Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 11:53
Static task
static1
Behavioral task
behavioral1
Sample
libssp-0.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
libssp-0.html
Resource
win10v2004-20240426-en
General
-
Target
libssp-0.html
-
Size
292B
-
MD5
391a97c55242436ec33d9e299dffdfe0
-
SHA1
c8a5be95d8a698cb67b6ed4b2b344205228f68b0
-
SHA256
b7556765f7bf6825a9d227902ba04e5b5e7b0f4e5891373417f895a6e78910dc
-
SHA512
0fab06f6c168956e7b8f0a3f71a7b0ae02d9ae3bb7a8554d3dd20462a89dbe61059972e3ec0e2f5032faef796b426e3e6e97af687c8652b62b53ffa275c8ec59
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8F69571-1832-11EF-8F92-565622222C98} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000596b5027251d13469702c604d585668500000000020000000000106600000001000020000000fc3527c78a39ec320641bca7e105d890c8bd1ee44d860a276f63c7aeae1eb819000000000e80000000020000200000000acf92db426521a503fa6243041c028feea368c032eb29f752b498a08ba5c90b20000000d24428fc02c226d4b415bc293b36f0f81f93821666a0e5f9a54ec54388b77592400000006e99191ca1b3f7a22c155b9bc0a61f43352efeaf259d24909b692c329ce6d2be5a946bdf0a708045121efe058a394ef339f7d0e575661173f3c8d751c2a9f11e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 404b838d3facda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422541027" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000596b5027251d13469702c604d585668500000000020000000000106600000001000020000000d0b127375cc0eabae3713577149eb5de4f6ee9dd23a4a804fae83302e23ef995000000000e800000000200002000000088b3a367c579e8c3852080ba46f492b998f1a0624f1a495175c0f8fcea3cee179000000041fcb6881ffe59c4472af1d468dea5bb4b7727aaece0e2f9a075c6f04f767470bb1d4bd1c9ac88c5a82994cb89186cb8e57abccb500572c75ce7dc80b73cab3d435fe89e9a705358ef8c907fbd2d6402bc3994d198fdafee27b62215df5d4ae65829bbea80adf5a003385e32db82a8fe0eab47e7993e244e2266ff51a0b8425991af3a28980bd09f92bd5e8cd140f6e840000000c4212700c148a751301905a2a8eb8ad9086233ff2236c53307007497ed8e50de97bf564b416dad8a2cc9427adb7df50d93fec9ed92c62d2aa8fb5d82430aba52 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2908 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2908 iexplore.exe 2908 iexplore.exe 2492 IEXPLORE.EXE 2492 IEXPLORE.EXE 2492 IEXPLORE.EXE 2492 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2908 wrote to memory of 2492 2908 iexplore.exe 28 PID 2908 wrote to memory of 2492 2908 iexplore.exe 28 PID 2908 wrote to memory of 2492 2908 iexplore.exe 28 PID 2908 wrote to memory of 2492 2908 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\libssp-0.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2492
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c41db422314c721fc2de766009ceb136
SHA174d8d6b44a9db41755f28f2f955e1c3e32022188
SHA25610a454871015953da2b8d40e01f8b963acf58cbf42d48a9e162d835a059099e1
SHA512e29787019a5805f6480eb732dbc4e99a8e014b7e9e48f4500ee717134829116d96f4b8852ec1b527c016597c873c4b1851ff30e33b88a943dca3d8c7ffcfc8a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55a226ec4250527161c956f01a7a021d0
