Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:54
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
e380e161e387f9d57cb54e627b6d85ce
-
SHA1
71486a96a9157067b5725f6b4b2c74bd317ee833
-
SHA256
622b5c4d806627fd00d17008cb212f5381c2c0f11546f8663f33c5611244832e
-
SHA512
0d190178bf2f90e0818cf02b20273c7f11d76aff88d472c036713524068a8bcf7a47d01ba02015ab561f129be305d21a58a347ecad087dc94af5b0761c03a804
-
SSDEEP
3072:SWithdO0hVR3yfkMY+BES09JXAnyrZalI+YQ:SW/OCsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA46D481-2186-11EF-A3F8-62949D229D16} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566722" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1976 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1976 iexplore.exe 1976 iexplore.exe 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1976 wrote to memory of 2948 1976 iexplore.exe 28 PID 1976 wrote to memory of 2948 1976 iexplore.exe 28 PID 1976 wrote to memory of 2948 1976 iexplore.exe 28 PID 1976 wrote to memory of 2948 1976 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2948
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52379b2608947b11c6907295f855404e7
SHA14ca8b34459441afb396791f0b838e3ba2d8721a3
SHA256e5e46d23b0726ec5d79ce80ea54932bbe113e0684eee26f4fcf6307227889638
SHA5123de1d0281d170c4f69e585f2a7ddcfb201b9ac04726f67dff3ff01f48ce34559562e46055508fa4d31a38bc7087c83d064a98c4801d8a2c39cfb1973df9923ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2ecbd79faa28fc1b2c99c8d863f889b
SHA190a1dbeec0fa0c51da5554504f610194f383aa16
SHA2569289c1a996120166f3e22222264c9d856755319bd6d4b0f2f7b81cb969cf3551
SHA5122f93ccf5847b701d49d5817de1e73ec31d61624e112ee4c5f667f4b2b6ac4b87febfe83318c8a6e403b5ec3166c76bc8b38fd583891757700738147e4cee8b95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6ff6cb98f408531cadfc4b0cecf392b
SHA1afb6f8da0c940e17797e70fd6778251aea26f53f
SHA256f65e019db9ddee4032cdf0f65b6aae678d7cf4d25a1b01ce3271cd377d0808f3
SHA512e71c99607d7035407d082de9fa6cec024a5f8897e24c193d4a55a7ec880dafda70cb1169cb547f33f04c7475c3c803091fb7bca7a01b4afc28de7295a9824469
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5497e3eaaf321cdcfea38ec6e1c100e25
SHA183538cc4c1dbbb245f8529bef484c18f5631cadd
SHA2568d91a9095411aabf5c58c903b31d0813b812e18e1473ab23e27fe8e36890a14a
SHA512bc5626765450df21e879690bef71b27d072dceeaa5b9d005a6a62faf82e4c80b0fb2b8eb4efdc432d3c9c5c9abba74a65436be40a79f27689eb5516afd2af19a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d19bfff4d67bff4758bd023e2a1f350
SHA1da18674d0ed1244a703d874f73660e9aa46398e0
SHA256dc820d89ba4eed5a02d4e3943836d8d14574e6a191d6a8dbd7a881b9ea3e56c4
SHA51230f3f1e28554de886cc7f2c11487f3fa90630160a5926911280ba8f95d310b71b14da0e35fe19f6260182520267a9720dfe96702b049e4a3628b770e63286db1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a56b13348e76daccbc048e0d0600184
SHA19d2281b5b1d5a88edad26e05609b928184e3665d
SHA256193bb8351da5499d7efa203087246ca4dc169040e0b5edc6159b71bbb436cb7a
SHA512e52f9fe687da6579a73ec271938bb526d710ec72f58a7fe9e6ef3a99e7fd094c3e11e21605751a6d219f6f4bb63ec0b0a7c3af0c745b36f62d3f9f186e45ba66
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1af4e250add533e9d7557dc8e32aeb1
SHA1d5e66d43ca2f122fb028a857ae3c10cdaccf7d45
SHA2567f899fd3d3bf1fa494bc5b2912baf2acdb2d4038661772196602debf113c5c38
SHA512528ca20b349a12b7d19e871962980da64751510614262a7771fd58e2937da33e7472afde1f8953c3631ede5edf5983ed78c71caf3e6e01d645224e7d6fdbdc81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d55818fa6c76221f63fb537d0a24d1d7
SHA186f2195d2379e1ea67398c684bd23af1de63c9f7
SHA25664e7b1d82968de346c8ca96845c3fdb2ca3b6a17d103bf8b2426500f49208004
SHA512c290e6036e14875c65878ab6c0e80aa0c63fb6ee304af4de82498deab2f28d42ab678699069462e59e2f6f72b022f5b32a2d546a8f85d42fab110bc667cc67c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522416b195566a8a316cc482062d9e85e
