169111996908abd2640000000521f24ea9741680cc45347f9a4014e1e63fb775f3be7653e3ed008721c952a8ebf7fc1e7525de7a089f95ba1aa4f3fbd65490b403f0dae7d730489fac7992439 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31089667" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31089667" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{90AF38D5-CFF6-11EE-8024-6A04C5405167} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1703309428" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1703309428" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f00000000020000000000106600000001000020000000046dab2420e83efa9406e946a2113a9292b6ea9a9ca51e17c4ade686b87965a1000000000e80000000020000200000006a119470530abec77d5da529bf8f6b39623363c55a9997f5d5d516c0eb04dc8a200000000de38f9ffce0e20aef450619b3e09e46719fd573dee0cccda5d02a7d4870c3b14000000034ba31b8bca7af6c9789ccbc63fbce3faaa18f5c9f0a46faa542cfc0459ec9988d81378d4d103ff24f29cbdb1f5f2ba0b1789a326e3f0cde75a7a8d01276d8dc iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1272 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1272 iexplore.exe 1272 iexplore.exe 4724 IEXPLORE.EXE 4724 IEXPLORE.EXE 4724 IEXPLORE.EXE 4724 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1272 wrote to memory of 4724 1272 iexplore.exe 83 PID 1272 wrote to memory of 4724 1272 iexplore.exe 83 PID 1272 wrote to memory of 4724 1272 iexplore.exe 83
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\00f61b9a88ea6d63a6ff3f62f9e4c8a4.svg1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1272 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4724
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5e31f431a23044b362a7e409937b3e2bb
SHA19da1569364f19437d277bef637e06ac014ee6088
SHA2562b0c672ef6080cb798f37179cf62d02aef879f783da904072f125e1bc00b777c
SHA512495c755fc78eb4427e231a042102527710d7693ed01b244650bb89ee2e29fa0bbe94c356b3ef102fa92d499db0b0ebb2f60f81cf47d4750aa2f120bece8eaffd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5ad14d531730f0b0380c513dd72a10d09
SHA162aa56804928dfbdefb39907d7542b57f1336750
SHA25672c5a13e2df52d0700383e51123d5e9ff66e6314a877c903c91aba85b63768f8
SHA512edc1be1e156127672583d721c38934811296ce4f05cb526fb8626829e470ddb9bebb064cbf7236103b602e7953190044e9b55d8627ec704329002aea220c2fe2
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee