Analysis
-
max time kernel
136s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 14:56
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
41KB
-
MD5
5d248fd7a49970d06c79f898e9aa878a
-
SHA1
cdbe93a51cbe73803c6d74d4fe9e4583134b1c5c
-
SHA256
f9454237ab2db48d02814ce634a568d1eb22cf02ee3dbeddc4c8839b52b8fa12
-
SHA512
6bbc17dafb2cc7957270e2d84903a344b0c7971a237a2f95df31ea9c3643af777988009b9fc3e368d817b4af5f285467896291a87dc31b1e4b9f3bdc01b1713c
-
SSDEEP
768:Slmh0OdBcM8K+5QjrwatUBc3Z8vf8r+P8cbB2J+QifnNeM+eezpL4j+krRDiTU+d:SlmSyj8t+jrwWUBc3Z8vf8r+P8cbB2JJ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000001ca31f73711b33f9062c6b259efb1471fd94da7e2382f7cc0dc69a02f242dd26000000000e8000000002000020000000fdbe6ec7a0e0dab30e03725ed575fedc8c6aa53ae771dc29dfff1b4ab8d427c290000000f6b9f50f26b421f398b5b24f9b240210dd6f65521a99e4dd6754be75838f1a26e0c35776bc7a2d4133405e4022347667e7256809208dbb4e025e29348c7b83ff6d9e6cb40314c58017e91ffb7cedb1a0e7ad58c627f2190d456498b02f2ba37daa7b4d3a6de9b4814ef36b7abbb47370a075edab32087740b6c407f18fab0953496dee398fa704e46d6c89379cde78d040000000c513bdf84489383e152b277f2a6903235b8912d6bad509e51c9956b4ebc3af6ebf084dc22aa8d1c9bda84e79151d268fd5fc9028c92f63b5e0588fb64cf51175 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422551648" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e015618658acda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000088dd54c48ef5537eb053a0be51d6ffa5aba37dcfc05eed136a045d73bb7e88de000000000e800000000200002000000083973c05469d17b9c9185e755f16ce393cfaf62a5e71ffb7cada642ef15ab239200000009394ada49395812352dbc880eb2d0bdc2053181216eccc2844ab0b2b463abd1c40000000a004b50cb9b86ee1918034d79d5278c1b5909af39e365503cd080de65cbd4349dd2afb44e27a9a372e6f41690bd8bdd8c5bf00359147ecc620fa5a306efbd3e9 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7302F451-184B-11EF-BB1E-6A387CD8C53E} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1732 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1732 iexplore.exe 1732 iexplore.exe 2584 IEXPLORE.EXE 2584 IEXPLORE.EXE 2584 IEXPLORE.EXE 2584 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1732 wrote to memory of 2584 1732 iexplore.exe 28 PID 1732 wrote to memory of 2584 1732 iexplore.exe 28 PID 1732 wrote to memory of 2584 1732 iexplore.exe 28 PID 1732 wrote to memory of 2584 1732 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2584
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5342c77943323206c734992c39527aaa1
SHA1ce929d8dad839f8f75dd0977a92f825281406d58
SHA256a922abfb4da5873bb52a267a5adad38fc3cac64bcfdcdfd6e779dfbacbaa2b10
SHA51256e4620db89f49090ace1b7d5e756536dc6d49f5107656cb6c264e65f8b9e8f1f11a160612ba4b01a4c2dae960da013e75bf25c30c0396bc2b48e80e407aeef6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a7e321f259964ce12f86c31d32c3af94
SHA1c54c7159609f956dfa216e2befcdc44ca6743f80
SHA2560674dc1b83f3d9cc30a268555c735a09baa807000fd2a419597868047e9b586f
SHA512579e339b69545b5902b6928902bfd82b52b98a0bd8c14fc080ce3947b97abef8297acb69e273f01d410459a51538628ee0f7def8377ef96672042e6e17e84804
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fd6485a08aec20b911cebe6f47d83259
SHA193b829edaad4e6a753805655602340e209284621
SHA256486d990cc1cf2734ff7de4c144e45b2133cb1aa4286056cefa580d8da82001eb
SHA51291e90b2fbb59e15d619514560d4f54d78f677024ed27ace74c2a370160acee59600a7e50358c0401cc63ca43f87c36d5cb529a8b66178f4679b3a18d64d91a60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f3527b6f5d4b6840fa6f5b517f4ee83f
SHA13fad4d5089c6b5c8f64b52b4ce1a2374e4d2263f
SHA256c9ec406e4143f765c34b84a99fe0fe67308ca5b0086776e0a70948947c46a8f4
SHA51223cc20d400e7c04f4f57a29fba01ae7c052dc39e8b820f0525b15086ad362cb10a7795449e168ed3f8b6f128eaa944e5017b380e99de91aa5a2f365a283ecda5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a6d24abfee2d1410f04bb2d529a8da92
SHA1236b713eb74f0d7192f07cd7dcf77b0f5300eef4
SHA25626cc20e7cd4f477663305b8e0a7e395ffa03a0db37d5799589dd7d07437b6c4b
