Analysis
-
max time kernel
138s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:29
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
07f2a61e7113bc64adeabe8f1e593c56
-
SHA1
824697278ea59371aee4bc285768efef093504e7
-
SHA256
673435b7c6d785989a1c385007da14e9fa9d9625088ad55f879c656c7a078adc
-
SHA512
341d3be1571ad28692637caeeab352412d626a338dec87409b7720f2066fab1c5ea56ab9ffaa04c4d2f3e22b3b4e960d1ee2b82ca47be5af8a0d3f88ce4c2b77
-
SSDEEP
3072:Sl8eqlDDeyS7OyfkMY+BES09JXAnyrZalI+YQ:SlG6rsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3038881-212F-11EF-BD6B-4E7248FDA7F2} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529269" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2848 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2848 iexplore.exe 2848 iexplore.exe 1700 IEXPLORE.EXE 1700 IEXPLORE.EXE 1700 IEXPLORE.EXE 1700 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2848 wrote to memory of 1700 2848 iexplore.exe 28 PID 2848 wrote to memory of 1700 2848 iexplore.exe 28 PID 2848 wrote to memory of 1700 2848 iexplore.exe 28 PID 2848 wrote to memory of 1700 2848 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1700
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5caedc8f7cc234695c8e0500f6c57c88c
SHA1b598fa862f462915a40dbaa635db87228a45fbd0
SHA25692669ed5d5eb773ab14388bd873c5ad83ee5b16d792a288be052f1d6155557ea
SHA51227d1811f23323695525ce11a473366a06d7cf79980ee69a401b7d493e959bbd3eea396ff95acf6e76d5ee3d6e121e292e503039fbd3492a3ba55a9e64a1d3239
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD585d34b751ef3f84a29d7aa46c9784809
SHA13480c533d2e8ba38a497a393c0b93d3544cac6ff
SHA25696fcc2260c39a3de85ead780972022bbfe8b2da0e723c0534e71fdd0568ebafc
SHA5121d99889bc1920822975480386c1c042c8590d82f8b4caa816d06eba54de9285b4805e8f4f142348b1bf36c04a138d7fdb3c9f6841c12f2036685d982f8fe9b81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58518d7c291955a70891554ae098c31e0
SHA1eb30232c64af963916f1484410542132e4cecbb1
SHA2566c7e8b5fd769c0955bfcd6d91581a6a304eacda4eadb2b8fca8a5a37848b4017
SHA5120abbbec9ebeab08d2b4cc0bd25776cc009078474cadd9a0bcf4540cc3731b1e3456e10d8159935c5259b5227e81f37e5987c404f69e0cc12821f1b46103ac8f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f88da1a130e09cbe2625e057302629df
SHA126dc8a2108eff9156d1f43dfda67bc4a898e6037
SHA256e8ae5c147e2703af00946e39482a85734b1761081003bd039e4628bce419a801
SHA5123bfae6e670605cb272f54ffdd9a4e3c7d7a9632c00c2359aa8c61b6d7b03badb209c0b92508f30f9ea8fd4f2cd16db5689207fbc857d34c0aac8c70c3861d25b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5a655ffcaf0beef98d9c87e6cacdf6ac0
SHA13412fc206e214b089c22a27f174bc8e080eb6cf2
SHA25614dbcd74a5d072696aa374428a8c936643957e6934ca336814936aedcfd2d87b
SHA51210ba5628c82540b082383bdb922b163d5f528c849a4218b61fccacbb2262cf1e13f3c70e03135a2ed31de88c28900eb643463a3d0ac8e57fa80d4aa0a416813c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f8c57869b4a14d23babb308c3058b926
SHA101cdf2691eb849b4d64a8df3330caa7f5949b676
SHA2565f99c7a722d704b03523aefc6b3c348f95c9ca245a1ed75b6259fb26144f2618
SHA5128359077ee9238b3a46a635eed1995992f3d823bab1b970a73685d7505d3e743e5bfa07a0991af69173fc10790611429dc2da877e9f5d3e6f5765f65d549e8acd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5072f0dc24b07c6072945d726fc85e6cf
SHA13af30e42bd54b6538ba2cb6e11a3da8f5a3186cf
SHA256e70a7ee10a5923b699f604cc80a9374722b6740db858e10a6a11a64ff4f7f0ca
SHA51206765f89a905f4c0b4d98ece094ded2b72f5e11a69d0ac0b09bc5b172a426c82acfb1b1ff75a43605600ea324e157c2a84a2774ea4a20be1e89e76989a5947db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5bbe89d2340145414a42d4bcdeb451735
SHA1a2363e7b0d71e39db06e88d66160a49b88cd617f
SHA256fe0d2a82db6312805e829cfca163cb41df0039457b6d8fefe87f6a463a84c503
SHA512496b997a9334fd90acc5748b99c1419fa90945ea0a9f50e12cde86c579bbaf26b03db20f8c0edeec73d27be356d35950398b750872ad06eb6254b9f8af1a6715
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58edef3dfc681f3e7ca91241c82098219
SHA1c75e2a2c80549a844201b4c0970460e4e2682b56
SHA256be6218bd3cfc06a6a52058d255124cbb56e7f38380b69e5e171a07f00324df34
SHA51255ab378edaa6f7c7b98affed0f201553ec1dc38a1a3f56af03f41b3d6ef56566f185f327aac5e1a00ac7d44b35cf1748b2647bd7cfe24e8617f9080048096027
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD55f9f28040e5e109172be0e33fa8f3f5c
SHA141af9cec6e844d7087c1bced19666cd0e1e80db9
SHA256c5b590e18cbf966a0d305ffd62b9f28b890f620b3e4216ca8b98937f6fc05519
SHA5128e06be09be611bf3418ae72d6cac240d70cb4c0ae66bc25376a81f03c00720fa33f18697ef4e8e3e09e7ae89b2822765da7eb29d90340c5c20239bbc9df66447
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ab815d24206de38604272f9cb5af6165
SHA1b1af1e93e50c7b375ea366bc9fbbee40c5765826
SHA256d93110c30a7950ebce3530c911274bf85ec73379aa1a89286e67f366f4dbccb9
SHA51241d3131ec2c7325ed07b8933ee41b7a2423260a1cb029e1adbcdf0eb58f8b8ff07ffecb5b81acb2288d038c053886642fd32ebcbb8c4babb6724915ac42b1679
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b