SHA13ead62a03f02b475563b2d17584ceaa64e61f8ee
SHA25652aff70bbc0f87cf8accd36df866ace0ec2c51414167c4553e3fc8b5c631ca37
SHA5124b06cf054084712a7a0b333699539d694ff3157b2422d87988dbcfc05918522b57d67f5097ba6540dc5ab759eb5b680a92a671b3e4a62de64950a4b52907fa85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD501d37bc8550975c876ae021058afee2b
SHA190c8c8322d4fccaf909ce05ae7744568040b5860
SHA25634999e21fea3f1d57f13bfb7c0e22ea352541912741acecdbc374c195107828a
SHA512e3eed5466da1e60ea7416e247eff04bcf88962bac21670fbc939faed695fb13bee551405a6a68e7dc706dde6246318bb040a803bff48146fe53fdc8d607eba58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e41706db2b3b4e33bcfeba2f0cc88ce6
SHA10a05fb90e18ace4c342c7b4cbde91a98cc13093e
SHA25697ab456bc750855a3f08e98a944c4c9cd8490dac28184fbabf680818294f3e8f
SHA512cbc5f9f296840a33860e3d33882ca38375b59023be9a0be8bc912849f2f0ff1e8272d6234d13736ad35b887bbb681f011d91e18a0a7627f52e7dcc4523e77427
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d784227592e56f548c87ad08cd4c08e7
SHA1c3e8b5f4cb8fd4c6599a11f65f051c44f419654d
SHA25695b77074531b13605f3cb5a44283e957b2ab2a54e273e64ac4720f324b7956f0
SHA512ca15c68caee2a97521079ea550a1c586e23047b8aa0d80936dc2a4e445ed020895db0f6d0700a71cddb0ce6072a58ba68f78e5fd577a3d34874e2c8632fbf0e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54688f5724ed9d3217ee8e86c66d0d153
SHA13f4241be03c557d5a395dccb8ded827433b3c277
SHA256203a8d38dbb7178b0b5f435a340f526379cbc45ecd80602990e0278abae0dc6b
SHA51200429219c08458f776fa4ee62646232dcc783e33cee1e887c1d051a0438d9a8274148a6b36cd341ca938631067b1f38ad806245c70a25001e4fd112bfe78479e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59848628976ea69cace279358fe1e9c12
SHA1403f58305673f318431cb3eeaa38f0758510cdd9
SHA256aad67fdc57e907767276bf8bc440987403baf5137c13a6b22bb1b2246d1d4469
SHA5126ea23b7da55df935b1869bc93f1d4d2c3f650a66e4280a04eb6025b4f3e640f6c0eebb63b764c293faf51bcc632096ba6731408d57cdef5bfdac04bb0332b954
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56b16472fd8174baf05e3a57e886b40a9
SHA12d9ca301a20df720e2eec2d7fd96f691f6a771e2
SHA2560154c29f58d7c33ad7ea6be6fe02322872f75986db0bf7b1a6727a55e0913db2
SHA512af0bf5d05beabf9dec315da79398e6005d7c22aa16f028a21dc40728a718abfe3f0d1aeeed280555b8845f34f3b31e8b2044079eddcd29b2692e1bde7b64be79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52b9a9109dd0865b7c291ef3bd978f0bd
SHA125a01ca49139eda3867e84a41eed2ad45f6a713e
SHA2565cc57ee0f4f8df80235efdaf28d34d4a37d75a6a2d3dd06f0c1eaa0fc4c3b9a0
SHA51273577e89ba60a3b4275534d0ac4a9dd06590979faf8f4e67e63c8af43da15ea46f951471c74f854892f5b616cf1c80e33d7912309ae4be231a6fc192801931a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59ff3c987d59c006c888ecf770f9be372
SHA168f8809235f7641c723b63649e9d2c7d4f0348c6
SHA2566e4cb2f8082d9f21031c5f20181e9b58a975ff51d50eba798779c5fde37bf9a7
SHA512facd0edfe4fe9c27a4e4138aeba5ef16736cfff26f4eba47c616e522d27b9bbcfc77dc2e31085beee158aee09832df578a479651349e434a5fcb33522b298a17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5744e8ead069ac410fe7c20f7a3ab26fb
