Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 11:40
Static task
static1
Behavioral task
behavioral1
Sample
Cirurgias.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Cirurgias.html
Resource
win10v2004-20240508-en
General
-
Target
Cirurgias.html
-
Size
4KB
-
MD5
71275f17b992747ad1c3c3099ae4b881
-
SHA1
e9c5967af9615cc065a55b386563a4e43dbf298f
-
SHA256
b7e0964db276ae4cc8002c0ac4fe36d7d87b83a140606308a24ad445cd787cb8
-
SHA512
3159c1328e522d2a4c649995a5bbd1039af34af730ae86ec628c789a592084d3de48f1a23a0bbd6ccf2c5e3dbd4fcef032635d92eb89894d5c423e0f5bf1937e
-
SSDEEP
96:oDTJBHBJDJgJLJpcJhCJz+aCJzkvJd1JzUJcJzLJgYCUnQJlppiL+9r5U/QMCFR1:oDFNVM9OAOUdDs4JXhnQw/Qtnk2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422971886" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000b2d351f622d8b0cf43b1f4de92f72bf3266d181c588e1757b223027070cfac84000000000e80000000020000200000003fae2f3a01442568560141d3a1ad4f27fdab0a0a04d7a2600a86bb480a5e74dd200000001cfcd573ddee8f98e40a09672604c52ee028f491b7751c8ecb1cd2114eb306cc40000000104a752b001144f9b6b4185e43a982a669f7189196633e89409cc3fe1e78230207e72989322103c97a2360555aea2a019a3c33466868bf7c989e6bc28bde093d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000f3b00b59082d1afd905ae39c0056876b91b29f3643edfb106b8f55b85685d890000000000e80000000020000200000007b58313e171ff8fbd26b1b31127ffbfea95f4442fb6a48e992e56c0e430c4515900000004f48581d21d49ecae0822d6f5a8ca0392a2bb344d2088a262fc3100f61fb8e10a7aa23e408aa4d63d11bbe97709d1276967bc0289d9611cd7d8bc0d25eb9d8a83e9cbf1cfd52262fab70b9ee78af40a263f7bc06285fa77b6afbe707a7bfe9e3da9fd76bac196bccf24bbe020921bf2fe6f4b940b60ddb056bd1010a0ee974888b606a499b7aa3d052d1124bf0d7bea140000000f49c136093a8a26bbd9b93da915a309cfc4e24297534881884ab2e94683e0447afc96c3cc0d9fc664774c76314903465f90090a84208fe989e1287281da02aaa iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E46D0CE1-1C1D-11EF-8F47-7A4B76010719} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b045f9b82ab0da01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1700 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1700 iexplore.exe 1700 iexplore.exe 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1700 wrote to memory of 2996 1700 iexplore.exe 28 PID 1700 wrote to memory of 2996 1700 iexplore.exe 28 PID 1700 wrote to memory of 2996 1700 iexplore.exe 28 PID 1700 wrote to memory of 2996 1700 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Cirurgias.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2996
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fb6cfe0fa3284d3515d17ca4a13d4d17
SHA136e5e49d2ca8ccede2a1ac12ece37993613d4721
SHA2562a9fdccb40b4aee5c3c4cf7329190459ad7428f78fc2baac74a4944fa27a168f
SHA51290f6c8c70ddbe9de9ae8d1c96c945904f124636772393e5c660e9ec90d76b1dbada5a6b2d4631763eb4ddd2903a0451b5aab55c67d9d16ffb1d09af809615ebe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c273c0bc840ae160efc1865af92f566c
SHA1575aa3eb85cb30b42553184eab54f5f52be8addb
