Analysis
-
max time kernel
141s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05-03-2024 11:48
Static task
static1
Behavioral task
behavioral1
Sample
b4a10d3916b621ad286f33b466c983b7.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b4a10d3916b621ad286f33b466c983b7.html
Resource
win10v2004-20240226-en
General
-
Target
b4a10d3916b621ad286f33b466c983b7.html
-
Size
109KB
-
MD5
b4a10d3916b621ad286f33b466c983b7
-
SHA1
2f38778fcd0990988f894965b839150663b17ce1
-
SHA256
5ed35091275ae6c272004c792e5cc41a6bcb2340c84c00de332336086107ed61
-
SHA512
bb4e6138470994ea9ec5826312fed74e6e96096ab13c9e8f5c07d9e3d79e2a19f67307698c8e6b1f52d66f75e1d8ee29f5496ea71aeb7ba4ba3bda7b4ccc23e4
-
SSDEEP
3072:qjC5aFf2aKlWN9SQY4ThzENHhTHS2uOjF:qjC5aFf2aKlWN9SQY4ThzErF
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5376FC01-DAE6-11EE-9340-6EAD7206CC74} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a960690000000002000000000010660000000100002000000049ff00b28eb04c1261f340bc70cd9857a468914eb82d190b80e924999e17a0e7000000000e80000000020000200000004d13e1e0328b6ea330ff5f12909d822ffc61692f122a6339d54e8080040bf1d4900000002366e4efe2caf218c91d0706eff9325130348e5ef893cb080ec1748e32dc284e25fa49af722fdff8889630d6b1b5b7410c449f5b7354b2e9c926b6489717530986febf4386462837ea07f064933836f2e8c2f52b8979d4736def9c8ac380370b201f0fd858c9a1f8880366310354544eb744368b0ff348a4cf213689913c6b3b8ba7cdcebd6c5b3d7e7097e4b79a51c8400000008bd23b34deab8b95016a8b8cc9505ac03de87a6317d1eb830f46e62b8b2e88cde389f0d349c5fc0ba45d83d9871b9777a13e3cc0d516bc6667f4acad0f182244 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70560028f36eda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415801202" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000118b5934c459b0796924726f027d05843964680ce527c5f01cce7d20c68fcc78000000000e800000000200002000000073b90b78b029a9beaed5bafa3a7a045dac124af19e732ae5664ddac4b17e1e90200000006a92aa9ef383be2cef855df3e350ff68c76c74649a480dd8327f26d0dedbf54c400000003f117be8e9bdecb3cd2765439b25167d60631520235d547a9e92165fa1a22c6be815988e7a0670b2211c65b3e92fe4591fef3cb0bc06485b6c0dca7ad82b7c92 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2880 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2880 iexplore.exe 2880 iexplore.exe 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2880 wrote to memory of 2300 2880 iexplore.exe 28 PID 2880 wrote to memory of 2300 2880 iexplore.exe 28 PID 2880 wrote to memory of 2300 2880 iexplore.exe 28 PID 2880 wrote to memory of 2300 2880 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b4a10d3916b621ad286f33b466c983b7.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2300
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c4b59a0c4691fbd2b8f92bb2e63da6e2
SHA1f8211908870742ba39374432bee27f96a0cfc305
SHA2567dd878fb05b996aba5719718ffccb32d7a30031e3a91b37a0a0ff122b94add51
SHA512e25b0fb8d85cf5aa62f000fb76da2786162e62f89d961beb11fe0906752bd2598c8505949bf93073631d20bec3388c66681ce7c13e64290ccbaad3434d453c40
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c6774a203ca78ce7c712ec821240fe40
SHA1cebdaa72bb35d728c7d6da8ba2a28bb1ec22e669
SHA2560b81e6dd9f57fc4740838ed49bc1fe8cc2ad8c20e7f02bde7cdf961f0d589940
SHA5129babaf9a47a3f875da66377653031a0dd0bd730112a295cfbe2bb037d2d07a7d1951f7c17e9c91759cca75bfc1bdc3f8066b6bb4c5d4533538ecc53ff3f00e07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eb8bf8dd5babc8d00cfa043ff4c7972c
SHA1c0256e72684c651fdcc1b2a3ee324e1f43a2e362
SHA2562b0352a6a5f2a3759f1693456bc4832ecea877d0a304e5913f36f179d544d751
