Analysis
-
max time kernel
133s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 06:44
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240226-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
736081db403fa246d258f29b64d89484
-
SHA1
1588a3a90e903b810721e42bfd56be5f899a5e17
-
SHA256
31dde7d1e968621ddb298d409e5c9fc2d08459a59fc1b77dc20dba863b0cf346
-
SHA512
82ffccd3ae4d5437e928ed22ea8f322056e919319e887708d09c271f8a83a2dab9fdf67d88ee3b28fdf0b28fe4bb3e97352363dbb93ed92235de47401ac44d34
-
SSDEEP
3072:Sf3KRQDgDTq+HyfkMY+BES09JXAnyrZalI+YQ:SfLiSsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{92A67E41-20AB-11EF-84C7-4637C9E50E53} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423472541" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 352 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 352 iexplore.exe 352 iexplore.exe 1636 IEXPLORE.EXE 1636 IEXPLORE.EXE 1636 IEXPLORE.EXE 1636 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 352 wrote to memory of 1636 352 iexplore.exe 28 PID 352 wrote to memory of 1636 352 iexplore.exe 28 PID 352 wrote to memory of 1636 352 iexplore.exe 28 PID 352 wrote to memory of 1636 352 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:352 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:352 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1636
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b597ab87a770522f2683b27154169d8
SHA1aac59a83ae2ee447f51e3a8806da9ec4f2783e63
SHA25613ea145582684639bff91587b4445cea84cecf7b4a6dce06c23eed8264d22985
SHA51228c1d60503edd5eaad4dd8e57c420030780ec9e36b76a0c9763a3499048c67ff25ea622df5fd092356acbac59ec91b18de73b97b6d54b60f8d90bcff7f989f5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f1bcea90749251372c652447bed21488
SHA1ff8b72c8449c1a2a3d47c8b6abde123fa8e43434
SHA256d87e1e1df67b053b53e863fb12918cae1f886745bc946f90c7959735b1d625b6
SHA5128edd3c67f71193e41bcbf592666f8a9a6a8f1317587b246e55ac308a215847cf55651cb3d5d0fb0a960824bd639c0b51cf84806742a60a623c40124efe488557
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597b6f2e56f171d166eaffaac14c6cf23
SHA1ccc86b49858734724cc94c122997d0a2ea091284
SHA256e6bb4912e21cc9e76b2fce2aed059f5f65d77edeadbdef6ae3ce4481ba5eff2c
SHA512c25549fc3508b70286044bfd30f73317ea1ee0823722544a780dd550df0c73feb440cc27a9ab5421c8348f2f63c082b670b2797af45e92b79b576d98dc612625
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f269cde160e102f78e9bd2606906cb1f
SHA1d2484f64c030d374dad6edb73ffed5bf9a7fb568
SHA2566499cbb4ffe4c2a330bf3913e44812253cc0b14979cd131217acc7bdbab1bfb8
SHA512c96748f2a69d1356988986589087177dacb19a78aab53f02372cda0ccb179ab03b2a809f249c7b4fd692be33ba237d1eaf781edc23509e296c0e7196da9ac9d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f5c19ae08783a78d47008602d394979
SHA1eada01fe687d755530d535e4e041818e4edab4cf
SHA256e3b2b30728714b16c3158e352c585a9529a2eb60b7f1674f358cdc0f7afb57eb
SHA5123d8d774bb68e2a7b29decc76fb9d337481aeba5dd4aeee6fbddd6e65efe1e81bd2968130213c6084a7ed9938e2a5b8778268a4c99cfcd9671825fe37abd258c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb5e2b86a66a58291c617dd8d4982cb1
SHA1dfcd1c940785799acc511bac60e9114533ac3026
SHA256c356e07acd6374c3d4da6f9c7b8bd1b8203690e34d69792b935de61f79672efd
SHA51217e24f05b6f47f2dbaf709b9f609abede35dc46c0672a552bfcd23e1350f73d5ea08faf3fcd8a390bc3d4515b7c88e8c67cd61edf10e3b084a58f4240d7e6278
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b9ecddb4518f68d5262f5dcbbdf2e6d
SHA1dd0e09c1f49673d26760de2400a03d61bac2e888
SHA256e1ef45def5f55816d9f9ad52ea64ffb63ec945b2ee217473cc79ed2f7438a3cf
SHA512a1f2fb609c6b2f9a855283814b5bcca6942060e51ec5e55fd1960f71942153b5c4f2a8ec41e9ece4e3bebae2b68489fdbc1add4586f19b6c593f0a47b734f503
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57fd9ac058b30ddc2f218adcc6780eb24
SHA1e2060144f1bc24f1a838be7116e2ed80cb7227f5
SHA256fec6c652057cfb9cbedd38c20af7f8f94205c8c80c1de571ea552fd9aa2bb765