SHA19d5a4bd60db6b0fee8835ef06644f1a961128b33
SHA256372ad449a841bbf8f35e1ca22ec55a3e376f1b7a8fe8266bdd2b705a24f69b2f
SHA51277683c702040f5ee464b1b669a0886a36b3ebe1975acd68bc84a4d529e3ea463d3d3835f30a2828c7ef6075bccf92ca8366af4e4e053f5cadf83671144678db7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e8e961791dbc3b9114abc3717e3b040
SHA155eaa67ee2632d895b559bdf2b6f4c71779a8c35
SHA2566d90352450a2a2e006223dd3132ca47a3ca1bc1aeb919c0340ebdf5d2ea48d21
SHA512a9ad39972294b519a714b17d0d37d4a98ec675dfb61dc3e54eb01fe7677a8dba2359cb42a753d2e190797747c2b28ba234ff97e278b3a501630c14916c914dcb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55a375db39b8a325ea0fe9e2ac8e36aef
SHA1c25c33e575f881c86196f4dfa41951aff0cf35a9
SHA256995f2beb3507e4b8168cfab65e62a0ce19dd36add57d78bb463de71af7a875b6
SHA512557e30e3f3f74ff255cd95ef5907f6ddfe90d63ed3ee85843a6952e8815819de59d811faaa0f09889153f308d0846e106a8c289e47a8e438a99ef284aa7dde14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5abbd869320f1be61074c42d6d1bda08a
SHA1e2d58ea3d57c25c393ea4b1a09cc6c37e140f79a
SHA256d1c94aa2005059f5ac90f4598229334ba6db8c9396bd785d0fc8dfca3a292d65
SHA51229ab4afe6e4528ef2f8fafa5315a821b1558df9827d36bcdf75e9161f40c1ddacbc5d632905b627b0df37bd4c303f72820bdf3d0d8c8d58457fb07e9d97fbb05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f47fb363a477f9f10878619314f3d21a
SHA19bdf83b601bb4fa5fa443b5f85eb3d97b744afbe
SHA2563b18844f28f0a87e1f4b4274ad21b09e2d726f366537ff3ab48455bf3677cb39
SHA512cfec24778ace289a58dab912e3f51010a9b4526ad647caa753737f2e3e2994049205cc50a2471409ac9f1eca032f7d421820db476753447ce26f2c44a7a8306d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b995a472b56ac6882adf76eeb1b0bd4
SHA1e6643a669a3ae0ef9f71082806c1ada13eeb07bf
SHA256c733ce0f4d12f0132ef0d78ffbd53cfae33edda8ac1ec13066426cb713ace56d
SHA51289de4996b693494329f89536cab6fdb486e7e3727aca97ab8ffff890b7790bc00a4655d77ea9506c4436f0145d9ae4da4aa3f323798f88c1d140477c1ca7aac8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5913ec1e480a0f3be05f039e4bb5b779c
SHA1e9710ef550a7c604a6f33ddbb3a196e600190d0f
SHA256e6bc35160a65fa19756917e7f55dbce99aab0b6fcb9686fa3494e7c91816d40b
SHA512e02a860720762ccafc1ca19ab8817dd4e549d9225f9a07d5b5b550de616b64160b18c30a04eb1724b09d2fd12a5beff5f6590d03f601d84d8317c3204d8c29d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5238789c55f0aed9c374b7d4e2584e0a7
SHA1f6f656da97cb4e2d35806df91521efa068561bf9
SHA2562d60fa1b2886d63ca65182cfcaf25eac67bd06bea7e608925b10475c47bf14f6
SHA512ca3ff81726492d4e2b1cfa83f5bb333d11608417ef75b8e563ae288c369b87e789a8891114bb209bc04f3f909d0702c29d22b8c224391affdff207f3c0c085cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5322e357ecde2f244777ce009f95de3df
SHA1e07bd8d160e0028a5a2da91301d8fd8ddd4c4f62
SHA256eaf249de3b49da8dd51e84ae18062ea75eb017802a87c4b10b866c4e3bb7fbbc
SHA51281b19f685f8e1ab22a8621e6da2d9078f8b2ea58441e4514c91d93cdacccadc743e4e437ae11d5cc6437a0e3cfbb026bcdc67e7441cacb6134ebcf2e211cb44b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD551291ab12f18508482c36872000319f4
SHA1ebbec7d43337fffae42aace6311bf9d6e659aef8
SHA256e77073eeedae28a995843b3e7165ba585e884f8d1db5590e88a98b2aed9542b4
SHA512895c2e63857d5df00703652083a1c995c8f87e3b28908f7222d19bfacff84499c083ef6c0cd8fbadb4818f1931c5b0db6cec1534cc69f44ffa71459510252693
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eecdb85f749588f670dd3eaf4b2fd5ba
SHA11a7cb8ad0f446c0f5f6c4423899d9fdd91e1e3d0
SHA256c6a688aecff69c5e39e007f5f0c177c1f0956ba9955200aea0c6a4949cb59802
SHA51203b94a1bfd340384479284bdabe520ba77a33a2ce267f7f8dd4b31e7e3ec072541f4c23c783e99fe1851edf49cf4f2d63f2720a1e43858db8bac7153edfb59a2
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b