SHA51217735bd3a20ab6eaf330dbdce97ad7e7708f81b0263387d956a9511c1807fe8dfe34c1cf703c6a5398cc7239ada7edc63d9e47edde7eb97b8f63c42ea6fcce71
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e30d5dd65214cc1e5efd34d905d5af5d
SHA165a8723a12bb425ae5134c1c2e0fa1a1d04127d2
SHA256c3f93e78d15673b9adb0281fbcb1a2e98a73ac8e310b2c2070ea9010c4bba01e
SHA512c17a7558774c50926010fa903574916664a70e11a8a63a54a1cdb7cbfa0a486907d07a57ab9af0e69b82d46088e8c3ea3d1fab71ba23cdb2e42e4264ae2c4b4f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57d5e4c3755a87b510b9f8c8ec9184bf2
SHA12ddc480e745c550640fdff9ad7296d2adab0fb55
SHA256843d3ea94e973ebf157fd8d982daebf3d2a3e80d907ff1a49d4d2bd3bb2fbec3
SHA5121fffb105a7e76990fee8fc03aa6bd1f9f03333b43e8916a4d4eb05cbfe43d8a423e56eb7b2f35518dd11b1e4730d6552c82d52ab5eb44aa6799400e7afeaed1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD584b949a8dc402aeb7c961e219db19497
SHA1e785734aa6a2ce2e34af8c99b3708246b9893b99
SHA256241f8cf445d44002a6032ecdc4433ec95c8b0f305806d2364657b3d72f728474
SHA5125e282ad9fe860db3c3338de1984a453f03744cbd10d646ab1dc0fccbf0d633b73ce598bbd8dee608b14bc9b66cfc16793e2054e1912cd19c9787849cd191ff2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cdd718b0f4b68663878971df426e1d12
SHA1e4fc5d22d761047b2f1698ee57989a6b5f9360e5
SHA2569e35452b1264b0d04f6001761e517a4dfd9fb186772ecdd1eebd8b242639ad07
SHA512345d93d4beeac23ba06cbd513e0a0eede9cab7e2e7626eaa16a32a86537297c08cf86ec7e6ba342d25e63f60dbab4d9d0e3e157b53ac4379c0c0018d61c8229c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e795e78875f24dc27ccd7b15abc1a5f1
SHA1a057d96127990968228df1c7d454fb3496342555
SHA2565368ea6d464b49f32ca254471d0eb0e6692a15b5fcdcbee917adcdcdbf450685
SHA5123b40b2d611fbfc08be3ef5eb31c5fb43f84ab9dd355568337f86edcd8bee2a1fcea887e7644801ca2cb98520e62d7915c4e91f42e2211f49b1b68c716f6093ff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5604a376def2e549a46a7631ed375f88b
SHA1cf01a10c74838cb843b638142185cd17ec0cc2b1
SHA256cc29250ad91b97342f5d3398e170e5a55855a44bb32d03cc9b0d776131aef826
SHA5122f07ae165a7297380ee216c6d133bd4a266506976256aac42d40c2f58b689efc38880871886f11c8ddc3c37bd5e4aedf366d7d2a778f7fbe38b4fb9f22b62109
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5664d80f751e37055ad0a8f539cfc6a6c
SHA123c5a9108a0937bf7ef1c71a1f2c90b665efc66f
SHA2569111096305f61483215254b834e815bc3caa41f0fa919187b8128690b0d30f41
SHA512ca61a3109a88790e523ca3295c7825c6b11b3ecb9d4cf602c9f28e217802628ce468511fc4b4be472f7085c364a1df32efe4980321015852ed63fea6aee3c733
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53d65e09090d50619ef88205e42b25aee
SHA14c6b262444d03fcb3c177350889a2aceb4748b8a
SHA2561855d2c7f2c5910870fea2285008c6ce7321d932ff0271cdc5e659650c50fac1
SHA51230f8e5cd6b3ac0855852325a901e1bbbe1cf61656c918b7039cce9120770d8ccbb4dd002cc4d4b66873683a2ff873af4b88f5883b5a7442188370ad39014775b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5be48fa889ed6ff548188de64dd3d699e
SHA15c56f3f006a20eca911d32a9ae9da23cebb300e1
SHA2562cdc194b68c0442dc386ca3715900b79e07d26ce93a9174fa2ef50e8ecf8060d
SHA512290bce970eb0ba9d2ec64fd3c3985904e268085c492cca6e5b9ecd774e8399ebdfeb27c240e1cbc9a8725dbde0f03de237d194dd2a7930401af2f27e8572a4bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e0248a18a9e9bebfed29289e334dd543
SHA18c00cd96c96ca5e5db706dd384150e9cf357c084
SHA25627e807650525d36a9080526878198e58a24ef5e21b7b6daffb1bdd3454b9dc91
SHA51296f1e8d2d669d158576d045c4be6bb28552d94ad500ffea4ebf9f2ba054dfc9a4227c9ec73398b3cac66d84c4cc19183ae15a99b6d43bb7109485919e78728f1
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63