Analysis
-
max time kernel
118s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07-03-2024 13:34
Static task
static1
Behavioral task
behavioral1
Sample
b8da6afcb45f23461c33b01c5f1a8170.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b8da6afcb45f23461c33b01c5f1a8170.html
Resource
win10v2004-20240226-en
General
-
Target
b8da6afcb45f23461c33b01c5f1a8170.html
-
Size
984B
-
MD5
b8da6afcb45f23461c33b01c5f1a8170
-
SHA1
417c79f875a4f4ef0cdb9b0d99732d822bbc631f
-
SHA256
00c49c9cf9ad57d8a75c230f956d31ded540c480f549100426afbf8dff47efbb
-
SHA512
e5f1e8e6a4fc052ddedf42bf801ce4846e3b575d5aa202f916ba9b46e927e9b7bc10cd11765afd4306c69daa2787b090d2ae1ae04716c8342f753f7a7ec5995f
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415980326" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000007d2613069181474912762968ac23587864d9fc01c4f892b3e65e20c831f88b0c000000000e800000000200002000000028b1559393e1fd275354c65bc9bf5341640e53e14d4ee3334ad9c921755f582f20000000bafad1a1f393104f6bbb6da6a967741321c0e7a5d63f1c7d584d793a086a94ef400000004edebf939cfe7b5951d163018b03832628e56d59fe9d2cd6c7bd6bb4ef45e002499e55d6367fd93090d98fc37bcb439be2e5cf1ced1b0d8926d0b0ca3fb178c3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{63EBC6E1-DC87-11EE-9C59-EAAAC4CFEF2E} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20fe0d399470da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000002ab1a6ffa4dc237b36fcf3acd6b8c49599f7a9da86ac2a8191e5ca28d0b3127000000000e8000000002000020000000be638cb7bdd2c6ccea59c25769300d2429bda049ab08081764b68fefb04fff9890000000b48a806239533efb3339831ab66b675fe2a0be15eeabb41468feb64ee6d7cf987884f86894c77adcd4a1fa14546766d6c05167f1a62f0d5ca77733f80e7b781f5ff2f59f63f197956b07e7575e067d19b3898f932ab361ca05cf42bfe7bf9200eef4b39a0bc977b61c0362f12d6272208040276d91c5895f5ba765f35c4af1d8661b4c59d790c9be567995e73a6a6a0e40000000a761be3d79d714722642d1d16c9bbeb672f6f30110891508a2b6d73a1d982982012d62d66b1f607d6d64f146f3abaf68b97db4039e996a375702b1036249d424 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2004 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2004 iexplore.exe 2004 iexplore.exe 2308 IEXPLORE.EXE 2308 IEXPLORE.EXE 2308 IEXPLORE.EXE 2308 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2004 wrote to memory of 2308 2004 iexplore.exe 28 PID 2004 wrote to memory of 2308 2004 iexplore.exe 28 PID 2004 wrote to memory of 2308 2004 iexplore.exe 28 PID 2004 wrote to memory of 2308 2004 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b8da6afcb45f23461c33b01c5f1a8170.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2308
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b5224ae5cf1535c645ab1ce2d00d3ee4
SHA1ff4d1406adeaa06f26b38cb13c89db412f88225b
SHA256e3dc859a45433d53099d820ee05f6eeaa05aaf1d15b9654d0e3bfdc40c3cadd4
SHA5122c25ab1e609143cd0c96abb24b8d587ca2427b8cc87516d0c26b681ef902bf350c22b1156c77251341bfd334d1f5466c5ad58710fb617479fa5a41fb42a84718
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57a84e51474e9d06312d4b9acc53c099f
SHA189fd8c04832a3be14267051c94355f6d08193d85
SHA2563446078c8f071501f4d80bf8b5b571a877ea9965714a744832ac7f152b82660a
SHA5122b4949ba2f23763026f197c226cdc62a621c4951b0113a82a6496bd8f68b99390c3ba665c6691e9f0adbfc7dd8a3efa348097128b4dcc43c4d55075dff537759
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5137c0d2ff5280e9b126e051e13f50571
SHA1de07bdc862617d038f80424ee7b8793515e90c76
SHA2560c8014b70d04b1bc9c7dbe62594030af0b479483cc2fdadd14a15df79b432ec4
