Analysis
-
max time kernel
117s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 11:40
Static task
static1
Behavioral task
behavioral1
Sample
MoneyTransBillQSvc.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MoneyTransBillQSvc.html
Resource
win10v2004-20240226-en
General
-
Target
MoneyTransBillQSvc.html
-
Size
4KB
-
MD5
5a59ee43e8e779b21595870a9a51a0c7
-
SHA1
097551424ca593a619abe935ff212d276fda487e
-
SHA256
39c7794117655deb84c2d6c5a761570715cdbc90973c1bac8d85f6bc5de66a3d
-
SHA512
df626a2fb4a46c2c9f9dcdbaf7369a52313bed2a3f202fd6da1cb708f0cd44be45d5f682295e9078a4efe7c74f55692343cac1621b1470f8511cc230c1a1238f
-
SSDEEP
96:oSTJBHBJDJgJLJpcJhCJz+aCJzkvJd1JzUJcJzLJgLHXrcCFREyRUswvL:oSFNVM9OAOUdDs4JAH79ny
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b378757370728489b558c30f1c2c12b000000000200000000001066000000010000200000006e83d683f405f8dc88e30350cbabd67c408d0576fee95b12a6dba92f0f4674a6000000000e800000000200002000000015b8e2257c28076606faaf38aea8892db5e4f5d8cb393c6473e573b9fd4e8a4890000000e6762bbb57218ec6a6f883b92ec3bc6cfd07d94a1382518c1e5d7354c2ecc8f5b6f295190befcbc369092919445bc6c3c69acae1be5bf9b42cce014a884e36861bd5a10eed64a3ededc5e0a5015e2b15caafb800c419c81651ddf374deb218ab7e28564aa2d10b91b2e0c69dbb660acef669d54398e7efc95f2c4b49694a00c6189948a2d511189ddfc9e3b0e6fabf6340000000efd4d22766b5ebd78a0113f656e89bbe864d152206ef064dfc74a802bb1d333d3280f7866e140cd854eb8a8aae3e0b8216d77929a5be11a6bfb6aa7b93da0c08 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422971896" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b378757370728489b558c30f1c2c12b000000000200000000001066000000010000200000005e45e0646f340bb2c2aee56b427b6fd6e3a94ab6a5d37432a5eb65223bf60302000000000e8000000002000020000000607f51101646ef186caac1ca9666147745c2c53314a28c861008ef443a0f038e200000004418af05697eb685d885e14e590457694d6889c9a857957318390e5d5187e42d40000000e7ddd0712008384c7930972a2b9352e23ce06e6cff7073dd0c6da7e01f5c0cd4df8c61f41b6630d55bda436ac0455e6e8cf32ee1e305bc5a27a36bc48e84c49e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9B2DF91-1C1D-11EF-9201-6EAD7206CC74} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90edacbe2ab0da01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1524 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1524 iexplore.exe 1524 iexplore.exe 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1524 wrote to memory of 2144 1524 iexplore.exe 28 PID 1524 wrote to memory of 2144 1524 iexplore.exe 28 PID 1524 wrote to memory of 2144 1524 iexplore.exe 28 PID 1524 wrote to memory of 2144 1524 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MoneyTransBillQSvc.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1524 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2144
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52935c74ed3fd3b5daf5de867ca331e62
SHA18bcf657da3962d408970e6cd918a8a5285a88782
SHA2566879b4d10c0b63c7231df15706ef6a4efe4658b76be3bfa68156c335d8a9bbf6
