Resubmissions
08/06/2024, 09:05
240608-k194psaf4s 108/06/2024, 09:01
240608-ky6cqsaf3s 808/06/2024, 08:58
240608-kw6kqabe45 7Analysis
-
max time kernel
18s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/06/2024, 09:05
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shinolocker.com
Resource
win7-20240221-en
General
-
Target
https://shinolocker.com
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ee4f6bf40a6b841b2dbd7e34b8aecaf00000000020000000000106600000001000020000000d8022fea281aadebcfdbb3752832f8733d52c18d6ed6e0dec563fb28059fe6fe000000000e8000000002000020000000052059623f764f4b7e716e30c61fd012f11b6d1345d2acaa9e87302892cce40420000000f1fc9f26a729d6c19512237e4545e5376a519a907e6fa29582f34dd9617477d440000000309ea1ee2db1ee2925b776e71165d0720aa38b7d59f79bf47464f1a59e260646af7cc594284a3fd77f8989a12a3f7bcbb8effd3a652650f62d8ee07561563c48 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5163E2E1-2576-11EF-9DC0-D20227E6D795} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ee4f6bf40a6b841b2dbd7e34b8aecaf0000000002000000000010660000000100002000000086c5e5845b6c94a1c64371b8028835d29c3e20c2a800dd453dfa8fa83288ae82000000000e80000000020000200000000c0d00226413e97f852e4ebdb66cdb25fbdb3fb470856deeea8be57a74621f189000000018c9e405e19c5ec5f7465c6dcd73f6d63f7170a0438aaf3bfaebabbb7696faf3485a38f48666b672b5fec29127b88ffcdfc8cbfd9afa58ae88af942554b6f392a5db9f856ba64dd2da6eb5162b695fb28b1264a8fd3c03df2aa84cb17e8c683391fe2452e5c5281abb489cc409a4548eac9c7c203d800fcf635e64103985d072d926d9b70d7c50063a7b1a7de36367c04000000094ad823e732be55a297e931bfb18bcf896f9f79c13bf77efc4edfcc6e0f2b4fb139ee8145fece55da1fccb1f1a66faa841b41e62aac16ffdd9d79d77c7a6b250 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f30f1d83b9da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1888 iexplore.exe 2756 msdt.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1888 iexplore.exe 1888 iexplore.exe 1988 IEXPLORE.EXE 1988 IEXPLORE.EXE 1988 IEXPLORE.EXE 1988 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1888 wrote to memory of 1988 1888 iexplore.exe 28 PID 1888 wrote to memory of 1988 1888 iexplore.exe 28 PID 1888 wrote to memory of 1988 1888 iexplore.exe 28 PID 1888 wrote to memory of 1988 1888 iexplore.exe 28 PID 1988 wrote to memory of 2756 1988 IEXPLORE.EXE 30 PID 1988 wrote to memory of 2756 1988 IEXPLORE.EXE 30 PID 1988 wrote to memory of 2756 1988 IEXPLORE.EXE 30 PID 1988 wrote to memory of 2756 1988 IEXPLORE.EXE 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://shinolocker.com1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Windows\SysWOW64\msdt.exe-modal 393500 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF5570.tmp -ep NetworkDiagnosticsWeb3⤵
- Suspicious use of FindShellTrayWindow
PID:2756
-
-
-
C:\Windows\SysWOW64\sdiagnhost.exeC:\Windows\SysWOW64\sdiagnhost.exe -Embedding1⤵PID:2924
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f5fe0b01f4d0be6ae529d89a017e2cb
SHA185bf99802a0b3d26cf862d5670d6b99d55bd67a1
SHA2561ca957a2030f2247168504b1ed596186c7dabbb07dd2588d2492071593695a69
