Overview
overview
10Static
static
3Main_Satup/Setup.exe
windows7-x64
1Main_Satup/Setup.exe
windows10-2004-x64
10Main_Satup...er.dll
windows7-x64
1Main_Satup...er.dll
windows10-2004-x64
1Main_Satup...ay.asp
windows7-x64
3Main_Satup...ay.asp
windows10-2004-x64
3Main_Satup/slavey.svg
windows7-x64
1Main_Satup/slavey.svg
windows10-2004-x64
1Analysis
-
max time kernel
67s -
max time network
70s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 08:59
Static task
static1
Behavioral task
behavioral1
Sample
Main_Satup/Setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Main_Satup/Setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Main_Satup/WebView2Loader.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Main_Satup/WebView2Loader.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Main_Satup/rockaway.asp
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
Main_Satup/rockaway.asp
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Main_Satup/slavey.svg
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Main_Satup/slavey.svg
Resource
win10v2004-20240426-en
General
-
Target
Main_Satup/slavey.svg
-
Size
1.3MB
-
MD5
1b7febf62d31a1f8cad94b64eabe5b84
-
SHA1
83d68132fe447bcf9e119fcda09bad643e3c87f7
-
SHA256
85c9ae3663d136278fb37f7700bc84f56776f57e6346168c8b15bc10aa3bff22
-
SHA512
4b1a0c43f081170f342df80d755e1c1e29527e49e9f8f629caa883561b7fe201c0132aefff71681043c352bbac5cf742704472d4ebe018fa13caee70961c9d05
-
SSDEEP
24576:QuYOl0bMeeN4sXNxz2sqZj/ZbiaGiNufLXnPgY+LvTNILq2Q45bONk81Q/:PflAfC4sXbKhh/JvjuLbuTNNlG
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422875924" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000e417ecb13acbf8e249626b9d3a5972d1836e52b7fccdc9a1add2758af4a700bb000000000e8000000002000020000000c954789eb0fdf1eb0bfe3384b793c179d712e5f1d37a0c8ae886698979b8bae120000000d97245e377edcc51d05b3e485f1dd5edee3c3b92d92fba2bd05cf5196f4f340040000000f937bef829ab319940a84a053739e7d7741c3e127725d319960fc37b678b5b815a13b8861bec03852eb2f5a7677228446567c0ca3210987ef708f816ef88c48e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 706eaf4a4bafda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000000fed2c0f7d0838fe8d4d8e501d5f903f83ec844d1127bcf472cf2eba030f40f4000000000e80000000020000200000007a7c4c5f04aa3258988ec99b3d8adf1a86dc586c8ebd208871b55ea27a47d70290000000b35395b0ace51bae038cbd7d4ccbbdecaf18ef587663a16cf69e88eadd0e3ed4a97bd00a9afe7afd67a102e4566783914ad055b170943f6c69fbdfd734c3467f039fdead5f583f0ff2617da9ec7081239f83832bc9ab7999d617fc2c437ccac99790f7d81d382e19ab91b6e41edcaced4797e713c3e59763b75ac3b87bd6f490c57e296c7085a520149e0fdecc1afba040000000ec317d960993c5e8a6d57747dc5f270cd5d33572f8e3a2cd30f6e9c2d259f8cbc4ffe1efed3a3ad9ae4f467fa7271c0f975d441eed7668c8351e795611cf646a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{762B7AD1-1B3E-11EF-965F-FA9381F5F0AB} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1736 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1736 iexplore.exe 1736 iexplore.exe 2112 IEXPLORE.EXE 2112 IEXPLORE.EXE 2112 IEXPLORE.EXE 2112 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 1736 wrote to memory of 2112 1736 iexplore.exe IEXPLORE.EXE PID 1736 wrote to memory of 2112 1736 iexplore.exe IEXPLORE.EXE PID 1736 wrote to memory of 2112 1736 iexplore.exe IEXPLORE.EXE PID 1736 wrote to memory of 2112 1736 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Main_Satup\slavey.svg1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2112
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56589ce92518e6792017aa9fbdd4cec73
SHA195b833d26cd5b11952e003d5b3e6a64267c9783a