SHA512cd1d2ff29d9c45819d2b64de1dad0ac1200e3bd4b2bec624ad76836c5c23c330d3d1ab94cb483657beff2e0a34b5cb49d58f6a218d215cff3ab1f192d12824f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f3bbda1a81e7d327a459b12e6992f5ec
SHA1639f7806362d1268870b47b7b34ff77e84b58794
SHA2562f1672251921e5e946068a00a7deb751635dbe74bb35859dc17c954617985991
SHA512c25603a5b333dc508066ced2dc0c5b8c5a675c3e0bbb69574709ecdea8b96fcdd89ece95dc91175a16593d2bca0a9eb61c73930ad4ca388de5a6487a363a8f05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b6740284a322c5677ec522cd4fe58557
SHA18ba8c91e8669b78312cc514227866fa1b2a3c645
SHA25605dcfdc20ca52ca6e04b842c7503da230697f5cd46518a8a9513d1088c796243
SHA512348db78eebe75fac1416086093564846ac5ecfcadb1f9ba4ea09aeabbd327682dcc599f3c4d84827ed959ae7b97d632a0fbe9ddcd7246c53a035869ee395e9e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD587ad8856b7b4ed93cf62480aaa57daf5
SHA1f8cc91ebee010f0bfe6b23e864071d407136c2f9
SHA2560640343ddeb52230767f861c928af5a1bbfb9ce8cad008df1bf31a423b1985b1
SHA512a677852b5754cc48788e3afe52eba18be9be145dd825185e8d9434a9cb9441c562a61cc7a67ee1a98c8858442121df5fafcb68afcb52eb1935116ceaabf1459d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD574f8b62a94489a57fbf22f62233b84fb
SHA1160eed9008f04fd84eb15e3af3d318ffd203b67a
SHA2562a31bffe56e9483ec17b024b9c66a1a188ce8d04f59e1b95205d6d3c85d1aa63
SHA5121e33d368b04d40acb962541f824980fa03f8dc6ecc0ac1b40b760b18065004e4d6a6bd6cf54e96aaabc41d637f0d5a57fcceba1ec2fe030ac679af9beff6e353
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54c989962d2fc8e78cb62270f7082facc
SHA12a2c878140054e34ccc0aee73788d283ee1290e7
SHA256426ee041ebb425228593a15e7e516f82b1bfba0231b09a801beef33ce01184ee
SHA5128e0d6d5784087774b9cb69154b227123f0dbd0cf879e8049b8b5af98480342752a00ffa1dfb0f8caf07e612ed56e3a6faf86ca9d3acd91d5c5efca5ac2736f32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD584344e80d49d655d55c0af9431156ca1
SHA16492b798e989d43d8925ec460f46677eac14594f
SHA25678852b5cce8cc3aae88ad01ce72e532ac32e1ec94e13c4c0733c3945ff30ea94
SHA5129a0d0ee8bff47ea69004f7179380de26c0767ec534c32c9d0e3fddeb1cbbba1159a2693caf199611064049ebfc9e722246bb301f459f99dd413eabc6ea3a95dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ccd368e7219b079005a2e07c6b156ba0
SHA1f433dcd227adabd1e229cdcb5f917fd0d25acfb7
SHA2560df2d588c18cd7e16699552b4bd1254d22a453f0fdb6f9cc4d3101e3465a0e1f
SHA51288f0c2f8609bc4a347a18038d690aeaa48348173e539ada17705f2e32b296fa56ce2244666e5ea325ca79ace6181f1b0f9f7b9ecf95f4f419b0063e0e008ac8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d80b1701630723437d1f0d05d5bf9f3a
SHA18c229e33436bdd7822876ef79029101e9d665bbf
SHA2561567e9a94517d5a18e592e88098773bf00222b9e18a88c69b325aeb6efe1473b
SHA51279d7f5f38a25215abc09429a1a1dcd89d95573ad38f503b616ad37b9a9095a925a90cf52e7d79b390e452b36bb0ffbebe7a24fd85b3103912f4b30e6e6794bf7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5fd841a411d2184651917d9d88fb64db8
SHA1fd4c5ab11bb334df0468fb63afe7c227dbb55f6f
SHA256cb225d83c4ddaccbcff4173bf413b140c66f0c4d80ece403ceed4e01af329ce8
SHA51269bd2a6744624b580f0bede2f2b94326fcbc4eb8f6a4c7e1eaeb07acc505ca7659fb0efc6d59ee639bc227a7671dab12f25e46451d8019a3dd49bb040af5cdaa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5630a82d024470c48a30cae2d9c9ead28
SHA1584248e9090c3d9f6333dd976942ffc5d64c3771
SHA2560ac29384e8ca0e8b35a93afc2edb17189e13b915d629ccd3918d38521b9b6706
SHA512e7f0600255c0b6d6389863ee447354d362a0270ff80ef771849bbe65816192f2ad4e7dc5b1284895ce4e721253ed7aac0aed6066c8ec6d3e270af5b73c9da95f
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63