SHA5125b8b5d3a8a2c850487e4021431a4206256f6474f97aeb3b7157fc99eec0c4a3ba7d745389420361a188a0d1472d541e08e56f69d1f1dd2bb2db3e6bd58250ee8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f37b7aaa2a845dd6a8f078d3247f175b
SHA194821b493d123acb7da5895c7e8a53e06fc58e6a
SHA25652697081b7300e2318a53ece84a059fae4effb106774a5bfdb71027775c69be7
SHA5126604a49721ca0907d49e2a80c3525b17298b3908de6a2421ffc474c9e4036b748c13a5d5bfea3f8176b02018dabb05a47640fb2c79a0c143c8bc792362e72f5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD541204d3220cabdc9a93fdb37fbd21e32
SHA1f68e7dd06ec5af71a1f10fc5db7f29c785c38f70
SHA256f773354eb7e3e57e7633e0430514978491cd4808a9faff786c9b574b29ccddec
SHA512f9b8f20fc10e9b49149c1a172ec480453a216e2e6521b5acacff9a957999cb9be9e1e2cc0d81869e4dea56c1d4b84e3469f43f31bb949220e0ce74c4e31a289b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD561b3635285200ca5237dddd1241481bb
SHA1f08b3219877ef4d38a91a3a7ca3cdf7701845ddf
SHA256a091e628789f6d79775481351ce8a538ec5cede89b9d5bd163907c8c82882146
SHA51299f536530ceee37c8175c4071cb024fe2c4f0d08e42ea41a7d3052defeb64e0408041e9eaf9d453a15e79b4a2ff3dd83543dc74e9bd788d71234d64688452687
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c2dcca746f81908d99c5aa63e1f86c63
SHA157a8294902069d5d01959540ffb021d5ebfec15e
SHA256bfdadbf7a6328d4f7956bc4101f7cef080556aa04517d2b40c9c6516f9ee63a3
SHA5126405442ace04cba7dffd3e493267f0a7823161ac83f8cf9765027d6c0a393c9abe4ce10d654ba6b011f080fcb9efb69e19b5ec0eb9f156b15da89d14ca34e16f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50d4464f93a9c0e5053fbfe05fb89e352
SHA1a20e1c43544e64443272c3344269fc310080d9a9
SHA256386d192b59e8697f7dba1ade188598032df475f9377229f472ca021ad71d5a65
SHA51256e43aebba02ea9eb1408e66ee70c235b85745f9d97729b61703d44513823c6f9be092ba64e27eb4d12dbce83300a0422fd966bad3086a8a7bc319cd4ae9d2a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD576cd36c1e3cbbf521ff7951d747d9110
SHA108178c365f40d516c1392600aa31669ff16e7c51
SHA2567ff2a29a0f14357af5f9d6a37fbf58486522de0ac0e032bba6b8744409c0fac2
SHA51291def958b7d1ba038b1c0137221a961abd0d7aa483908e5bfa7c9a25d0d156f72fba17d3fff988fa00b93fd85c4656304ca1b7c1fece513a14dfcc4d270453a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55261d542dc7a3ef2d1fe2c9405c5e044
SHA1f6962a13da9cf8244e6f2aef8ceada625a69d79a
SHA2560ccf473ca5869c9276063238935a32cc63ee9d02026a23fa83052dbf6e9c1d45
SHA51288a47dce2c88c3f7a4599b52fc2ce80e7c20243f8fa9c5f128c7bea18e6e4639cf8c23664b811c92916d485be5c871f33e0a49ae8aedb98774767cb7ea656cdd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5af969bd174fe5918a47aa0ade7f9eed4
SHA1a7b16b2adc9930a1dbe07109dbb30a1cc31f549c
SHA25614058664ab96c26a5e9b2b57619cb8f4feca5e43b277a7d7991ab3a7bb46dcef
SHA512cd7fb22c61cceb5d3a8986eecacb6041fb53ab74a3435a293d29af2c88a88ab784618657b6f7e892e4d777ea05482e765f922443978a91625ec7474517457816
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5235f91bce5d7eecd81aa93587e4057cc
SHA15300cfcc30500ea0d848be169fd6e4cd0d5bd0b8