SHA5127a0f2b40d5b2eb87e8a1219bfe273d8a75ec52eb7abc2bd99e5901fb7e286dff14902700799b195e2d8b23774fb50c47b9f71aaa6a0134a1e2bb06a893a2d479
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58cf252b5abc120497cbc9f07762039d1
SHA126c0fc55642c083c1ee440c014bce1eebba4c5f2
SHA256145c3858ca504a5ca18691ce7af4a436fd391f7186dccc0b3b9413dbdd37ed2e
SHA5126013113584f7097864c7bb9fd9b9501a808c476ad19ecf22a021839d11509ff8e413fb240b590f41be4696e7e73ad3ca565afeaacae1414ddf53b36dec453732
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e1ffc17a7070889b28ed539645e14027
SHA11cce626d783a12619a9ac9820f0b6ba265440825
SHA256cca476d2fb3b6f7c2dc430e5d243b3bd963a83bb4563f232c39f84e392064d65
SHA51269e7ef5ef15f8ae245010d2470ca2326f7fd15d90679f37053c8793978af01fc8fe58087e955b45fb939608eac4397081bce130a04427a73e604a4d1f75ad6f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD501e74e7ca084cbb40a50941c3354399f
SHA1a4a66a8331e97a1bf67fd7dbe35af768c1700c1c
SHA2564097145605efaf538beedf879299d399961b50af1811cb7e8333b381b43ecd0c
SHA51291da31a8d9d8e2e27036ed342b256ea626f562a1cce552a60a2686ad5a43ef5e146d09defe1a95d438e2097b83bf6ea795a0ddfa6f52a5eb92693fb37c43f4e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55cf69683bab957590dc8ccaf2a7ec093
SHA170ef00557898cdd1d6432c0b58a0289169f6447c
SHA2567ccf2ea3af8b5ae9f7902ad46cbef21cce0f6515b929c359ac4e68256c4a0d41
SHA512af2028b2cd801f818a9239537339a8d28042b073d5e0650013586e180d60f886b5534650618338d71dcb7add0aa91bba69382c6955ea5e5b5edc9cc501e057a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c365bae63fe9a1f5d1d98fb97b839525
SHA139d69ff585d57703a976adf442984e0ea3f7cc55
SHA256208bfad6a0d543f53966dd4a8a2d25b8809adaefa9ba1521fc70ba3e11f675df
SHA512cfc02c3a89a0a8f9eb5dfeb3c293197e3756f29898dea841519712ba41f1f98a2a1b2eee363dc4db69b80996d7cc0fbcfb99a3d428736952fe1102af854325fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53ac441a2f4111017318215f8663c31b3
SHA163ee8855800a47ef52b6de8b637377ec89cd3061
SHA256247696afec27631c5f861e559750b8a50cff91b888e19e9361295dd354dac192
SHA5122520ecba09af40483766bfbe38ea0d81016ae98868c48ac22408d2b99410943c8e8a1d6361de8c7138ded87d630678039d9bf322037b4b53a9e6047c350f5cc0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56056c2f1fb079687c22b02acb722b30f
SHA1cda03cd3d1e22c3ab1869027c7a51a67f1dc4f25
SHA2565969abcf7cb03d221111b1dbf021c725de8219812b0a528eae7eb472ddf69c1c
SHA5129e3cedbe30798a90861633969bcdab5c4de440312632bc2a96a2c22a59d89ff6ff0b03cff998a9c3f440ade0d33036228f5c3c718952a451b2d04c274bda5309
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5693f4b6730be284408553341b895be66
SHA1563816a23a0c01d84b9ef75619791638ee39e6e3
SHA256c8fec9174ad257e7e81b43b35884e1501d1692ae8a298719277106268f5339ef
SHA5120f4186d59c52b06364387d8b7b8b9857a957c7db1bc5f7fa473125169f891f0f8e11a5bb258bce3452bd76c422cd960bc55d63fc5099f1ddd9cb7b3ff1a503c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fecc55bfacd73f160298f891e47a399c
SHA1d3238a5c011ca31819358e16ae29179afebabca5
SHA2569b2647428f7a1f4676d2e6f9c80f2cf7385ac05c9df9264fa8378ef0d283f11b
SHA512325a105809efa03564e3d3d7fba7d01315ac4610a681662cb4e7a39338ea7d5d5c3246e06a6bb399881887b22890bc3380e995ede5790cdbed94aa4ff6487ad6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bac72e4ec38fb9105c542be9a52b5b7a
SHA1e7b7f82f5e534c162ec114efda56f6e47024c438
SHA256467e53b0dd703c46d866c53ac4e15cc8985162bce1a14c2cea1dacbc5c63b33f
SHA5129f1a8aa1c39bc91d4f8fb616a11a6010b19ac5d586eb98c6d0aa6219b62295393604ed8ccc667d50935bc66a1279a348d8823bfafb032239adc46e1ce419c46b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5898eac5b6e88fc6512c284a71e9207b5
SHA18958402a133c96e482aeb76fdfdd184b53ab5239
SHA2569d0c7cabedb1a252a7e9ee8ab08495869cf127b4fe90100d73ffa3da52800f78
SHA5129cab69bc2675a3cecfe68b703193f0f9acfe1618d42a47f1f625f5511ff718ef8f414ba533502b9750559ae13e4ef0cdb10ee209bb7f93bfc78e65a1db6b5556
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a