Analysis
-
max time kernel
137s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14/03/2024, 05:35
Static task
static1
Behavioral task
behavioral1
Sample
c7d0d7b6b81483cb8a893d36e4fa86f8.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c7d0d7b6b81483cb8a893d36e4fa86f8.html
Resource
win10v2004-20240226-en
General
-
Target
c7d0d7b6b81483cb8a893d36e4fa86f8.html
-
Size
53KB
-
MD5
c7d0d7b6b81483cb8a893d36e4fa86f8
-
SHA1
a2d9b42088ea0751184fca799ecf8c8cb0441746
-
SHA256
e018f77842490c1f3608d84b21361af63ba3fe5fe8a1e029341e10272d4c1f1d
-
SHA512
aa9798a444761be1f6cc4dc8663d4994224239029262ee6f47ac9abd3b3c5d5d7c35988f8a1b001b4ea6cad34bb001e4aa3dcee878887e5dee95ef3095ecdb7b
-
SSDEEP
1536:CkgUiIakTqGivi+PyU3runlY863Nj+q5VyvR0w2AzTICbbloB/t9M/dNwIUTDmDX:CkgUiIakTqGivi+PyU3runlY863Nj+qk
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A88BCD31-E1C4-11EE-A73C-EAAAC4CFEF2E} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000003aca862136765af02c93794032eae4f2f8bbe45c187849d95a2d1ca4e01f8ae1000000000e8000000002000020000000d28ddfbaa1b62cc1011c3a8b102240b67dbd6dc6710e6faa3cd336b2958d5b7620000000741b7e94cd77e1f6da3509d1432354d33133296e3b35282edbe8b643ccf78a3c4000000078e8ed477df85f0f3ba8ab4dd8a10f996d76652449483d2a6adc2a5a4d1bfb424ba2d99d7c2e82796ca93466359e015b2d0db53ae211f60c54278a852df51d8f iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000f18b8969e3a0332d0e7ff5f440fe38c8cec5991825fd417d1dcc27a321306fad000000000e8000000002000020000000dc87ff9db4a3bd4439c5c049c3991d00752da531d1a6c33a8e46814c5ac4a960900000001e949e654cdff5c8860d7296463ef5aa9d8b0d4d46b9ee2f68024596017fe6585d70899e67ce6ce6a013c8ead2acb678d5e1b6ce6edad6ce03629b0839ed686d198d894a1f805f1e27e210b7e5307f5e3e58a348ebc383bddbf44f0067479df43f69d6ec1f547fb4e837be3ec81c84896df4e1acf89a37caa5b1b448f048caab41af7d44fb9d40c69b9a4f90800e2da14000000030caecc478616e07478090e843a047218f54e9f0c781653ed2e09018e6c8863649126934a5a7b193122847b9370fd66a978a2cca5f1a2ab9823ead6ef846287a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d4ba8cd175da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416556396" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2332 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2332 iexplore.exe 2332 iexplore.exe 2692 IEXPLORE.EXE 2692 IEXPLORE.EXE 2692 IEXPLORE.EXE 2692 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2332 wrote to memory of 2692 2332 iexplore.exe 28 PID 2332 wrote to memory of 2692 2332 iexplore.exe 28 PID 2332 wrote to memory of 2692 2332 iexplore.exe 28 PID 2332 wrote to memory of 2692 2332 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c7d0d7b6b81483cb8a893d36e4fa86f8.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2692
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD540106b6e952188ac9d1060df8f353105
SHA17a14f791ae1dbf3d37cbda9cbdd7e22d7066267c
SHA256f33bfdf8a67d1e734079cac30f0240d89761db8369f30004932996c578061a6d
SHA51220fc608804a7fd47615be8edb0d75a11796be6b9af7f58c637010365fa0ad860f03ad82dd14837e0a7d188e90a07ec48a36144f8d221a4ebbeba430807020a88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58b608ce35c9f441016f13d5dc1434a68
SHA129c81c9dd19d414d4725cb492c3e4f6f6dfec760
