Analysis
-
max time kernel
135s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 10:40
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
634782434e205a16c9969b681898215f
-
SHA1
e6a434b7834d4b77df49fde28023c3f9baa6d50c
-
SHA256
f51fd8d2d19153a341a1360ad8bc439401fba625cbe29514a7c8a40384cedfd6
-
SHA512
7a52c7248fc272af581889605aa116bb5ee9ee0828f78de237f3a4a971980da16533ec239fb9512f070e0417ac5fcb982ade0bebbf1bd1482677eb123fc10fa1
-
SSDEEP
3072:SUpeUtIls7Mx+yfkMY+BES09JXAnyrZalI+YQ:SEezbsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423573129" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C52F7C51-2195-11EF-B393-E64BF8A7A69F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1444 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1444 iexplore.exe 1444 iexplore.exe 2028 IEXPLORE.EXE 2028 IEXPLORE.EXE 2028 IEXPLORE.EXE 2028 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1444 wrote to memory of 2028 1444 iexplore.exe 28 PID 1444 wrote to memory of 2028 1444 iexplore.exe 28 PID 1444 wrote to memory of 2028 1444 iexplore.exe 28 PID 1444 wrote to memory of 2028 1444 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1444 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1444 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2028
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58734797059cf902b5f40635aab102cd1
SHA194c60488acc99765c4a74d197dd539f99d768d3a
SHA256c28cf6ff3053f9e1ae17defbed60c4630f3989ae75409d05eed58926ee7052b9
SHA512e5e508fc7566ddb74ae158405ac7368567b86f875bd2601c9e178e535bf82608d64531e4e25b7bf56434f433019e8efa04f8f7e6a1d05ae3e20e23f5098bd479
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD557300384aa4f08bdba5c6343a5c353a5
SHA1389141e8e018b942d5ca4d75637aec2bc132b815
SHA256b7540fc2b73ac2d668d04fc6cfbf1d7f659e0b050dea1bf54b70e36c911a49b0
SHA512b2874c1ea984af71e35c002c5c55ff80d791184cef24b55f34477474e237318dce6b3776daec34c354ae2a359931164d84f04c19b560b6dca398551675ff943d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51faa656f0d4d4c16de137fead27139b7
SHA11413b6a09daeacbad248c399177eb2b85edcbfbb
SHA25665e3878d09732be809fedad60b92ee54f6b808684a2ed43114d31e24efbdb2b3
SHA51259e14dda754a151b5577172fa9339ce22f300c725c591bbb04b32c59df355d8a4d5b9e21d9d9e37d9539271b6c9904a1d578f031c6755cae5be24e778e4027f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5721cf3ca0349b502238a5c06f62a7d16
SHA183fe02668c293a8c0b3713ce57e2e220f6db83d4
SHA256a990f25084c03dd1e0d760030a1397a0a0841e75f43df55c46b9802214d3ecc5
SHA512132b409e6a9e4e7e3d3476906103830babd914ffb877f51abd4c622af39ee5a40f0b29a3b5fc2a72c1448125a0f73bdd8fb2d8bcca69e330efa80b70b5a9a145
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c2a9380194c4051cd6fdb72fd630a34
SHA112360868874e73c60bc8504bd3134e443e055e2a
SHA256158745892b96371fcf2ef11de15d924674fd3c15e9f2c81cbc0f1cadbe3b6f9c
SHA512e4e44a311900691ddcfeef8c9d66ed565aef48a35216df94453a152c1b36bfdc7d8b47dccc2ff17d7dcea6f21ad2b6db71c3af81a57ef21d7c7351781f4f4bf7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53d9406428aef2d51c8172c03debec39d
SHA13cffd2b947a49869e006cf5adc8578edb86fc7c9
SHA25631dcf90278cef7421fc6307ad15a4d74ba5bb79c50bed6998e706643a9b07bf2
SHA512d92ff8993221530061c5f768abb9faeb38fe3faa04506df7f8eafcf30f8d7a14efea7d001c76700ab935dc6f64e01b6f9bdd1d1e341463fc4f9e7ac0c16ebc6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aaa124a6bfd7ba8eaf3026bcb420fbf5
SHA1648758ebb0154b8b109b658d43b989026e6e785c
SHA25675dd4c5890f491f2932b8cf27d77217dd53e9d06605e0d1f10f6d8da7a135bd8
SHA5122e70f2617d84e79eb3ad6b77051c2b3035ef707b92097082f4a2516a38ee8a3a96623c9c5b6999a6d5f1369cc9217d9d28fbdc8a160dd8a603279c4c71657310
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52677ecde601ed1c48a4eeadbfdcec09d
SHA1620ce108c8c0c61257b1bd3882f0ec6aa38b9633
SHA2563479b21bfee3ee4322d4d2c928eea06458a063db179f856f83dbd53b6698eb3d
