Analysis
-
max time kernel
135s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 23:20
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240426-en
General
-
Target
sample.html
-
Size
220KB
-
MD5
9c03bcddad092efc98303006220867b4
-
SHA1
88d640b3b78492bbe5b1c7bf98b5b48bd0d15815
-
SHA256
05a92ed22a6581046781c210c35ebe6d07eaf493a4bd9acf83d743dbbef7845e
-
SHA512
e329ca44625c6831b372803daf1ee235b094f42115e9a44fd519f0b7cfe5d4264ecf03ca5068ddfbae6ee97863b064de232834f2331f6db2674d3a109a3dcf43
-
SSDEEP
3072:SvwaDW78Hs1+9JQDDyfkMY+BES09JXAnyrZalI+YQ:Svwgk8s1VKsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423100306" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4F78421-1D48-11EF-9E38-E60682B688C9} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2160 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2160 iexplore.exe 2160 iexplore.exe 2068 IEXPLORE.EXE 2068 IEXPLORE.EXE 2068 IEXPLORE.EXE 2068 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2160 wrote to memory of 2068 2160 iexplore.exe 28 PID 2160 wrote to memory of 2068 2160 iexplore.exe 28 PID 2160 wrote to memory of 2068 2160 iexplore.exe 28 PID 2160 wrote to memory of 2068 2160 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2068
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5897141c1821724d2cdb655c00933f9a4
SHA1d628fbdae4662ff1f2ca623302384cf02382b74f
SHA256de2190bbd5aa30ca10388437796875bc879610d2a986fa475465117b90ebd50b
SHA5129a81841803fe9e1e4d1bea6a9601897a1db7343799f4b69f2d55ccabd6f0dfc9a67e1fadecc963c940f24a5255130b4efb0a681e903ed495443cb7675b5ad988
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58813bacc33a8dcf24286fa43b35a0450
SHA1d6b249bd020902dcbea5e1acf4ddc1e6e8b6f8c0
SHA256b8a710743af581fddfc10a0d09eed31fd739cdaa4d00295592183dac4922cc26
SHA5129b91ad2ee6afe8cdab025cbdaf4705bb6aaa799d4ea8accf231cd71d30ed03a0afe339da8755d3446ae4d5641e857e749d1f6fb45a2cdaaf62f9ad312fca093c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bddbb0d732c6a6d29843228dc5b0248
SHA13663cf245e6db5a260139d01a522d78f4869ab19
SHA2567e5e0686eebfe03bab2188498a4e7f73d89c4ad266fb69360af95176751543ca
SHA5125f547b114f8a40d9081995b034905520e5509718a767233eb06651f784ba7b69510a7313a8e38a64a418678d06ec1daa458a434b9b7b0602184a5a5a79b5510f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD562523fac1a9f07deaab81a09a11a72f8
SHA1396a67b8ed8c531e566f178f93b6bff15ce171ab
SHA256e145a419a17e9fb0e0d986c6a0760323b99f300aaebf2c35b00450f5e866d51c
SHA5127adc947edefcfc06cbc64bb7b6862062ce8d774264771fdd1cd4acc088c161ea310415e7920049971a65a437bef24d0129b8cb5f566372545d6db4c39fb99eb9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb981d426ac0256f4feae9490baa452d
SHA13832b34953e2bd992f928a7450ea77c98f5a8f7a
SHA2561520b3c38529c82a0cea57ccaec4e97ed11a94bce7b8d90ee2730926141ba4a2
SHA5127d1d8ec0824be8cd948446937f580968bde1491970ddeff5454efd5a70ffff60732f8d375f350e839182ea0654dcc861ff15ddab05a7037e56713088159b8b88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e46b0ab6f11cb17b2b4f0d75776eb2fc
SHA19c9b0227198080d5585dd900cae863d59cefdde9
SHA256efb1885713f05f99c8e99a8115cc1f0dcad18c5b4d444dd1265255b70551b40e
SHA512929fbcdbd80e231673e913e83d8c2bd1cba56b439dfdf8a4f97a69c3c858d2d6cc7b2af5979742426d5ba7695d10520933ed90d786dca34abcc9256ec177ffb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ac21cb8b27a7c7b244255f4237d50be
