Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 03:16
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
9366f5d0233f652550099e2ef19a2002
-
SHA1
25af83755a743c5b6427413b87b0e75b74dff79e
-
SHA256
a869a91310e9066a99156c4d7184567f790bb62dcdb4e3c41b657bd8801ff443
-
SHA512
58c9e923beb159267b531dc57b11fe9f72f7683417a860852b1de9b94ee656dd0d3e33db63d36612f67bbb1816c08afa3d91e8a5f48a47dd4ce264a3884af87b
-
SSDEEP
3072:SQtnw5PVuwg1oyfkMY+BES09JXAnyrZalI+YQ:SQm6lsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68CE10D1-1B0E-11EF-A8CB-6EAD7206CC74} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855285" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2020 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2020 iexplore.exe 2020 iexplore.exe 1156 IEXPLORE.EXE 1156 IEXPLORE.EXE 1156 IEXPLORE.EXE 1156 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2020 wrote to memory of 1156 2020 iexplore.exe 28 PID 2020 wrote to memory of 1156 2020 iexplore.exe 28 PID 2020 wrote to memory of 1156 2020 iexplore.exe 28 PID 2020 wrote to memory of 1156 2020 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1156
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58607480bf35f54c419080540b5fda10f
SHA1c3846c26999d6709e9fbc90407ba71659fc22ab0
SHA256bdbb7cee83800884b966f14cc135e32ac63254e2c4e38ec4d7abbaa92246943b
SHA5124986e72391aef4910c64288215da5c1ea393b3099e5882f901a6eaf543a486be0c72a4e89a83043f43eee238ee635f6a79f5017eedba5eee0638ff300539c289
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54a908eb474942ec6944ccbbacd3dc391
SHA1b845f8dd2714a83c0ec5f8b8b4d6ad33bc797c9b
SHA256c515c1561ccd0df7bae2e613d67001380a081aca61fe8dc760c05815277b37c7
SHA5120f1ae5cce017f51f5e482d52970bf9b612bab1b2c6fb861a73618f330ccf0367113ccb07508bbcbf17d4e533f5aef027c88f0fd31511ca7a1a7fd9b24a963aad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e7e40e7e9b98cdf4d2bcdefd8c1fa397
SHA1f5125572145d680a71e0a885dc36469f67c6af43
SHA2565b1ed3dddd4681dc489729db57ee72f3c2fff99fcccda621425800ce860fd211
SHA5125ada37707de88b269cf945e6883e1551b36d1f2fd9d0056d11be79e6f0d3b0c9aaa6f820e1d88a63f401bba549c108e6bf3fd583160c6c44bf31ffb1e04c221b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bc115fb3fd29fd91432f1aa82b200252
SHA1b6607c68ecec12f9b5dadfabe054da3328640143
SHA256f009f64ae793f6efafb588f1c0ea199d66e72fa5bfa4bd7f4eb876db96fabda6
SHA512f48cd64fc1af465cda80e40965f2649b7d3288453281063446d1f7972a9933783829676e5b8a934fd02748afae6fca5d8748cfcf21815c885b95168d91dacca9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fb23cee1ce22d2e7cca8376c1ed9314c
SHA12fdc68896aa69134ea415dbecc4ae8c603f4671c
SHA2569e0c862a0970adfa3283ce70ad4d7dae2770cefa03aeae5efc583281465e6bbb
SHA512c29583eff90e7ed91f38df299a379f76ee3e689ac3dbd6ee3e003bfda5faee04728c564f8ef96db74921f18f3a31c99abafd6a174c19b8415ceb11fc3b6e5a81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58f8bba856664cbb9cd7fa863a2707646
SHA1ae979455b9ad907d274a777e8209df68c464d2ac
SHA256fb461f3e6dcd7c18a7689b158a165a4cc8f7852b8f26b71cb2fcd844044d89d7
SHA5127f586be5b636a19aec1e3771e0c4deed1d3121319ce9cb9b06f88e9434465b4ac10d3b16ac0cd6a6155a2be38f0f1a4966eb2f12924001dcc045593cf2d02a6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD507e7a429e319ee8ec316f64239fa5dfa
SHA11cc59558302922d5ce7eaf6edff55bf2bc96aae8
SHA2564d5f211f798ede7af18e5ba3096623aa8d7fe16cc52a6152b712373506793471
SHA51268c8ce26e33e3f63a185ba8cbb00396dad0ccabbb26a0a7212810cd78c56e1823cfe34c0f9f90d0d3d8cac13b51e31f04a109411551821307cf66a35af8a22db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD564e589623d5d2c910f18e5d29851daf4
SHA1afa90b2cf058a7ba7e5bf4a6326a680b68d30d58
SHA25673d5ae9768356bad80a7c82937bbef95c6ef3c15248b8de1a7281fe50c3d4b73
SHA512b52721ba6451c42a09fd87c81b39376a14c99fac02dea209df2f361f996e72b1fe8c86720e6a508227f85f2845bf7e38f51af23fabafe9a83f71cd1324467a5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55de016b1c9bba776685dbb00b9332dd7
SHA1778732b467c880cb2902e5668ff9ae6483b799f6
SHA256f25fddc363f03f704764fa290a88b0477fbd19c2551f25209d4d7f98b4a5de5a