SHA2563b95c8bcb8a7f06d286bcee41187a18abc7029d99b707d623234f8649763b999
SHA512250ccd8503c26ce705e88f1cb73ca50db3b9dd0e616610c7fed1ae9fe15da03f7e96d884cd79d1792c392f6bec88e06442b664308426514e8639507d0dde3c5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58d6c7899e616d0933c263a701f802fe7
SHA183cc864138279dcd705d47c2ec331456e39090bf
SHA256e7d09e7cd5ea4378664fa9792ee051955b501cb6f5a5e749b5f2d35f4891565e
SHA5123f6ad54a664e7c603029575f12e0ad7ce59fddf756c80d839051db342f7fadc997b8cfd657a95c3773bef5a96216784387cb28e95cb062140f1af513035e3836
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d29244e45964688fa581e1032b194fb5
SHA17e337072f1f03aa7f3d8d04a2700f6a6cde64b49
SHA2564a7820450ec6a15a4433c16904b488c327adf63e29aefabce511e377c637e01f
SHA512cc941409dc83a85ffdbdae48f9d3d47b948ce5b6e6f982eb0831fae3b88899e398f6dca6b7fe31b93ab5afb3870903a1660181413fda010941f4982de95be1f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a7548942ae075bbaf3dddd15ccfd4d37
SHA198ae6d324a2296da62c9956205823efda521db45
SHA25648915868463caddf020912d645d2179f630f7b37504633efe4bcdd760e76dcc7
SHA512c73686e92bfb696aa29fe8fd1175f2706c1cf26245b301e99a6683121b75e0ab09a197fc998f29750f564f55a3915fa3ba1b7fe871921ebc4f69415d6d1a1da4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b592a1a18004f83c22c062f2ed35179f
SHA1187e204e9db1a3fe3694bedd724dbb4a588c1c48
SHA256edbb33288d3c6479e160ccf95cf9c3938d67f405a6e8ed37abe2c23b0db36e4f
SHA512e3cc1e39f847702af9bc7d71c200afc77907f648213eb6a3c02d51bc04831fa41a2ab9251ca14a83024919a5bdf62d2a3ce3279977e1dfb0fb46386b3d188780
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5afb3b108861fc69a61d93d492c33266d
SHA131ff3b65ee90ae2b8f34462fb82208b2cabb6fc7
SHA256191146066d702d998896a68e6067dc30454680be99d58e14ab4685c4a9c4ed6f
SHA51245fab600b48519c97a270450eba29f064fa946c2732aa7d850b27cb864aa2be3f09690bb65cb1794ceda90775e85e1448dcc71d67609ca2bfb66b7c2ddf47929
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5be54a9c046474748d249d46e6a698f37
SHA1bcbd211561ad60a1f96a43c608255b2323bd3170
SHA256b8dcc2082998bc09601bbca7e1bd9bca24215376ed44eeb124270c6b311005a1
SHA512f330a6624496c47222bb0986a8a915061f48071c63d19598f056699dd2b7afaee03197aaa6dd485dece5fd749554315c328eb918abc89a5cfd4bbe486e32d617
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57920218c12afeda680fbc69f781091fd
SHA111ab2543b0fe7720c484f93021239b45e6f51818
SHA256a61c7f5ac83ea1bb2c10f8da312963aae4c1f7566d0c168580dc1eb53eb12b41
SHA512f133020832a832a9d428392df56c28c3b9511b7fe171c3e98b09a4419e99654b516e3747fbbe02bb512462dd7274078049bd21d29f19fa588bb9f4e6edb8fbbb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e9addba06f6bd25cc092c135a00880fc
SHA1d851d53b591f6b82bddcad03af6d9aaf500e0f4b
SHA25647e3051983aa17eea706a9bae233b58275bab74d5dce4770ecc5fa6383cd61dc
SHA512399119e9a31589dc43e74751f64da9340135f86eb941a771de6ca1eba067a85d916fd8ea5e1aee5ed51460d6f03d4d44f9dd4363b02ed9a9f1f9361edd3170b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e32569177bb0b63a7782ba028c475bcc
