Analysis
-
max time kernel
120s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
08-03-2024 12:12
Static task
static1
Behavioral task
behavioral1
Sample
bb3a6ef8979c8cb72404424e8cfa28ae.html
Resource
win7-20231129-en
General
-
Target
bb3a6ef8979c8cb72404424e8cfa28ae.html
-
Size
39KB
-
MD5
bb3a6ef8979c8cb72404424e8cfa28ae
-
SHA1
f603b5ed4e732c1df1bc4106a87baf633a70cb7b
-
SHA256
5340e636e72e674b8b46cabe283cc369547bb2dc869fc9fbc834112c4c58c4fd
-
SHA512
f394e16a0678b6f9ebe70933fec36dcc51349d72652ecab8dd134fcfeb0d06b3c6b9c48ae1a4db331d15e91d59f05d938ea0207466355bc9e09021269b0c84c4
-
SSDEEP
384:9rk10Gv7rev/i2+np7sEAcMybO46kLIoLwew81FuYFyz9j34l:9iXv4i2+KEAYS46dG1O34l
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001627675a72414468e5a9485ea54767a00000000020000000000106600000001000020000000d11c0d70f3288a1a06c30d068ff4dc4b812e96d8a3b09dcc2efa93a08e337003000000000e800000000200002000000097aff74343c3656dd55e9e669d1b75cea350110469b4dfa3906b3c640d29f8bf200000007a1ffbc1161415feee5e0f2461bbcfd8348ed8bbcda5450fa667d6f6cfbb4718400000003eec8abf70f5361df5d8f78b625da3d050c977e48a4e552dd03de2f3bf2c9f767e686bc6748a77acd7103e8f42553d7286b21e3c4b383d3a12d6aa7701e0c655 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60737ff95171da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416061821" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{22E68271-DD45-11EE-AA09-E6B549E8BD88} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001627675a72414468e5a9485ea54767a00000000020000000000106600000001000020000000ab68d33497b1ab40ea90c6641e4d59c97ea7a3360576691996bd6e261a5574f9000000000e80000000020000200000002c5ef7ab13f233ac5996050d2166a23b0ebf0e027911d059bedd6d9d6afe066c900000008db92c28129ae981d47cf939a176377f4d26a29f4b65c25ffb11c5bc103ccc19b2bba0ac2e573a9ac68ae8481826bc09ebbef1c80ddbcab58c509192d6b6654d7795bf7379065a7053a4caac5145414cea94c6c3bd3ed42d9f4f91bfd6d6b484de0e6b9564bda6f7f394338093d5b38fe21fd99cfab7f83278de611d4fc478fd941474403ca9ff096a36cf83e01329064000000075124e78905ee696172188d8bbbf786ba52f244882e190c944429cbfffe0c79dad1b401afc42e25ae5f4313f0b952c55e8794e7eef3f2bafe5c57e8b41470f66 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2392 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2392 iexplore.exe 2392 iexplore.exe 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2392 wrote to memory of 3016 2392 iexplore.exe IEXPLORE.EXE PID 2392 wrote to memory of 3016 2392 iexplore.exe IEXPLORE.EXE PID 2392 wrote to memory of 3016 2392 iexplore.exe IEXPLORE.EXE PID 2392 wrote to memory of 3016 2392 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bb3a6ef8979c8cb72404424e8cfa28ae.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3016
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD537e0e588f3e3302d78753dbcf5824e80
SHA12f55dfe3cf0550d67e7cf0ad3cfd0a1d20934fb8
SHA256e2ef3498426cf9bfc58badf11cbb5b6908874e0903f352fb61455a8e7f51cdb5
SHA512e87429bf7fe81ab55b441986d193b324eb90e2055b57baddd45afde368fdd0f110be4f6cf7a129a1030462260c1c74c4cc995de51e108b67c16de12d9bde768e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e41118da38e70e17d6d63f35a18fecd5
SHA161e984f585657d52b659d6783b3c32df49bfa31c
SHA25657dc29452cf14066e4878806aef9881a137a2078bcaa93fb5dfd8b214038e8d7
SHA51265f74a47ba4ab2eb3a3052d4202278e20bb0161e630f66f5ec015cb0c1d2e90beeed812b524a5f114a0f18a0ec902a12ab62f65df1e95bc1cf1666eb33deec92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5295ab825411cbab5e4bc5b546112235a
SHA10334fcf7a0c81b2a5735098c8df6a87f3db0cb2e
SHA256310b7ac3c7be08ecfe62936a7656192c9624f17149bb52646a7cefd0322c4ece
SHA512fe27c260c6f59033ad1e135a3ca849e8b127612f795b64382781aa61c6705fea8809fa16d86af9cf2ca2ff4470af8584597e1c9350032b8bad72171405f0a916