SHA2568a5d2bd150c04d11542b07769ead1b9c3633ee5bd1d9de1ddd0deedf94551b00
SHA51251e91a4f0eedf3bbee50ca410d65b2b637ae6f68784192adc260bc1f5461b1e5ff312d2089e0ad3530ced555a410ea5650aa8e5e1b7d963db0911cf5b9bb59bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bf759e69740181974c5cdd82ae77bddb
SHA111b6e1f2b888fb85f1c927c031313f126f7f2971
SHA256e3d31452a0ce63348161065cc7286d60f15399b2fdad99de28fd45add0f6389f
SHA512f3791c60209b6b6506c8468fa6b5731ecb6c35a6f73d6b8e7fb21e1ca164dfc091e6a741d7c842f327f4bc18127003dab4cc77a339e1b02cfb2f91be7b19d3e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c444371401e5bf882615a3e9a83c5568
SHA159bfc1689b01ad5b2ca97548b8363a99966dafa9
SHA2562e431312d1f64e23178df35fd9e852d97ff70dbeab8a41b8c9abe59571314d8f
SHA5126298fe3a507c1a97ce1c22fab1038ebbdfefec7af003ceee1ae10620b2f30e2330972d82b8c58a41a1eee992d77159b9ff174cb56e2916335ee8dde8f412cd1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54cf546372b96586af7947a0ab9bed95f
SHA1810673d779d3df2e3d4dec534cc033056a52851f
SHA2560fe2bf3e0def03b48b3e1773ab526c78b949ac9f50f07ee233b17364ef9e2427
SHA5128bbd4c9e4f503ea8869fbc2fa71db82ba3dba141f4daeaa7d87c55c7625ec12f51fa414826db08eec34ee92fa77fe88739e9aa53997b8b76f2808b6dbe9271c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cb5f6fef8dea5c9001d2138e21b52f71
SHA15fb4d5946201a832e9cd66aa0cdc8e4efe063253
SHA25685d9df7d56a25c6a182057d39bdcc4337205c7aba8fa8c6b24045b147a1a4d61
SHA5129fe49a3958a7a65551b6eabac111035fb6d0d64f129e8153d613b45d82ed9522eb8ba72c53e43612d69e1fc6e8423b364e7b824df690246b6c1755beb41f7c17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD503be86ed61102a3d9d0e132f48147d0e
SHA1a0ae6e20d9560c0b7b5dcb00a7bc81e04f7feee8
SHA25666a65a533ac651704383774d4d1ab19d04548b6ed5808b25810dc3488f8c3bcd
SHA5120ef1be44e08b3b578abd0e42937c079f6e4cb097203001284662e421920fd466cf3e88f88188abd54e10148a3bba11b8d35057858f230d47ce3d3d3cb5c1964c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f514283e1eedccc0f7bbecd7d0554509
SHA146a812619bb9307382fdede627c697e847a4a544
SHA2562eb178c1c57fa8a8eb8cb2552305351609b3dc94d4cc0c531f2bd8ef805f9051
SHA5129d99deb281c263054656e4f6eed8a37ef2ddc0e2431a97774db9c0d57355205c32046fd3928b3cf719f4af57b44a55a97e91274c940d9fd109af95c0e5866489
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dc19a17adc1cccb4b3d0dd4b5547d972
SHA10bf736ba227f6827607c1cc0421162f937b3acae
SHA256b7ffcf376a55ecf4df5767ecf994e01f0ad291a17503c6c409d16b6364a65621
SHA512c28ecee76d0cf6851ef32099892740d31dc81acb5406a444e15467fa2ff09fff4682b6be56ca3a74e2a22102fc813ff2018c29d9088cbe9d9b0f7398a97d4005
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD530ef36821abd1146a7073bc199d6c030
SHA17f021e5c20460dfa4ff6447864465f5d4631537b
SHA256772b00b26c6bad171574ad2243c80ebc5dd366efa805841f1ce5c657640e0d47
SHA5123bb8f0f9e1074eb347796b505041c7d1dbef94c12d66ff78b246301402d174150ed7d589c3eab63e47a6c6fde4ea6cef255a9d47ac3783b2ca93e1370b59e5cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5de9412a221d251d9762dc9ae2c34cc16
SHA13402ff4c3c6251ff82cab1fe4aaf49c6c2b9b825
SHA256c76bc22b73183e2f99cdc03d5dd5697a696837fd2a7a6add118153a842b03e15
SHA512b31c0202442f6f9fd9cae76c949cc1645f6ef249078383c9fd91c6fb897eaab49da98b248234fe9d2e05f17df53527976b7aeec6639bd612a867d385fa956c5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53be48a1b8780ca1e158f1bd9dbafe6ed
SHA18eee0464515ce866d10009d296dfd8d79f958812
SHA25674f04202a275fa3390f6ea9b1e3608e1183fc93ebffbb8c2fad0c2123ee2f7ef
SHA512b999137b0791741071f34c23e5f07068f7d92c9a4979cedd340fcfa4c0b5c12043661252e8e482bf292430da35310ca706ae9d958b487fe4e61550e02578f4c6
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a