SHA51246dd9723cd5ed86f70a6967294a7f437d7abba97776945301bac8f7f95f37f37e1ed1d75374cceca66f071c9ec9beafdf6e00dc98ec5943884a55ddcdb6bfdb1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab88fd239a566e5b347e3fbf6a189986
SHA13542cc3fb66a06f294f47cdb7b2293cc761f3324
SHA2567abe74fa068658ff291cc1ddd6db9224285aaad5dcc3505a00c46cad0e1d6af1
SHA51233cfd570ab094fc3944462ab2b1c3c157a02e6b3856c8cb4aa8abf7fa306d2530367877973bcca3f874917e0971e07baa1b5ce9d07911f85cb135a39b30f89b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7a8fe2cc9f79c563d40afaa1e879d2f
SHA11fb96242fac5038fcdb5752bb830f784fea8e23f
SHA256b1d3f0a91cf52a2ea7f289dda077d10656ef6477354cfdb6089ef22de6ea6e0b
SHA512f73e072c12ea4e6139438802bd191d003991b3457fb99956d08bdd17c765f6b7cc7ccba4ee60f45d1d1c3d1160c128d0c5ac96dbab050cad8d62702aaaf42167
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52fc30279f5b3468249f71929e585d732
SHA11dfdeaf61abbff2ddead080428464ba5b2b34a42
SHA25607904e506db8b13e20f53b07fe4a78ebfc720d7b96b167a34103545a5aee05e0
SHA5120759b7c600bae0a2dcab34525987dbcb502f46a19e2242277866bb9c6826182cb0529537dd6971724d322d4e072b285b0a5cec0604c51c29105175e6ed3a3d04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d8b0f480893fc372de3ebd9a0c911ce5
SHA1ed1940c9998a3c0bc189b3c8255b8db136883e0d
SHA256e75a7d154f3d28399f0fe11e37e572bbd694a597e1709aa4161ff21f19fb6c23
SHA5120602b122720fb473c38245e3849b72b0af107173374ef7d6b6ad9c6d8d838a54ca01e28561caef21189584a661d9f6c53ea1ed22cb8bb07bf49459c76080c9ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD516e2cb574d15db9466790b6f9df050c7
SHA17694676cd93968b48e45b13f50a55c38065907e4
SHA256a4eb1d8b877956f4c55682f659f8b3403af74fb17d626f2046aea7e8606bc113
SHA5128f04078eed9698ef9ecf6340058ceacd71c6c90f9d37165953bceddcab9faba7478050869a0ed940c1dcb86a4143409057afafbf4154b001ce80a0d27f5407b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f68e0fbb5b0fe4eccc882b1f6197cc93
SHA1a888b513570213c00fc2e88bd044aa95f1d3858f
SHA25671e535e751d67e414cca8bb9dfec3f58fb0fbe65b1cee65191bd7022543f6a9a
SHA5129f8e75d92ed6d186b7582033e61a0c83ab0b9a1763fc1298665f6afa13ea7a949f525fae8008102d48de40c619f3e7c4b3838b2205f510e882ea87f1a83ccdfa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500206d08f6c96517e860a51f80422b27
SHA1ef21ded96aee575a84e42e096d02025e431d62e7
SHA256b2591b46db1823834561ac59c0d044003c5c8a5671f2e9fe25fdde5ec1e77ec5
SHA512226a56d7ba045dbfcdbdfae886a7193dc68bc4209641514418b6a53705dca12bcb89ceb78af2e7f7d3cf675218f5977097c81a206370104cfeb46c5c105af25c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5b8b90d80b18b2982620608bd101df1
SHA161389d5d8401f7b0a666ffdc8df7dc12ee3345d6
SHA256c8511a04924de0a2549c25b679e84d0b25cf2928228a21911b8084ea8afced42
SHA512739374fffee47986ba5432606cacffafb0549406d3a3d74340ec632f19051f56ef4c1a02215eb6a4b18e39e2048567c35f23c44dbd665464e8e319abf6c9d957
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD568933dc60b4f6963a47dea3717fabe14
SHA15ac8e72346c11696590381c91542a196d38c45a0
SHA256c7d4358c869b4ff85c981866d6055482a53e87d7055ff6f8f8508d12f7d540c6
SHA5120f46729a138ce24bac6c40bbcc6bf659fd0695e4649a691361914fd783938cdefe0afd41f6346994b045b0d28dd537639d9c966abbb46e80a99b1101b7c4d5ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c3b6ff39827a1926b1e8b51ab525c9a
SHA17c6c8f7613126527dd1b3e44056687e6c4a0d1b1
SHA2561ca185b5bb16b8df6d76e137e6a71b29e1e972b5c78ec79fcdb4c713693e9fde
SHA51235c8c357459cfbd7ad3f844085d1c38e11b65948c979027f2e4278ae36ec0f851e24d765380db7ea0fe089b82a1ce2505faf25cfde51230c990f0af44b5fb113
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5945142d9766292cffb6677d877ea4a80
SHA1f4a364e56085522100ef198e974b1f5fd236b3d5
SHA256971e6406856e3a9ee8d16e2f5ad21032fe232dec5afede01f0c344696e73f136
SHA5124c0e91137ff2581b3f45a187904597db706bfcc92db4265053877b87f935eba5fe090fe038d59919b9e6635b2244bf838d0e7eeeb55c85aa27b27f551604861c
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b