Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-03-2024 19:34
Static task
static1
Behavioral task
behavioral1
Sample
cc3ef93c52f08ab34352d7459ae93e29.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cc3ef93c52f08ab34352d7459ae93e29.html
Resource
win10v2004-20240226-en
General
-
Target
cc3ef93c52f08ab34352d7459ae93e29.html
-
Size
378KB
-
MD5
cc3ef93c52f08ab34352d7459ae93e29
-
SHA1
45260766ae2c646a7f70f306a75cf9fea361b446
-
SHA256
77d24ee04e3d753093ac0f6a5dae68c5db30d260b1239633b7bc265923db99a7
-
SHA512
739526eebc2b9b842f6d607d0a543be70558a2e3ae8757a4f9f15041a422379770bd0b4a48df85dede0b1321b22af833b3b2c4c9581461c70e680bdf7938a28b
-
SSDEEP
1536:qVSWZQWyNAdJQsEaMv/PYEqQ1zCD3iRniKudm/1XT+DQKVMt7cef:qVvZQwssEaMXPhz5Rnt/1XTqQKfef
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FE72DBA1-E302-11EE-8B51-D20227E6D795} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416693129" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2696 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2696 iexplore.exe 2696 iexplore.exe 2520 IEXPLORE.EXE 2520 IEXPLORE.EXE 2520 IEXPLORE.EXE 2520 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2696 wrote to memory of 2520 2696 iexplore.exe 28 PID 2696 wrote to memory of 2520 2696 iexplore.exe 28 PID 2696 wrote to memory of 2520 2696 iexplore.exe 28 PID 2696 wrote to memory of 2520 2696 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cc3ef93c52f08ab34352d7459ae93e29.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2520
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51d0abd287868e02462b07c5bf32b2df7
SHA1a646e9639a4ee37fce4ca9a401a1465009ab8905
SHA2564f0840c1e263b530e36b9e95cdb0af4c0177e2cde3c9793001dc99e9d997c190
SHA5124f1f663da144b34271c75b8d783d59fa4193ef8e4f750fdaa9a1846db47b116cc9f90f96665107d373331a5a060607c8f04fa4054fb35afaa3ebc7b8d128a658
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d89b3c138d62956169bca29fe8b83b09
SHA1ba58844b64d9b4eec00c9203c466c8f36a8c77f4
SHA2565458086be6ffb07af409395d759004b74130e85fb49dc70b7a46c374ed39ef25
SHA512f213b3cae31ddd1841e7c3998722b5d8bdf480fbbc7df62eb88be492a155dbdedac376c49acb1966db61aeda2ebbafbbfeff797e717970c89815d7f20aca2169
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD509cef944545717041ef038f40b232328
SHA16c9cbaaefcfe2d8c32376aaf6a6a058528ca330e
SHA2563a0dd29aa9e60866caf97b8fcafbd6b35ee9bb06bff560a012f07150c6e58935
SHA512b1b11b96dc6fdca4e2a61e038be95ccb85b00e20a36a1c445e3c2ea5fa426867aec1bb9299d2455f23e2a292e90e70677f0320ee015a3b397fa0beee85f277f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ad255ab933a0f6898db07288ab76f800
SHA1133df76f1ae25ffec4610d338c4c4f7677e1f0b8
SHA2562b7bcd2f963ef9cc71a6de8278518f7a19ee7312250cf2ea40d6e9d8274421b3
SHA5126134a91498f84cc2dd14aca52431e140b5b588413ddac0c73c42a62319d0bbeac6c9bd3a7bf1b978a0a2ff2e8e902823d6cf3c8c95574971d23f3b4ae5bfe3d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b6d553c5b740c4c32def7771e1a86f42
SHA14cfd462e9ad7414518fcb6c00cbc641da6d5a55a
SHA256753b6014bde5b07cd2b3d2a6a66ad4e2a893548fec628668f41751237424cf8d
SHA5129deabafb0bc409ab730960696de80dce83cec1cd6605fbf7150fb9a529fa20a8ac93af71752c2c2c1ee2c65f2b1a42b6e90812f60e13675d6c66dbb444bafa65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bf779490ca7ab9ee4257fd0774cd3c1e
SHA1809a1442e46ee94d13d0498a98f0d6fb468443e0
SHA256b0f8cd1f066f2a4263b1becb47bd9477473b5737e35a7ea28c616017742e6953
SHA5129f7f150d3caa8dcc5c51fb5f9a1d12f3c1be1c63db7fc836de73885afff496f5ff205fd85983db33d9fcfa7858cedee15aa31d647328a44591220a1cf21625ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59a2a91428a323796c3c1e986dd4658f3
SHA1a14654a372644dfdccc47a338223bf4e256fea13
SHA256ffc7b26555cf00a801b21dffbcd60915a5de26d43ec6c9572dd1a1466f573329
SHA512325546d669a322223b7d967c8ce8a887af95c8bb2128a43453f1c73c78ef5c0de39cbe6dbafac48c1928560aaf661b20375cdbd58a814d0b6ae92adec6e714f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD512af194b18e30bdef2e36536ccf47f12
SHA1451c84f55619835de4f378c9889c5febf874e8e2
SHA25639b2b85edf3b2dbd855435037ea9e13e4f9a9f0fe163365613df664069f5395e
SHA512d44134d3dff7f60fb3761d47f9af75a8c50bf5329cc8cb0321db88352fcf920e18ad880beaa0f582e5702f4bfc3f574bcdf32a4bece10bacb0cfd439086d79f0
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63