Analysis
-
max time kernel
137s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/03/2024, 18:18
Static task
static1
Behavioral task
behavioral1
Sample
cc18df4930a324b971ff58642bf153a0.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cc18df4930a324b971ff58642bf153a0.html
Resource
win10v2004-20240226-en
General
-
Target
cc18df4930a324b971ff58642bf153a0.html
-
Size
2KB
-
MD5
cc18df4930a324b971ff58642bf153a0
-
SHA1
0d8f93fc6eb1501453366b4682508fb4737a0746
-
SHA256
4de0f9cd28c6370055ae73fce2eac296ca00a4d2e3469f7d7c12055408efd870
-
SHA512
0939df3552a8a966446ed3665f591c8fe89d1af2148e99b20e4eb5ef5eff9ba076b47169e2d91572aa7cfc295f34ceca2488b3eebcd875b172b034dcd298b427
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e024d2340577da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000009fef08d19e19b6aa63aa68daf73003185d222354ce5fcb648bfef066add0eb4000000000e8000000002000020000000c9457f2e220215a13d1fe1e880438c243d90ad01f1442eff8a5c6524e19a8fe4200000009172bd8110bd0eeeececd9a2900c03c2c0df25d1ffe4bbd91cb9032fdfa7dee64000000093edc329287efbb3d3cf53aa6b47948ed1513aef3f2fe9910d8d14dd8096cf1db2cb21aed5489667ecfdf7a599ba18fc39d7ae180afc2dc3e55fca3800ddc49a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e000000000200000000001066000000010000200000001c8eaf414695f12d33bc2381ce8836f42cc193dc816ea788e06e26f916f62619000000000e800000000200002000000079bbc44f7b5b6e3265b2dc6b9ac1f804b8f2c4e4d7b3c3e6d6ad39c415fe06a990000000ec2ac0513bcab6d8c40bf6ee9e4bc67ef3fb0d4bbf146317ead6eaa7c68637f8c509fea9458cfe3c161eb4c40eb0047f76d9b1309fd60d5ecb259b2c85f4dbf74f5cae68c01b8bfe177da11e50738680f9f23082d1b5da4f0d32b95c57cc54def67a31dcb35a9861bafe85462310ec9cdba9f4ace591590dd3701e9a4511a56989b7c849f84781a6870305be319424df4000000008840db04cddb815d4a4ccff921da05195853351b6e1f2eb8111f2dfd5bd01bfbe67b74d8b8fad6a817512b62ec6fc3d667e3862c593d5990836a81e52392220 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416688554" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5C575C61-E2F8-11EE-B1CF-5A791E92BC44} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2164 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2164 iexplore.exe 2164 iexplore.exe 2264 IEXPLORE.EXE 2264 IEXPLORE.EXE 2264 IEXPLORE.EXE 2264 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2164 wrote to memory of 2264 2164 iexplore.exe 28 PID 2164 wrote to memory of 2264 2164 iexplore.exe 28 PID 2164 wrote to memory of 2264 2164 iexplore.exe 28 PID 2164 wrote to memory of 2264 2164 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cc18df4930a324b971ff58642bf153a0.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2264
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5980c349f930e6cf9af8dceffa57025fa
SHA1d3e9d9d16577738747f63c8ffd803f4c0ed401eb
SHA2567c4449d4931386b481a6ba8549e5e713375dc406792aeedffbc823ce5110c403
SHA5129be0ce6199be2131ba3367216401c020569a4b51ae313bc7d0007d51149c6b389872de9eb47ced3f3fa6549e43a237e38b099d0c64fe1b67f62cb61e23947fc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e1ea45d404d0fc278151816dc2205249
SHA1766c51b013a253d06283a63ac4851842f977755b
SHA2566da4868b245b9b00ebea1047ab19094736e9f5b7b0d9ce5b88525d774a3ce02b
SHA5127bff66d6d598d8fbf7362312f41647bbf35ff2c8d7297d1fd038afd568d0d3b3365ac5ace722fbaca4549d0605e61d97de939b1721e7f1b46d0dc06c995fdf93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5825482f07eedc4ddf437c4c82672bad9
SHA13c6d009c64d0621d70a2ce2b2917abab1d001958
SHA2566a39d9aafc265a7d9ddaf6fe889550ad863881186c9d9b373a4eb9a02ba8e8eb
SHA512010d90d5f367725f541797bf6d2ad6c9828ab1d27757141b436f344f81f2b621ab14cd2da8b229fd948fd549649626a6388fe84efbf28e2cae03683851a4773a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56db6bd733152f4c089a46451d8632cd4
SHA19323006c523096e885e3786fbbcb9918b326b237
SHA2562f15f4ad5b8650339c8dc5b29b5692e32ba7cdfeffbf92498a1d62d2cc07c841
SHA5121ad49a50eccecaaab27fcc99154a48077c1b41bc10615927b0ffe88811e1a805ca4ef820fa480a3202779db58c36abe6f4ee3b7e4a72b5d45879b0ba2023d40a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD536aade62544a434f275ac797b87b0bb6
SHA149d7c51fce0a4432c1f215168153cfffeff066be
SHA2564b349f61549f5afd8f29535cb8832d5c1e90292256854ffa75820cda427b3624
SHA512dddea2bec9483ff8a0d4704b1a50cdeee95461fd2c56666ecb02b792fa6bf43a33f5920a823b02e8c4be89eda68ba332bd064fd83c24dac321b6afce51a133ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c211497dff72d026afa70969f772e02e
SHA189a8338538f1c240d6e9e9a34e2dadac7891fd7a
SHA256b1e8abfefb3bb748348dcf84f0bca300fb27e6722e4c466be209feee4be708c0
SHA512befe89c5b498f68aa414f6a77cc5dbbd0136ce77032543d5a90797af231beebbf0c3eb2d7abc8de6f94bf795591408e93ea57173f361edad291979b0e788d7b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54d9a135d56a245d7435686fc28444107
SHA197869bf7da68525f6b7bfdbd161888c3157f4416
SHA2568a70f0b3d5cce31caca281a6665f16e8798d6f1ebcdbb3b3f3158c866668d54b
SHA5124eda2863c32ffad8126161cdd971d60f53830f10da19493514755d4cb44b3591a583f62ec9da012cec6de03637d23a9a661055532483e54a9125b39cc26c9cd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD509cafb381272e95a6e28d36d2b51b449
SHA1c56f6530746a1751a4280e4ccb6345d2de00f0dc
SHA2563d80efd7791d66e3caedf32633ed891afba92c6b1f76bfb1e094ca4cc96d276b
SHA512b16cebad98f02b127b2f75ee35ce3eea8a15d25aac3872c54655bbe5730b2791078cf9e7cde38dcb9d6b56490ba626a61c0a0b9d94e4f5d1a30b4aca9cc29850
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5964cf4a31607f81a152f7971a409995d
SHA11924e55dd229e269a1eeeae1ece431f0464c3961
SHA2561cd8bb4a3eda0f706efbe5f72d7522180b361046c23cb10271e0c7016cf2d6cb
SHA5121cf475e88e6e93ca8c8ebe1b4545925b879276cd5b81233c9dff43a6602b71e4024b417c7962f8fc2b62fd2cbd3aa207728147bd831efe86963d9b54a9592483
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63