SHA1b1ea18176ccb2e64a87eda32f4cc8157b6d5f05c
SHA2564d5c64547d8ca9c211f43d4316f0f9d2b7b5e05b6272d67242297d04cdc8f38c
SHA5123043300945c1966eed1b27a11c10b248c087044e5fcf6b08390bfaee20c7a2eaf57377dc9352657a2d3b34d6801a6414ea7ac0896e46c59c5bfb786a5be575d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53ad52fdaa410699a316a0bcfae717478
SHA176af4987c1b31ad5c5d19327ffbc3bfcf02f4b58
SHA256f41ebdbc1762614ed08ec42473738962e29ffd67d44d8381b74cd01101f725a7
SHA51241c8688690c75a1816e36af98985185c6594d451168e797c4a87202d922d357d1fbf789af1f9171f541e31cac3ed4b9195c8a16e7853daf7373823375153cbf2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5af4bfbfa843b9af88f47a30239884dfe
SHA1dda20a105d3039d3b8b3c65dc8232f160275c5c4
SHA2569b719d5e1bb58f663269480759c94c00b7e0e0f188f22a49054739dd797447a9
SHA512070eb89c9eedfddc1393a230fbef7d7eb75d33f9cbd9faf5eef7bfd1f0b267d66032dbf165dc1413ae91f986aec58e6c910ffd1b79a772d88e51562d34462b18
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD566ce17f6bb0eb3eb59a5e7f9f0d16586
SHA1112bbea1842f3043bbc841342b7b4424d2bab8ed
SHA2566f1571cc6bc9cc0db4078b1badf27c4d1518b84caaa1c61adfcf3d9508b063bb
SHA51260237e845250a5659d74f9fb0f2faa2b639a7d7bd74e363e8c224caf32d855590783157312065d712a931b91d97bcaa268b2f36473ae8b89781140acbbc25dd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a6ff9194b50371831b9b67dff177cc33
SHA1f54c53e7b9fc68a379e5743269396c72ad72667d
SHA2569941f219ac5144cfaf36b1811d21f956931c3757e45c8d5ffd6c140ac981c139
SHA51265dab4e2fe292365c5388dc35f64a6bb5ebac0159014f12f3616cc23454bb5a8275cd0b5b9c4e48e2ac0c9f3176bb8d0732b1e43e4899ca053505bb1bc5b107f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b509251044fc65365456c00852f78e96
SHA151353bbf7ecf29cb6d8879ebfaa4d621db3c2187
SHA25684c9d1a7de8b544a8fd0ba0c39ae27de52ba2b605fea135a775bdfb382b2dd3d
SHA5126db63ae464c5976e82c2f0672fbfbf0fc2c78b4d081080d3906de0ea6dfd55fc9a72825854019f12feaa2867b865e95b6bf709e0cac1d52c86c5327fa3cc1cdd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD582d00be780fd1510cb24ca17dfc54880
SHA1cd0dc806061cacb8f14bb20335ae3b31f6120010
SHA256565a12d417d5b7d182c3ede9a9e0a174afe9c423d9cfd216a488f67cc4554f05
SHA5129855e270d220d65191ce7f1e28f7b735f6261f3540921223b48a29691e3c7ac058405a111bad5e08c96d9d0d9ad8fd68bf47baef3b081b2eda86e576baf60a5e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59f37b5d508218e731d17ee69b907b7e2
SHA1ef6a0421fe992323d79b63f38471bbb8cc3b7bb4
SHA256fcde70c0fae7508c19758996217153626f41c0c8a602ed2ad4705920f651bc9c
SHA5129641ccf5b07365095678ae13d0e2bf10271a7a1acd2c8f73f6afab09b3cf77418f4ee68d7ba6d8690313aa56b9312c208c4039ddda479ee50924d346f8cac300
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5625c99033fa8542ff7fe357816775961
SHA19c15555073b950e80f075edbff78fa56c6892cbe
SHA256bfa73a57b26f307eb606af0d83e0e27245b16d41f6be48b562136a8c506d1d68
SHA51257375770f22cbb2de3aa9721b857fc9e85daca8f01bf105569dd59fe713b5b66f0d395bb56e02661edfea00a9e5a3ec5fdcd72ab16a3d543e378f612ee67b93d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a