Analysis
-
max time kernel
136s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10-05-2024 15:32
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240426-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
345a565c47140636578b3e755530e85f
-
SHA1
a0266e8bb886b94495aba6660c89bfcdc0cb87ed
-
SHA256
f30081b5e9a02eba04bbab52d4d466ce30a21e1187251ed6ded1ce5fe706ba1f
-
SHA512
f651813a616ba5b4e89f35b35786c4fe67d8abe0a0cde2e44cec7b5838441b1587ecf6a70007a5d10f4936169631ba885af7faf023d730415c54f4fac866e789
-
SSDEEP
3072:S4Jur9UtQl9g0WyfkMY+BES09JXAnyrZalI+YQ:SglhQsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90FF0AB1-0EE2-11EF-BF06-56D57A935C49} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421517042" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1252 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1252 iexplore.exe 1252 iexplore.exe 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1252 wrote to memory of 1904 1252 iexplore.exe 28 PID 1252 wrote to memory of 1904 1252 iexplore.exe 28 PID 1252 wrote to memory of 1904 1252 iexplore.exe 28 PID 1252 wrote to memory of 1904 1252 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1252 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1904
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e669058958ad86a504e72dbfdf72ec11
SHA177e7b87c244672ea7b40fa81f14d115ea8dcb826
SHA25616f870761dba0375b7b3610a02f0c745068792fce8388868d2a13e1a0b22c938
SHA512e711e45ee99cc9b3f1a7b97dedb3cb6a2a60bef548a2d7390f4de7e0f72d5a55e44fa964d3a8d4748bcdbd86b88e1905875023aea7fa9f2d374920dd9b26ea31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD506ec7c4d5ca58684fb2f572e0be86cc4
SHA1af1514ead07f11b57292aaf5111794b60d183a9d
SHA256e9429ae81b448f71d6255e59b88d5430c78a4471d273416d79c5e3d00293f91b
SHA5124f2fa388914dc804b760c7fe8c1bdf3c44b65483c85988ebbf2f01407c96cbdd93633de345a5fab3bd085c51eb30c13aa8df4ccfac0d462b962e78f0f7d535cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD567f61c764b9e5ad5c66d7366e0c73766
SHA1fbc3888ef6085208584e0e5726e3db16a0de10d1
SHA256b9d7963816cec0e98bd1249a38dc325a0d2c6e43eefbe11f885f1e96c39eb315
SHA5123eaa5517f0200ae90fa874d92e47aed82935a26547525a00e24c8f7b494637e9a84143d6af71ce03fe3a316a71b84880a3e0bda18dce8ac3badfa698fb724dff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ccb162414d5a2778951d36d1f2f9c155
SHA124392503d33a210196be001bc489f86a2e3f5055
SHA256dc90f0961c5c46dc227c57dd66d2869e2ee757cc9430516c1ecaa7312fbcae1f
SHA51281f0a662cc4b26803a7e7829c69a4429cb246314c8ae1a6156e534903ab4e5a7861ef6e466f17003c2a3d60a8daa0bfebcd9f82eefa27108c92b385828c42d78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f56df3896de16a0d56bd74f19346a6ff
SHA17f4f59e9cd1ec2f753476882389de59e62eacc58
SHA2566f1401d66530e0ac66cddead73980689a662ee62eccdbafd5680c8e79b6d686c
SHA512dc4ef67435b72bf1cd88099eff813ca0a1096b99edde499507f03018069453835aded5e7c95383fe31539cb8ad279af8bbfdbf38a28cf69501070eb2e5b089dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5497ef9afbd188cc74d2792e90995617f
SHA1b44f15c0fd41f398e095f76ed56bd26d501f658d
SHA2568b14d51fda1e4f0f27125de77be07a7023d290b76cf785dcb50bfc39b56a300a
SHA512aebed1e7265056ab93cc43bb4aa07c4d9356450fd5e1db7cc1d315910bbddc53b0fbe8c2a061c82696646d4f96177449506595884f86ac7c07d1564bc40d23d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD565332d3dca17eac2a7d4d4acaa649413
SHA1a37b9f15712e58548851508b64cfc047de486ef9
SHA256289ea13b9f8a5176cc93516858b6dc832abc596aa253286d8594f47be2cc606a
SHA512fe145050e2acd0b915e840e7c0366911af08e3859bd678222f685b2bf9d4a09377b37314aff99d76cf29af5e801991d195a8caaa1755ca03bd7908012e00e414
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dfbc5194ecafb496c0f92901489a4926
SHA1af915e19ee773b1559238563946e3ca8d65f8046
SHA2562e1d2ea3b630ad422067b2e08837a33ad2b3c226c114b1234f9418611a1d3145
SHA512cfd69302cf7cf7df1cd42de851524c09d72a54c66d5bc3f5b0f3cdb749fb654425f68b1c917d8cc9038b900ba60a6a69d2738fbadf6527fa50aa4af113bf1080
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD557324c2826db59a8148033d2d6bc6be6