SHA512f8cdaee9e7109e7d20c4753ab03d2be02a1f0b73209a17a3d387ef30d64fb4f5ef1a0a7f2478d14fae100e881ca820145d9ffac4f137bd0ebe899d0531cb80d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5602a522de8f933c4599987cc4b3cef37
SHA1c3055b96eb2d0851ed01251e4e1e5ff034c04553
SHA256a9bd9151a9a8dac91d227f97d270026db40a450f41fdbb7cbbf4140504b3bf9d
SHA51217d29122b5a9ec52e2409b0316c403693da8257902fdb4ad15a106f9c6520aeeb0024b913cac9073299f9ff2a4c6edc08b42d946a412f6e7a7269678d0b1ac98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d8eb332558469f2fd13cd810c8c7837
SHA107230692ed616eb6579eabb7fb59f771b7d7a2d4
SHA2568c8e15c84aaedac143f6ebac01e475bf82db467e8b812956d97ba822f8be1c8e
SHA512830daceb10a89c33c27f9852c30ac4c6980e7f13b83d020e655dc1aa88bd478a63aaf60a7d11bf258586cc74fe31d5b658600d9395ff243400a7b8638e6491f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58710451cee72e6d9cf54b493999a0248
SHA1dc9818047be8c3e835f108d840d9d49f984c42d2
SHA2562969f1f1ab716e2a419d2d9566c2dfcc5485a201c8e8e41849d5635aece3ef85
SHA512b3e4199cd9a5843bdf980d4d3e3a9352e9768e8e35c33da29db6c7a43a39ad0db5cfa9b0bccef9c25026947dca2456de2128fab9682cbd536828d36b91064f65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b44a3c492c285c566db76fc38ddfb81
SHA1d886cb01ba77b05b306f22a7bf7a00804bb94986
SHA256834172179426fb4c175094dbc903f35678a20af6c3e5464c0a79fb0ed8bac644
SHA512aa026b48d2cf6b82478df598b7aaf29b897a79165574fbcfee1f5704156a70481fea74881866284fa7d133f0600615336968d9d9b16c2fa3e4ac0387a4ca0da5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599263bbb67002ff46c3a0f8b5db28896
SHA1cd13f99df23450331dcf683030e40b462a7673af
SHA25690188aab911c2628dd204a42058f2e73c4285ea7ebd100242c5cc151d798a1ae
SHA5120774d46cbc893134e4e0698ea6efa621a8d285bb761167fa6bd00ce8c7417df257ff0007e2288ca5b166c2b9ef21a2247030406b533b0b934bc3271fb24af44f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ea928d36b21ba7990093708e542e8c5
SHA1a964a1e52f6aa1566af8bb88df7b84aec1755609
SHA2560bc94d3059c9945201d4c366b4c13de5aeb1158a87acd6dd959e2a899aae26ad
SHA5126a2ba36dd2e26fb9eeb474d6fb5b58bad60882cbd7916b63e905b277bef3c6412ec70818e31b439fe1b88c0beba002dbb74c0361039bf51ca2a265be8aa842d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5767ec314b069148a614e627e9718160e
SHA1626bf3fbd9ae043db56cbc48f989bf1d4a3b7cd7
SHA2569e0f2917c312feeed84fcab02c6ca43372f2627dcdec1a83ba62dcea5cd6d7ab
SHA512dadbef033d26ca0d184c900345208adfb2139ad347c179b14ef5a53c72e62d54ac2143dbfb2433b2cd4a74408847329783554cea28774ffce79e474ab789430f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD504cc1f80bcb469fb298c4306d9873fa0
SHA119292fc069f1392b3149048e7c0426becbef98d1
SHA2566302a9b0087ba818f3ad30cf3394344801af158a4c2c3ec9302c26d57719152a
SHA5122070c446effd46a84f99eb2c9e26e4ef1aaa85e1950cc9e812f084c4b04724c5185363f4c88835e0c892c345e1edd4f3fe8629594098ac64e9670d6e05afdcbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5272dd601e053d7c1c13382c86a992b98
SHA1cc40eccbde429775b66bb68da8ebe52cc6ad64d0
SHA256b465c0c6ca77f2def1d82dbe1cae71fb88da907ef955ef84e8a55d002ed8cb2d
SHA512487f6c562bc6b39c8f0787a2c2cf77b6f7004cd28ce8c8a63095afcd6581dece19327b360bcdac95884f0b6d96f82b074ccc2a526fd68e3c92b06bbb73f829a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3155c28cda16df52b0e844077ff2ef1
SHA10d7545991cec59827d5244681f96fe103800bd1e
SHA2569900c879ee8352cc7e7915012f5f8999ab669d921ef388470aa7cca59dcf50e3
SHA51251b0225851d71f8407261b870481ce155576c088b2acb2daf4797bbe880c9880059a7bdb6d7cbc05ff0cf1518c09019b123e222e146c647261b4a7017e22d635
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59fe281a7f6816da7b0f8c268d26ad3cd
SHA1f2c2e84aed1a5fe5a8e2077bdf409756282ea9e5
SHA2561fa1746b4065e743e03699607cefe8d398be52f4b794cece036d827c30f76d77
SHA5123532bf46dbca66a900c4a8e1a279d8d8fbf4de075e5b126548162eead767b0e27d3d3aed5af28bf1f0a18668d82c758dde6c0515d3ac066deffaf5c364b46b7d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b