Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
2e618a3c10112637b5c4d472a8eb9cfa
-
SHA1
f5fe028a2127f32ea0a821b8bdb1aa23005e2592
-
SHA256
fe0d7f383768f9353579e77be6e53ab9e5a7bf39cf221a9d7ec7f1c66ad93c6c
-
SHA512
1fa7b5c1c391663458adb5278bd2b4078c857eb219736003fd7c832f52d33e5d88a899ae10e7fd3d4136e37417c09ee8f7eadc91dcfb4b101ed52e4a62fd16b4
-
SSDEEP
3072:Si1ebhow9qB/yfkMY+BES09JXAnyrZalI+YQ:SijbKsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130605" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{70E0B471-1D8F-11EF-917C-6A2211F10352} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 308 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 308 iexplore.exe 308 iexplore.exe 2392 IEXPLORE.EXE 2392 IEXPLORE.EXE 2392 IEXPLORE.EXE 2392 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 308 wrote to memory of 2392 308 iexplore.exe 28 PID 308 wrote to memory of 2392 308 iexplore.exe 28 PID 308 wrote to memory of 2392 308 iexplore.exe 28 PID 308 wrote to memory of 2392 308 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:308 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:308 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2392
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56cd0465571c9a6b064066877452a5e77
SHA1f820d0a81b3fe096024667e4bec5789ec600df8e
SHA256e2312e4e6dafc1df5d0c8cf816517bddd20488d9a5db63484b1c70984a787279
SHA51230a6f7de5ae23c7ecec886d87500e7a8303e5c19fed519d8878029298f8ea34408a450ebb03f3413039ecaae47c653cf12b1ef694167b7f4386299f1b397d1e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c2f0bf7201e715052008e88309f4e7f
SHA1ea2b6600d934aec1e6a64bd32cbda502c44c3685
SHA256cdcb52c24e9f0ba3445b969d70c142774a80630d0dd0d0d3b809642c7adc2c1b
SHA512db5fa244b8c7a65c991b5402739869c48a662f6b6e7f0fe8c5835fde73498182b0216ce8274896cb16d0937a4e12e481a74dd487dc45d7b05871d1fa79c637d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a64d569f00f5fb803b1696e42800f13
SHA18cca5b5f293d8e16e8e5c2997f8ec0ba8df54b75
SHA2566db98680c9cde1baf926bdf4829a339ad31ba89ee081ba25263acda4abbc50ba
SHA512802549330c2fd6154bd05c05ae9cc199941b33ebb69616179ba267332e993e15da64414f6b887810415cbce8aa9427e22fc1d199a0b506c8070123b4cf0e1b48
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD527145f606a7945613462deb97706f31a
SHA1804d1706dea22dd2ea27e506e882fbec81367cdb
SHA256ca664bd7a3ac85f347abc7d5891ecf06061048c71340b7a538c3595b44e60033
SHA5122510c8b3d1e669fb1512dcdd4909b6f27ae9963c4c36a5b64e2bfab39a2c4422ab6965a3f28911f8c050fee571466c0be25b10a6dc58b13136896fabd43b399d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD586decd06e52b4f47739852b53700f214
SHA1d519e1ee110c18abf343c678b52d567b2beb9317
SHA256c8de42c583f86c230edae28d70313e7bf8b5232fd27c8dcc1470de1967204223
SHA512d4eb5588677dcce7352cc49dde635ef21a2e7c129a73c98cc0a921d3e07681692b6957f6b22fe77aae07a3e12aae57ae834881e0b9376bd00adf1155a6d21d67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56057b440f4da870cc346736407144baa
SHA12902da512576aafc870dd433663dd236cda44465
SHA25600b6c219a360bb71f806e671a80503dba2a57c94757d8379e053ce1179a905b9
SHA51299d2ef661f47e7c2fa8e0dd9f245d7fea7f4a0e829062711f64ed0c0a9ad2611b022a6ca7ede61d51b98fbfd482421db8c132de5c7bb72943a06f64bb8628f66
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3ff668cdcaf722320a83a9cd85f3bcf
SHA19e55a78da08227cdb1ff339d90c562d0c54b08bb
SHA256fd9fdc381277df8c0104abe2c167115e767505984f87c7edcb0baa921fb8e190
SHA512cad3cb0c9e810ca3ad69ef3f7721448e34b59d9cc6644753510a9c5181b12d0881467a3845950462cbffb7f0c25652e2f7737d5900b16df5e35706b987df3674
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f505c739321a9c443682d3f98893f5c
SHA1667faee633bbc5e52056b86d99c5023a2a9a8bd4
SHA2561a88c019fea7ea258d449c19a42a32f7de7bc67e6cc68bc831af95e8a570d422
SHA51220a8135f41913d7ef13ff474337eb6681da370bd3759e7128d19e8f2af728d71dac5f56b5573c67ca4db2099b465e272196b7db5e7dac5cdafe6c0306c2ba556
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521e8ca3ccb1c8c673ba1aedfcc967309
SHA1fb6233da7e687c01ede52f564b6ae73cfb1cb7d6