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d6548958cb29d7f5bb042a1adb5b8fdd
SHA13c99117743b05ad5ca4893c09689742e85f1780e
SHA2565b024de476be8c7d6c00bc89cd57e28a901fbb9c715d757ece1d7c07051a88dc
SHA512fba8c392af93dbee7178c7dec36bafa91eafc2e01bac9f9e47f6b8ad4672d5418c7937ecaf536005e3335fc2cfb49a4be82cf4055b9ab73444a9fbeb97368a64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c056ef14ddbc76c53dda1b4149318fa3
SHA168c1a2343aadfbcd1a08e15ae4853c9433cb310e
SHA25657629b82649be708ca382f3c5c8ae3bd6ab60c4f24ca04528815b8910df0deb6
SHA5126fe57ed4b5a28407679b390db8a78671afd6a6f93f2d4289be82d7d8940540cee4f9b30a32d14e147f36d042001f508cc49efa9e3c2ad371881848caa06da098
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD500d9ef3a8dd2a7c1fac14ab0592b3e06
SHA14327c4e4e58595f055eb7ae4770fd4b8e3bd5edc
SHA256278ad129489abb042405e4fb2200f2c0618743c3459cb1c3df002b15dd90093f
SHA5123236cd3be6967db3eb010f5e7e18cfd47530544f80c80259ca2c34deac35dab7fe146f8da27189aa7e11690fb348e78f14119a0573ce1f7e81e3f2e4763e0ff8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5baee969afd0ace751ed2f2a92a5edf72
SHA190fa0b69aad74deafd9a7179c08e1c57635271cd
SHA256d0198d8f1cf716d4e59ac8148a5533dc9fc6117e137f16d73fc21bbbdc2220da
SHA512a542682102c438f4b78ef85806c456e326fbb61a1c5428d2b35ca74099e3064e329297b04008b383588cd7031f90ee99624b26e80af8a51577833bac1bef3da2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59845ee687ec5919dd4998a7b43074501
SHA1864649e4d2d944c3ac1416a76bcd0bab7660b15a
SHA25678461d462125bfd5ff3a3703d11dad43349cc9f3344b976f3a5bb73c8b9ed5ff
SHA5120ba40b89c93e5dc6d0e26c2f606052c788467f5ed8c6670bdb592cd4162aebce6db35117d423a74c18f4c2745b60f316d6c97e180ad4b2f01ca51be29649ca9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5065ec4294926aadfecb908851bb68e6d
SHA100814a779cb4a9f9b9f38430780db9623da3a5c1
SHA2563642b5e7ff99ae61f953874863bd2ba930bcd0c906d20b617a568d913c1e40ad
SHA51246a719d0f9794448119e03547384e8e92eda138ba4979282b5c8f49e35892b88fd0cb9ced956239fbb33cba5b4468b01cdd85bb7419ef83f577745c4d1ed437d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55347b4242ab0d7317ce44551b973e503
SHA1faeadd03015adad8524d4ee3c3682742b5b12a38
SHA2565cf8a2172a98c7a39a7792e995525030f917d2d27c15288cbab140c1794f5ac4
SHA5125b9f151b52a9080412a757d68a5a2924aeafa5ca694261ba45ce661180715c0212869da165c2fb9af2da03a30e85bfdb03cd776bc135a064b413cdbf0868d85e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d17643e6c6f99114abbd4a9f3051040a
SHA14169abd4d1361b9b1d51c0ba474ac18bc30e1aa0
SHA25665dbb82eef3ccee2402b0e5c68a312b5d99a2a182ca9e3a674fdc9ac12d3b9a3
SHA5120655a1975aa957938817d3d67dd5a645a8c05f878bb4c48e537184973beeecb50235adf4f6cb4cba5b9ee14b3029d0b0aa54e3d64c3137682b697060100c94f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54c07ae12d42162e8eac1e48fe00a9ffc
SHA1d4b800cebb624b0e1ff28463900684f3d842dcfc
SHA256baf6462e2a7d83a57294258ae9920a13fd1e30eebb477e3e4a2ecb7933288365
SHA51292726fd6032807d780f3e04dd481b65fcc391586b72ad68af7b49593d16c6a7cc35d6c23d26b978e65692836a180da123b4bd05ee3a82af7197597b02d79577e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD512a4fc1ca2765852eaa1ee6dbdafff75
SHA1e1eb354974c66c0c24974338f498f2ee37b6d602
SHA25600e353133e954de3c0819304e845a2dca01faf39552fce0aa8e791545883d47d
SHA512c6ad1e17aa4826b120a3e2ec313919f60895bb45562d6def6a3cc65d934d44ff653c52d644894eab97e60a71d87e3dd9f23c3518a63412afe0e008fc55205e85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD51999a26160e7c405f20d7f51372983dd
SHA121dfc61d741eb94a99d18be30055718756feab6e
SHA25626b5d056a9bf3ebc4cfbcef50b1901fa4b5cc748ab723f58ac78ac7d39e2dc9e
SHA512c4ae36f4381804419b4f3909e345496ec7806f2d605637861ae39c51204bd5cc6feafb4622cd758b662daaf39e3d613e0e14a41c4bf3286fba7001ab5d654407
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63