SHA159fe2ad7b529fc8ffbf9fea0a95ba8a0170a0172
SHA25611849b799a70a907e22ac22f2d1296f34ac9fd059b133301734194363727bb2e
SHA5122d95897b5cc978a6a0511f83c6c7f48b005ef0f1aaf9bcfae7c6761f6dc695d9c3969b38ca98e74d7b100185d4516cd5cef73c4f67f0fa9d4c2829c9410c91fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea3a90be6b2c99afd847bb13e20a7fa1
SHA1034843877467c3963c239f6dd50a1c16d1fc4112
SHA256956b74b1dda2a0a04be817a937fe683aa5e792ba382312425d8809bfe463ed44
SHA512ac8852295297b4e07ccbcffaaf68681dbf16bcbd80d31c870b1cbeca648fbff2e4b6d950d2c2a5238370152c1c80bb956036b73ccedfcdae9378ba282483ea2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5670acdba82d0a2bf5b22d12e4488a288
SHA16c488e89d21f0004f96d7646fcccf9e45a281e0e
SHA25697e6faed2624707f9e31a554918f007da7562db4ac4cdf0e9ccb06a9ff93a86e
SHA512a7bfae2ac78cc3ed149b48fb1b181a81ef3bcd9ed94f8132283ab2570f9c746d985a8d1d47c5327fbd70718590ae8fb6c26bc9da48d9da20a1e7180b4a777d17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59447b05b95f4b1988d3d3d8c68f27678
SHA16dbfc59166fe842146fc0fa1c171b9953d4b3ab5
SHA256a3a13cbfda64e5c0fe7e7aec91c1ea3bb69cb4ee1ff4d77344bf01a125c7a5a9
SHA51233e5e36d37db40209a8f08bcdb243a9e17fc5630aba5db1e806d844d4288a561611fefec499abbc6cf53bfa9bea2eb543e02c4354e074a4b879c1a8f16ae0f17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552336123bd4d9e6478b1fbcd9c6877cd
SHA1cd6dcf0932e641b83a2150afc02bcecc3d3b5e64
SHA256887249e3178751ea400d52acf79aca3ca49bfaef63cc683c00e933076d9f1f3c
SHA512df88ac3bef68b0faf9b66b38de24592c221e0663d297fc20a4facb015285f098defc5737f49b38b24723ad32df791e46404bed083bee9aa49c34357d8f32ea0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5327abae6847385eb50164e86e9c9d90f
SHA17099b6b1211c311bec091f8a6c5b249b0b40eb63
SHA2563bbf768871a68ec08528bc0b2dca79772355f2415eb71763b099105ee63b3159
SHA5128b7a5556bcb9c6e6186ef5a1eb03532a6b8e000a771bef2b28dae9026997ee93ed96ff908878e4eee3400103fddf940d443f007cee72bf382004af05462c904f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c416a01ef262cb1f2516a5465cf7b5e
SHA1c5c2ffafc172b8f5e6dd9322dd7fabeacbc45356
SHA25692774c33738633d398319e6c813cc84c389838c58905193858ad9fd668c543dc
SHA512a01fff49397eeda4a4d0564e311ce6205a811705af5cd84da59be00beccb05af1c4ac49c8e5dd8fbc8e0b058841a025d6410aa7c1322d48b10db7755a13709c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8567b61795faaad9d65a0de6d0af7d3
SHA16aab6a0bb286d3c0f71089100ba0594d03482018
SHA2561a59fbd95c872f07c7d911050cf39962b473225c5391ea2d5177fb2e2c9d70f5
SHA5122b5c567e343c24449b3872e45897f215476968039e6efe4b153921ad1a86bad694f80d407788b9cc7b4f824f46c9a7158e748e751d622d6d3776247caab5676b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df55ce9aeceb5506ff48daeba6358f36
SHA17f944566b4feaf9e10cad73e5068d2cf3468fe38
SHA2564899e7dad928c1a088c1f5b7f238d68916796c4443f68ef48b061502e780c6cf
SHA512977f7648e5157b821179455592a6a50110e536c04bc56df3217cd341b10803f4573fd8fd13415eb67ecd29bad3d730634e61811b0ac7c3f6730da65e4eee6b3a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5790ba545efc2ce421d7ec732baf96b40
SHA1e4717f240a2a8442256551dec93fcb6d097ff657
SHA2561e819117aa6ece0700a4f01a9eee52a78c1284cb90d80ed961c75d3fab6a78ce
SHA512ab0e712051ca0d08747a89cadf54c38dc323ab3c4a976c09a58489561f4fbc74b86122edd69124593710269d1773841d15fc89b8b1fb7d7a75d545a985b7bbd7
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b