SHA1557c29d980b6fd9bd48ef96b0da15ab863f8e5e1
SHA256daff51baa938ef1c22393df69f887980acb441fccdf28e9bd467500279f4862c
SHA512aa3f959b25dcf38db61f7d69524f1ccef3c3e9f7f46be4c7eadc213dc5cd1052d19c5b43816ec96e7f40eb1b126aae35eef3f7bbaf694bff7cc9d19161cebac0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD572c42ff18a4be434e2ac1ed08974b5df
SHA15281f55f13fe4ef18607fe9733f8b46485308b52
SHA2566077b88833ffd3c0f67f488f56d8fe3884e5f6649b6c259d9f93e8299ecc1d1a
SHA5123773efa7192ea278c47348aff9dd4ce67337c2c41fe1c4c682cea166cfb1dc3ca779957371a1a44d719078449cea7b74ea7cde263166ccde30680ff16d8f709c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD547c777b7fa0f762d732e554df5036900
SHA1a7a2052d6de3f6475be7e4c2085cb918e8c0cb12
SHA256694d9a54d45287718ac49d392aabb2a76e6d782897b82dd92206751a14ac4a9f
SHA512c1bc895af7200f72419b2250d9f6ded78f418af0eda9e3f5067f3166a78227ca4186b70ae3a6f403a563ddfe925cc13696d1f7725b40010cf44ac1b7bfb90f5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ea69913176e147baf3dfde4e990365a9
SHA18321e4699f321f748ca824314b50782179c67699
SHA256c59e328b2f9394a5bb398edc8325e9b2b4ffe939ccc000364789cf8778c2da94
SHA51237a68dd90df7fed1e599dd46f4382cbe21093be069963251cd40d514b6465fac4c3e797a9cc3f903a903b6b18efb0824a9c22ff4754fa48d37a7ab7e90c9073d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ff9daccb6ff500bd8c7a5385310224cc
SHA11d671747e220eed185e2aa9d1251ff23cd4bbec2
SHA25643c6e2f66afcd5b35273003aad81d4bd1833d625014a87295621f768feb9a9fd
SHA512b71c04c9d32afe0cc169960d7162ba60042cf06bcd3d82fa4148d864f7c2ae333aaa05d9441971010e77a116d13a04d5e1b56420c0955f2b1585b6eecc3a2af1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56b23787fb66f400431bf4f817e982341
SHA172613cdb98b0dc690b389c5c481b43354830f2b2
SHA2567fa69e480647df38f2905b3a55c57ee3d4899e0bc4cdd728c20ef0cd7f9e0834
SHA51226323da8de2d173c54516c11c4c6fa43dec1c445c61c78f7b270cd988c2191307498d040f44a34650d2dbace01e5206a2006258bee1f233e9ab6faddf62b9f2b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56bd2394f05cb77ed5992f24124a45e57
SHA1fa97c52facebc069ba7a72e228f56e4532652ca1
SHA25674b74e219b4771518ead7f0483e8adb658d005273955fa683c146df7ddc78bd1
SHA51291a4c2432d602770174e48c825f712e249e4450e198e077443cbeaf8a0ce415b0afe581296ff62ff856da34459a5be0f604e30543283a181cb0d304af2de75f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d8b51ac8239079f5e97c885f8f4268da
SHA174f3f489efb4a8c6da5550415142ad490e12aafd
SHA25650ae003dfd82e62c5df13211d63ab316788d52c70b5ea91852ad585bc8faeeec
SHA51228763641c49fcba10ece65c24d9361bf67f4fed10e1c358d7e21ab6a2411bab8096c56984e02d1f56e966525fbde0ad5ec44fb9766b3498cdbbd03e2bbd07bcd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5049ad832ddd8a2fb2dee824a78952527
SHA13845938fb97265b2497d0381597cd52b47d11403
SHA25638c3f80b989a6355523253828a20494946d110d2c8536e7b0c15fa7cb9352669
SHA51284ab5d0afa99501d6466874cd8ad1426250b4fce562b01eafbcf0ad42c01cb0896df77cbde4b5db9a682da2d49d42d5f6b227af6d884b42158770b4a6ee91970
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a