SHA5123c159ddca3c5edc4b5eb3bdc20356c4b3d320cef5bb0c3b4bfc32b66b2815f356a5bf3158895ad52510f6b5b6efb4f19b8543935af749d73c3f5d490c32f0fd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59d0d5f411a25f7a6842f24e493bf1a51
SHA16ddfa0f4c5a07aeb8bcaf032e8feb60703c77754
SHA2567437b4136ac7238c16cb9ac78c53af39fa579712d6546bd54d2bb7bef04b08d9
SHA51254d34a993f72415680ca3804fe49c19a0b33eab3ff6b6f20ba2787201ab3590938a6fa6af7b03eabb99480ea94c8a98401a5c1568ed46bf5e1a8555787697fc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51096020186fa0b7cb8c46f92386208fb
SHA11b30f1eb1e0c3ff8301a4c8ec98f5b43010e3f05
SHA2565c75cd33b9de574f6c72e23e0087b89686e3f9fe16db3c61ab369b22a7fd865b
SHA512eb03a61810a626bd1be6ba99ff5c6d86321ea997255e9ac4b161b2b7fc6aead017c082a08a0c2120eaddb3568ccda0e0d4d5ebd6f84a5d714430f7da20abb2c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f07331710d0d99560d49736f42f731da
SHA12649e3168bb412eab36b8ffcc30ec3a88db85ff8
SHA256174bd4a3e4056f085d8f5a9753318d5ee9842e80c3f76a08f70dc93d07f302da
SHA51209373a4b9032436b679262c2c7a04f8085c2d54978da4e2069818f54540474cf57e26e3c09f65cf1bbf85324b04385025217dc20f14176a7dedb6d23e107a699
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ee012abcffc082991a061bb70c1545ad
SHA1b3af3619b4da5732b0e54a14c1ca6745db9c97ce
SHA256912dc0a4dbb4ad3884846868fcdf6816c429b2187642523f05141922a7d6301f
SHA51268b1189554a527f7ca53d8e41df2f8dc8f052548da50196213c554ff44b968bdae69720269ab251524751fa3b1aa7374056fea82d8957760b80b60b91f8f82bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52e317ad02ddda8102d91642e00038053
SHA1517c00c2fd4b59f3cde14a2046335989e330f093
SHA2562844c4c1b9ce46a1c86ce05d402403bcf6199a73e048c9fb06c186d04d8fe51b
SHA512f910ce6c3698d9217e7e0859a18711459ade03556705dfb5e7f9e24250ea7390f25626aebda9541e0894d49ea0f9a4a8114210a348f5beadecabf648ddf5b1fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a485e6b38f8e95b830f5fec54652dc99
SHA1d615a8b0d61c202818f7c57558a149badf050bb2
SHA256598516f12d37b0ffdb02a64292807546f1d73c60461d141e5e3dd5f4fe13d68d
SHA512948957c9ef7f4c0d50e3e5004bff0bfaa1c49a20d1893da0c87c5c27c17da3278c809adbdf732f2ec41efc7aca6d13cd16dd187546205262c719083ea028515f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a361ca09ad992016da12cab20651bd9c
SHA1733cdf724b0090e3066a211d2207611607e5578d
SHA2567bec2c74e1546da85edc8eb2661f81a45e2b6a3d05459c07c33ceb777e9b5c58
SHA512ac3a084981496bf6854163ccb52e348d47df449100b95328ed4440096d94e4c10ddef1f5e9e22ba75a7d99a33d9dad330b3a0af47dbca1174ea3b6d18d4b18f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5524bf5b2b0e116f90d20660838cecb53
SHA16c36eac1b0665674ec4f3d8700341ede1ecb602f
SHA2569b6331b2b7b9b99e9132f4f2d54f2cbacab19983666481c29e43a7f87aac435b
SHA512cccfa44143bac87565ef2fa1671e3af90da2678638833a65e0ae916bf687d2acb6ffc9a5921767ffd3d9a3b80c645db8da5a0786bf08976ae760e4c3e414a98e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50bcd40c79fdc62a3545f784669156ee5
SHA198c51f46817e8a6e387f6b64efdce4ba6e584ea9
SHA2560b805ad40d163d480ebd6f6233230c86eaa021ad6cfaad36fb796ae5d58ba5d5
SHA512c6e726453fe923500c3e16c0e6052d74ceabc6ac9792b52c5aacbc3d65ee2d5fa2799d751bf84b1e4d2a32eeea4f99000dc798240bf93368e7132e07621da32e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f70bc741a6fbc2dde9f8bc73d81c4446
SHA1db856586d430824b57ec1c9c366d1d78e970d02b
SHA25698ef2b5ca285b8cfe30632bf498909a717ae0a0bd9d781368aa2192ffcb36377
SHA512b089c5a3a9cd9a8d2bb81776941e66d6cf1409c431619a3e2b4e3aef4760d4b71308e75ca7c948ffe24aa44dc7fff8d46395d3f8b0bcbb3d67144805919befb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5aefd63f91df0b84b7f2ca31c2f39745e
SHA1965474cdf41eb70c104e7e7bd6280fffbd34c825
SHA256dcafa038ef841753105cca888edf23701543baba31e59935bdd04f4f65fd4d12
SHA51236a356df6665e66b195d1acf1dd779468fc68061a17e81c48c568e077e7f2f1de6f2534844c3e69415ddedd73aba0bf88617e8955c9c0039e81963b693862fc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d1637e94bd22a4ded0658c64471d8076
SHA1107b86c620d06c829b6b5202d770da14575a6a68
SHA256234925efbc935085b37c2f42ed4ec7a8f8d618443e222c62749aa97b9868bb86
SHA512db3f5dfad0899d92b269d04e01a6fed37e35419c97d450043ab220bdc33482a901cb8465e90fc6d779121c1ba14a071148887e97ec52b01267e7e2f04957af8e
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a