SHA256f6e20d1df7ef724dc8934d03f04cf5dd61c6e289cd3fadd638ba83ff9989eea1
SHA51281e497e901059cb0d7993b51b31b3e165fc7bf676b0c5d66cc7aa49b76b2ef22d3121a1f06103aa20b08c773cbb551a883c7980544a1826e95a35da071e5bc71
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a87ae9da652265459e3eca6c060d1cfd
SHA15517d81987bfe314774394c5f8d2c100fe3125f5
SHA2560ec19f3c2ac12b57c29272a890f9516ea048bd03ef6da8d802be419a8b013e73
SHA51242aaa3d3ffa8f146eb400a2cd66f522038ecf5052a2de2546311c3b13d90dde4c481a0b5472e6920230457f52cf51017790c11f667d7095b581b7963c2eaabf4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a87fd1e74046a7532d820f8914907004
SHA187d94e61e1d67e7c22fdc4d66cd2e4f57647f08f
SHA256e03faed208fe57c6a50112edefa776e39ac9761b6a8c4e91124a0af7b2d02355
SHA512eaf27a8982a3f6fd34dee5be134e345fb36fd0f854871c6b385852581e650489e2f20668065c7c666da3f676aaed6ba4648b6bab9ed8635d8fdea035ee091f20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5323c271e28af518c03bf2ef968544043
SHA17c69d50d8e4214473acaf3d8e91b7145afe7e1f7
SHA256ceb83569e834d0fd78c3123264c96ddd678604a05f4c60c91dd34370f33050bd
SHA512e53b450192111b8c5f7994b9cb98af92437d53a6c30a6d71328c815dfabc49d6fdf3c88e9afeeb24f84dccf78709e7ea160b50eb64a3cd16d0d95160609977af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51c969e462530761a6d59bfdfabb76398
SHA1fdbc36ae881aba8994cd2761444fa8eba4ba6b56
SHA256dcd2f3bc6579ce4bfda5731c6647a86b748e2b8e9903c5bbd924c2d2145834da
SHA51249d4ae0ac3d11ebbe7d378631a51604233c543faf9c6e5fd15b91989a124867fc0163645d350db86be7a54623598c627ea5bd0bb2d6271d7b93977527ba3ecf6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD572add50fcb9148d4869c91aa7f5b3f20
SHA1e92f805e94f7abaea534253e54c8537bf6f10b1a
SHA256214572e918937757c7a7c1d27817eaf2712783e1d90d2a627f3462faca8da94b
SHA5125942db073e63a2307ef1a81cbd9623165b28ef98f10ea431e7eabed70d629d42ae2b34565edcd91e8802c0c76328202ce7b5ec917ab245e90a311f42e1b9344b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5df8812cf8122fb080181dd2aae5ec3e8
SHA17394b06022cf06eb16c2a0806fb15eed32c10506
SHA2563ee6e49d955a884fbf3b3ec2f420459cc3e442eb363b788658ec03b9fd4dd655
SHA5124ae5f861589436791c65d996770d6f46858d670628b076faa9be1b5b687a94648e9a9865d5b16b2b31bc619dc37977f98f487d0bd946e1ed3e087b5c59d92c3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d87282b388e46798bbf8921a99d5ad43
SHA1946dd3d603def3fe67cd6313f2379981c5d3f701
SHA256b6df8db62c55248df31cbf64ead1024b55b5d5be3742130725704bdb21c60d85
SHA51229b80c94053bc617e63bcd34a88c1f9f65e09b1332d8bafd12aeae2be6fbf27eacec198fedc88c2ec4a831d8f3c99ebec56529e0301f441f3246744360d53b22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD562cae1ae0aae2d00a5d4902495932eae
SHA1f7c2846b6f426bc5861eb64d546b8c6459419760
SHA2568b6679c59afdcd245f014d352316daac41337e90be30578d79f71826458fe69f
SHA5124822a63958dfd087a9475e71910b7d84eca387b4d17cc54abc1e6441e8d95a457208df0770aa0edbfe0848eebc6281d3431a0214b9cbaebf49cc2798d65d140e
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a