SHA256b8812d2573a36448c145cc4ede43bb09f4d794c17f57663eddcc7575ec93c348
SHA5122452bb2af8e726840c0004e05759d67bbf018b90b5292f40e6a2b9fcc3c84698fd49bc362d52c874d7451c8aecb9d564eb410d4dc7c2ce9f5d74c3ff34b44f3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5391b34fc37d31b38f5c516f6b808d6e8
SHA1c51c8a8719cc7f7b550afdaf6c17f02428c1deac
SHA2561535cd5ad7633ea8e8eeb8d26a7a1b7ed56a31ff41177bdd590ebf3dc881b350
SHA512f1d351a6c438ee6e5403f6aed6f68d7f58dc05f52039361f47399b90aa1d0619469fff8d8499f898581fc45640df7e8b408152587f704e4b7b6985e560a95cbd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c367d203198b7026383cc67b859ddd0c
SHA15d18e62f9b5130e1edf7449d9f5ecd9bd2864000
SHA256b63e5ad6d7b3e562d6ebac05d8865ee41b6fc3a9d9fc43f00b47b3b744f2ea22
SHA5123eb09c1d1c723f3ab86e85ec95ef754a8090b0121ad001341ce7b7cf6aa05751c88671bd34f417c99b5754e033b089f04a6ecc8debeb93b1c5a616a99f344ceb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD586c99761e1b3f060a1481d2639dbbc47
SHA19f9b40a6ec65f64456119a60f10005b11312a58e
SHA256c99aa2dcdda86cd80027c05877991cb69b2bd85d26f89e6a303daadb6c35f31b
SHA512c897593863a996ae3e4cb042af5139db9a2bdb7d82872d722eba76325b2b0ea92402a127b0c9221ed147e6971f90589097a24592f28820a8c5064c0ed612bc39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5054eb3d49885f4510ef63f236e0f244e
SHA1aa266a01e924b8d7712d83b06268c135f0e05bb5
SHA25680a99162c7299b8c4a0db614bbc620bd44ad19dfbf8d0b5dfac42d12a2f8d6ee
SHA5120663952290482ece645350586d72ba96d41c2fd946db60e8ac5a212d206570db7603966c4e6944625f42671cc1c701290c3b21bbefa58517aa9cb55c352b486e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD569415d8a766eb836c44aad5c3869e0f0
SHA14ddb9391a73e9ad24e372fb0efa1844a41170c6f
SHA2567d03ac614d29b1840eb21a97703fc289d3e86df0ff5c7c9b59c67dc9ef48239f
SHA51222baae6c921e3e69d1277644325c776a469e0dc4db06f4c1c59752c48e0df1072962995d24d2cc8989083551058e235bc64ab0ef4e5d5c15e4462b715ab1f606
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf13da2ab56f62c323c20b6ffb58ac07
SHA193d1b5a0903cc92e6dc7dd9955c5179b21db66d0
SHA256ae0667da547b39aef49029b835aa521049f9c9de3778764a6375636e4df6daf3
SHA512e6a94e1bbe2cd3727837f9541917c7bae42d990c67c158945d049e6e7d44a549e93439ba4d00df284836189ad70d533018a5b29635a55f48a7583fd6f06deccd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5659804645cac4d65224ee5788e2eafbc
SHA1a99ed76a1c6fa3db5455b3c8e32a171c52bc931a
SHA2569e8bde0bf69136a1cc0b4d26760e18b5b8e88e990b395b05ef951ac7c17232b5
SHA512f792ea923870820036a7780b75c5c0328ff7249bd0ff139992d07192359695bf31cc5cc3438698aac3d618de4136385670248bd1ddca112694f9a8b3e6270005
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD563b23f20090cdfe3730cb5344a419bd6
SHA13e7051140db0a827dc61920ac200c46d886c3656
SHA256e8feedbde65b728bb8dd98f7405555dddd6339f4f437bdddcfabadd71d4715cd
SHA512a8a26f656bc93e44fd462bf3e6c73690098fd02ebd7d5ad94cd354e99bb8def183291f8daadaa1ff7da3a067fb4b67438a12eb86e9c341c990c65e3b0302e4a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589644413da5d38045dc1896833ecd5d2
SHA11d4f394bc9c3ed9225107f73fd56d23c092f8a10
SHA25635c45afc32090734aa0ce00c03e5137c48e8203a75a465ee273f38ce2c794290
SHA51269069e182dee92f20cec121bbbf2e0788e18076a2f1e0061849cb839c35a95805d87fbd82914285089d1a6abdfa2fc346ec358cfa255c2527526f37602cd6d90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ebfe062e7f10ff8b819b05cb8f8cab15
SHA11bfe4c112b39875afe9f7300c42c29c772bc63c9
SHA256e77a96db90dcb0e1792f517bc2fe1bae2e7330b633052513572ba56919272a74
SHA51273532fa5fbc13eb29cdafaffa864d03aa5f32eff0fac884f7fa0ad60bacf5df1980ed2840a078d0e2e02379b9250682b03998600a4058163c97551f4aa74007e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53d1cc62b786e645aa413bc385e914b95
SHA1a1ace63575b9e99280f0f6135d9e6f4442dfef85
SHA256112db386e7e88584db8fa90ebcfebd51d25bff9d79129e480c08f822046c3d63
SHA512160ddcbf342ef45c6bab5520b1deeb8d1c527f461ae2c5fe0308b4ea97913fa4bddfa05a5bd429460a624e56b80c5b3bd00d59658535e8d4a4ad020a21436904
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b