SHA256f25445c3fe6a0827b19ec0a8ba12247dbc8eb6d79875d092c6f1cb2956daeff2
SHA5126e68d6e9be027b745f1a2a31db3ee1956287ae627fd9082e6e4d940a3bfba6e76fef24c3394ce31a5fa55380b895569802e742fa4593c37729c1d6aa70cf5aee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50684d5c8a26d6ee16ce63e0a7c83f137
SHA157ec94966086048aa09a7e764b7b63ed36aac5fa
SHA256a49adc8a779799508177727dba05d9af3fbe778245fc53b22acd239663db6176
SHA5124154967bb6665afc7e5e01c0f2c0741e39abc168192c9460ff939c5647ed9d1e9b6f9bdb166aac1732ae8e78eceabf76ad404d24083123f6e78635ff602e5001
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5514b06a3b6e796994a8aacfde1b0b63c
SHA1a2cc3736c039f189bdbbf985131ce55e4db198b0
SHA25619dc9057b23ea5c3056af22f9bed1ecf7b9557fd60ae634767e7649db3a48bd7
SHA512b1079f446e50e6dcf14cdb0b247f771fe5b312e122b1e23d653a31b8fcac29f2492fcdbb523b4fb5b8aa9ec9a7d8c94142bcde9a64ff362308286140abf24e53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b8708333c2c0d5221067a4ef2a92b1cd
SHA1ac4cf042da5c5c8b3002ffe36b90201d0b192007
SHA256389f10eb2498889b6656f6b5721fd508b4cb3d137474d5ff8f0f2c92881f5f54
SHA5124c498e19ca9ce76618743aa85721a13fade0b38d24dc823f9209b4d0d0f015a8f3231f77e32c732f308695f93fd38fe054d72a37f4b1258ff2125cf51bfb4ad3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD590c95415a4185c7b09bab9ff64637b20
SHA19711b9f2a1da19177d4878e92d78f9c93bfdf570
SHA256a6a102e3795957d48f25202d552e6e995f295b7aa2c0f870dd5e943abc003b44
SHA51228d550b7a17043e86070f3853364f14f33db475e1580dfb9a511ba67d1dd42ff3055503582b4f27616e0687e55d28c17664ba9b93637e469eb7dc62d503969c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56b03b238adddb071afdded5d6cac7f60
SHA1c3c1175eb21d5f88a12ed3e2c4346b1e27032907
SHA256ba96ee66e77fe9809c8a16eb6c4a62f4bbf934d4c991a636c7b1cf8b26d8dbe8
SHA512c30c353c8f0a1323745fb1022beb654e1610d6ffde5e26a2f2122fbc0db782d9572d4b063b4e0823ac19aa3ad29558d1543916df9ababdd977893b8e2460a29a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57b3a4cb8e1bc9b738c1c2811bceaec29
SHA1ebd485dec9644fe9173aff70c5a44fdf67330ef5
SHA256744c117c8a496ca7c5b7e0dfd04c436b9334a92ad51680f101621538de6d059e
SHA51243f27c8ccae4cdf906791c13feb6b53ee92be62725729b667c7bf920fde866980e0d37a590c83555f9cb49883fb487ed6bc096e3807a0098bfef05e103742faf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD571b16872b4245525c097b154eeb27a15
SHA1acf8eeb08817d479dfcfc8ff8c62b22d4c1b8c6d
SHA256768d87e3d696caaab4bfdc003af3b1379f9e00f2ff93fc0e8ef32cdd097495c9
SHA512abfb8063eaf1229cd47e965fd84d50636170ec309a1de6a092ff4440324511ef4353186169453c11824b9fee3cb88e7ff641400de15ee285095c6f856aebc9ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ee601e1b5d827db23d345b69250341a2
SHA1367123d6185136bf6063791340aa8d46051a0008
SHA256e073cbfa2b4a8a05d6e496762985a233c17a89c90c0e0d26357c65fc6f774114
SHA51220f58849ff1027c8ebbcd8bd104550d1b45b77fa0fb278f88d9685f217dbebef7f60c6427cbc013f70e0e648b651521e7f771f109fbfc3d5f9a017ffd27dd8c7
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTT6L9LH\style[1].htm
Filesize706B
MD567f3a5933c17b3ab044826d3927d0ba9
SHA15957076d09bacaa6db8ddc832b4fd87ed8f05f8a
SHA25697e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64
SHA51203ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63