Analysis
-
max time kernel
122s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
download.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
download.html
Resource
win10v2004-20240508-en
General
-
Target
download.html
-
Size
124B
-
MD5
b2777f10576ddeb62ef84085496d4140
-
SHA1
9a3abd7550f982d18f2783c0cdde4a8f76c2de87
-
SHA256
79bb0b6f17bb14e1bae777a99832cc6423b23b1c9d7c969cb3fc11a775bf779a
-
SHA512
bf78520555c34be4aa9e5dc9cf42c67082e24d14f89e6515d87f939c20f369145609cdd5082f4bc9fe2044c9e428d03d2fb7711e5c7864ba2324b281b1086339
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8F9B581-207B-11EF-8CD1-FA3492730900} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000012b260f2824e0042b518997a13bebd6800000000020000000000106600000001000020000000b9690172cea6b881f4cffa14d6e8d54f330567ac9cfc8b014dfcdfc1d25621e6000000000e8000000002000020000000fdcc0a26f112ae233882f2ef5ad01c5fb11db6aa18b98e02483ce9e6f86d0177900000008da5ac958d835355a42bf84f6104c8de0f7641f275b477b58d3e4723fd38d087f61576fed0244cb0b905694bdba19d8b20a9f8d3a58d3c3bf7bfe7a5d41c8838b5cdf9253a35c55a96acf1f44ff72bc264506dd389321e2de23e209a5f8a021ed29af0b55125cf9e2236cd6f63b6d8a16acae4e0d9b15cda17a2d2e0312e36499c462cfc51a6cae5d1308d3fa2b0b35340000000227f19d45f7c0a97fb609c6988a5ceb5fcec7159223a84dff8e1b3dfb936ed461adfbe26ddb9a6bad50941db57e74d55e7d7d5d437fbef70901bb0eb27c40ca4 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000012b260f2824e0042b518997a13bebd6800000000020000000000106600000001000020000000373855463db1a5582732e68858bfb90107b38f894ce05bfc42bf856e821dba83000000000e800000000200002000000007216ba5913591df36d8d88b638266de5b236e04b1356c00a4f1cc2d3165785120000000272073c98e2404c04d43df314c1d59ca357467361db054ef4b3447f5bd050e99400000005ac4cce02ec38574b2ffd0e14e44d3e1adfbf1ca524584e4c92cf2804f6ba11dfeb31542b2ab7d0e77858a2887d5d9a9e8cf7b08a453e40b2642be681637b67c iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0329fab88b4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452074" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2172 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2172 iexplore.exe 2172 iexplore.exe 2344 IEXPLORE.EXE 2344 IEXPLORE.EXE 2344 IEXPLORE.EXE 2344 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2172 wrote to memory of 2344 2172 iexplore.exe 28 PID 2172 wrote to memory of 2344 2172 iexplore.exe 28 PID 2172 wrote to memory of 2344 2172 iexplore.exe 28 PID 2172 wrote to memory of 2344 2172 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\download.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2344
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507c87fea425b78906a5e76d728393d71
SHA1d9f2df01e859661821adcdbe913555dcce261e11
SHA2561953a6b5d5dd7521d85ed9ef0de315a72e5d6df96734bd15854245936e99167f
SHA512e495fa2849e1e28313aecd5bffbff0b93f5256e76d849f19eaba0f90625f43a66ed5fdea8f18b9207554ddea97c91b5fe91cc1514ef84b3bfd1dd0509ba5ed90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c26dfb4292f227670321cfc2344bbea
SHA11263b4de8950c7d72a3e14f2c05a25a30be5521a
SHA256fb55b76eaf92eec77d7bf1a109ec7638956a3ab293be0185172636068778b2af
SHA51275c4df0d66da792dc7c881ddef3bc61fe90d2db9a7d9af3ca89e14a8a966332ca65f1d420b424f7dfbb55fb613562523fd61a43d4433284b7021f72ce1fef894
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e1b5c6f3908a3b46aadc31fb3335801
SHA18298857436f49e3537dd94d050572f2788a672f4
SHA256f219e30987a63a7d492ce72ac91595a5a11ce4603254d87c29ec4721b1dc324d
SHA512c1dd0aeb3f9595e1d4042ee64e3cdb876e9d93de8ce7f13220cad35ca2daf335ce34b7dbf3c87b5acfa1add6e435b855ae94e4765ef9deb3f68d45c5416913a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c3606f1fce5cbf6543eb0e51bc1a6db
SHA17f7dc472d321fe56e9867a0b080bffe2cb8b4787
SHA2567c200326516018083c4227d2689e2c30867ac8006a28c30a7a145706f2d5d237
SHA51236ac6eaf90cc53a613ab9143bde0891c8d9910831ba29ad88c7462afe21c080cac71c618115ea027bdb02333c075b0a5643ab5d16d5111df66cdf7029bebc2d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574a70079879cf309af5211a1ccae6d4d
SHA199034ca8fdbd836a6105eeaa0c0742823f859c54
SHA2562e603ab2dc3eb087a1708e2bc4e96e0f7511aa412e0bcd18fd64156df2951115
SHA5129e6db3dae561220b789fced62ab83d1e5934090e361892cf280ab1c287394aa57933d1ed8e016831d52bd14418c559a7290a49a6ee6abab988cc42a365d5e3ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58daa00172cb265a8a68abf8c25749b5d
SHA141fab9d13010d07c3e61dd68691a1ffbf42970df
SHA25619cd78c015e0650df616b769162d4e261a73f743f1aae94b7d8332aec4a77848
SHA5123ab5901b80ed560bff22e4448f55971d8c08a81103bf0d39a415cb2347a6144fa09679ed84ebb2fe6c727416f84b5282891e7fdf9fa45433bf7ef145573f3fcf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f6ad91fa148f9cd25e58c6d401b4aa8
SHA12baf648de8d6a3d62c62d28b24799620e0c0178f
SHA2560ad28eecdc33e93a518ded5d9a0585350c6b08a7ba9a6bbb4645b447e06804e8
SHA512b8fd322fcbead6923b3a6eba7161ff2d537a8776fb34eaa4197499f91a56704628f36d194c5b5ad8999f99129b1aed68869271d48c4279ff08c98f4e3cd5257c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d29a53287418464732b8570242382fc
SHA1ad4352caee7d619e58307daf979552ea6e5e7899
SHA256db0d2fc4648dedc7e58b419bd6b1922600cc7bfb183389b4b1054444b9dc3578
SHA512fb4d06339d72bcac4b5c451e3c4bc90b5112851ce545948fbac3f14132bf6affce17364d53a195ce430be01632600cf558eb908b9d28df9856dab8538f385b12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1e0ebda321e27e9d48321fa3ebbb0f6
SHA1a24c8fd0f2462fbefd6e82eeb8e93b929b903e66
SHA2560d5e744a87f8b8813b4261e9ace6b67b72b6c3f9a9d4fbaf78f51e1664ee3653
SHA5129de1e2c7d1612b795ffe69dab9e3ecc3fbae999d84234e73720ea804e29f798786ca3a3112ed747d7d8492fb8f7acfcfc9f895e72b394cc233f7899d991e145d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b