SHA14af3d1a27ad71ef4ba87e56b200c1726674498f4
SHA256f2b228fd779fbe165b21a08c5d0988e463970dede998e901e617dc16ed364ec9
SHA51215ab71c76c1abf3c55806890c670d975d960c04464cd15c48ddca082119a109a6fc379b9231e0fafe8fb5d4694a0af1b8cd884cf6fb131db2790e288b0f525a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57eff61a6c177b45a2c73d4e15f6bc057
SHA12e4af57d436d99ad140c81bb77be5468e79451a3
SHA2562e6e7737e62eac55cd4b80fdc4fa17e95f51e397814f625236e23eb33a1d5585
SHA5121c4c4d567bcf2763716ad7f52629a4f7ee2e93125364754faed2ab7cfe04b24749c79142d5b735556896ae4e69ce3012ff672f0f8ce0ceadde191cec826bef2f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bd20be351d4c89c0c288af4e785b6e59
SHA1c50504245e51c10790545381ba5623466d10952b
SHA2569dfcbfb6d7015c6c4585339950487b79113cd5809bb475c50f5b6642979a34af
SHA5127e77611399aa72dda8113db71a7a9013092c3836ea6bc235106936e35ae261d7249ca44ad1fd94250119b59bda88cd424e4ab52d90a6cb575f91269f54695266
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d33f0f9a832b8d47110e76fbf1464be1
SHA161c0c21ee08d3d9639a92611e34ccb5e7531d4da
SHA25691a38687087ae91986a76a6dee11e3c36195b8d318874445b4923bf429413d22
SHA5125f49b61d3335c7e737be55d873751110207f2d19f3ab7dc24b019b5411a2f46bac004dc898b114d71058719c8f4ffaaca6376d80a2bcfeec5f9b8030b81ffc9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a5b293fe7f8231c4c6708e5aadd2bd7f
SHA1575bc2b27a6aade095d9d87115eed1cc251a0851
SHA2569009488be9e14569627a62cf60c4bd19f90385d22960ffe760b00df643b6b498
SHA5126a50d7ffe48dc8aa865016d2cddf1856d57cf0790070cece7a492c4685f5cb4cee202d982c0d1c1bb4a6d05d4de0a2760a1992cb59cacbf62a9c4c3ea8c47fd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD512ec53b3d1bdbf668a41da2af11f6458
SHA17388f8882070f0cccb74ef2306954350627d6ef0
SHA25637c6aac7bf0edd0e13e4e31324c68b2a462e22846d0980c11682d79fb4554242
SHA512bdd8d4674873c7375d404f6a8e0e894c729b2caaedf15c0735b611f71be9d6060001007bda2c4e68cf8756403b4ac9db4602eacebe0eb227f3fd4d33d31caf6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD560da72ba3dc26407ed0f07f90bf7a299
SHA16f0b3c8b751c7b6cc760ac81d4d4a8cec075f15d
SHA2566e0ef3bb4952a432a7b8568f4cd39e0f628e5ae8305a1352368ab9f70d475c7d
SHA512372b5dbd2f258819100ddb6004dd29ece742428458e7cc2b66a81a6d07c607f304e35c43bddd15927bb73f97f650d90a64f162baa57f48240cb48df85d9d4bd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53567ab2bfb367158bda3c724af100aff
SHA1eb02ccd4adbcca9111d048492a8d90f1f70191d9
SHA2565df9df8728e937ce1a822a6841da8c0a6936c3a23e499f4bb77ef18e9d3398c0
SHA512a4fb4b7c1b7fcce2b639133442d318c18f6efbce8dcc03df3baf98bcf0caaeea6b17bfb18faab62021802365221c798ce6a0f78accf8e146fa340dadeb5fdf93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5940c7e46f31ddb53167f54ba0f5ab85b
SHA16a6219ae1e36a7bcf90f3c629ff53ff5283918de
SHA2565a5e0b0a0b945d5d9a847acdee0d42fee184fc735d78e48c21f07b3a42dd3f88
SHA5121f16c098fb686345e87b79cc1ea1242d0aa4a07520cdde2bb178e4ada722c9707b4881b89e26ff06a2e089d8d3c611c78212ea0f0fccab8966174c94f5213820
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f57f5805f82f0dcccf309be6737403dd
SHA16a127a16b3edebd5fedbe2c67748b96debe08b3c
SHA256b6188ca288ab1b30fae4f725382351ebd08d3a5993fca505ba111d7efd12aa96
SHA5126992a42afb26584d934db30abf5dd27ff84959d29c39f7202b418392202060f74943f918d30b84e0265fced256468504779f1bda6de02d1208cbd4c91aeaeb6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5726cee749d6271d17aee8d334bd05fa3
SHA15e84639ef0bc25adb6fcd0b423f1d14785ed3fb2
SHA256aab0e9b7b66a34bef6c1d7cd8e3af62e7844ef0dc5a8e2c8dcd28bb931f1983f
SHA512a27c812ff1479b317b84f583a20816611fcdb01ca1e3ed9d28542cb1fba430bfa5bc5cbed01fe57307ddd040318a10722deb2d3117f8c9f7bbf2f9ffe1a88d98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50708ea59d679a4d8429686d8bb3ed4e1
SHA1640fcd06782e8b8ffd2b21a40543074746099e75
SHA25668a3da412103925b4cd9c92c1162c3a8d54ed03e9573975eb8d78c81590af3ac
SHA51278fab0cba841b9420909a74f81e7c6db524025e78d746ecf3943b6e84e9566c090bc7fd1c3b54a715a906cb89157bcfc940d741f07e89fbbec92ea3297eea496
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a