SHA5129eccf3a69d1bc5c4a4081b5f0ea31546aa806c90370faf9eff69b22b82d62d008ab6ec56744fc82831782eb75b09459c3e471881fe01b6b1653a046a52e5088f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ae93837f8573fd57161be6baf6c061c
SHA1232486527fb418723b9f9a773379ae5d9b417511
SHA2565507608659923228dbab32cadb92602919bcc8bff7b22245f37e53589e1a760b
SHA512dad670813b0277c62615bb1420c79cd4893261993233946f1d4cca0bee7975ea6b02e6745e90016524771e1c41224356f7895c7132ea1a80e6be9b8a9d2d24d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc65d5877d58cb844c6ce9c33862c58e
SHA1cdcbeec19355a3795898832b33ab733afcab1db3
SHA256adebee9a138e913f58ae81d182fd4ee7658438121f4ed02467307a6225036626
SHA512374b327916558372ec92075974bda4928e0c11c3b32c2eaf3cc0b8ba77cd16a35030368ec85f3f556efd4f1bc65004b246f3acea480631306102c1eae5657c87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2a94fdcc0fb37176633ea4136e8a704
SHA100f878ef37c71501d02724ea1d2ca7f67ff2bb27
SHA2565e1fbfc28a9eb7b06f171375f8e4009fdb7b0518219fcae90183953dc103b593
SHA512555645566c0f6822db919eda704c09be1eda53f56e9b12942a74f934ba1d012a61b633bcd64c2b97c154ebc776c2d9355af0ce3f0ac62dc9e8bb9b7e61d52412
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b82bf0fc0ec3a1cf467219fde094bc1f
SHA160f4a82c8fa8181c7df1562be841543d98d640cd
SHA2566ec3a9c90895c5fe88dd37573ad10ce74420a683131b28e535686d93b59ff2bb
SHA5121f41d9f14b9e688c8b2ec740db22be4eb37f1c5d35e3ad02619ba882d17f85849a70f4d0ecc34e3b05add5dc86065c28601637af82b9436a325506e8a0c2fdb5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec4c9a14b2ae88336a1ac7cb90b70b19
SHA198ca025db4748ff2bd7026048ce5ca2c5485923e
SHA25661db6adf442b2719e073bbc21d52a57a253be667a46feeea98622e4a9f83e019
SHA51283825c7e034aa700ccbf0b74c47574f2188a88244bb795d88410b624832347743bf0694b6070cc41521b927b04ecd6f6ec5f14063887cddd36278388707a8bab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2956b05a91460545324d61dec122d89
SHA1e77eb1662f5ca16d2f68c47c9201abcb9604c1eb
SHA25637cd0abffc5c4c410a5d7e814a16be874cb7ebb3eeb924e096773cb275e02e06
SHA512121111fca7fc4d7aa47814f6e8bbbcb20d86a29583d869edb6754b7e0c2e258601775d043e50f3492e3f0c4aea484d674f71a1c27b4a3747bbf0ae5f8841b56d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd933ee7338c1fd727b1eabfeefec363
SHA16f2df2d6d8004c7b297d616d8d9043feb6c35b23
SHA2564f18109467585ade921ed0502b27677fafcede87315b332965d82fca4f6e5c2b
SHA5124b476f9ff6f3c100e2790b58fc3ceab17e62ca834f1523fa800835c50836d93c1cb20ed837f0344a705ef82c522e78036201f899523d1ed4cf063c2c91c7b4a7
-
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024060809.000\NetworkDiagnostics.0.debugreport.xml
Filesize65KB
MD57be519a69a03120d95f6680751baed3e
SHA1034bca991261e73df2852e9d41fb239afed9fec4
SHA256c3e85585841121cda75a87b14de09c910d6777b14253251dfd4c17cdccf62e64
SHA512fa86ab058d8c61f47e9c81037bb4427ad8225248c7c1dbc7314c0973c228e5b3ff35548c1b2dd3b3b8b277be5caf9d0b91a8251d29246364e400ad931877d0f9
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
3KB
MD5e2dfe101e2a4c442757c4263acca2414
SHA1426decf0dff075bcb9287c5f807d252e73a4d961
SHA25601c4d5528e224020d5e9759cd504969e0de1f16ef323ee88d9155e384aea26f7
SHA512d10f821cdbaa43584980c1e96610ac334d44ee4c1c689e545ad2f9cdcf2136baab5f318bc165972bdcafe9d4d06e05eb275f1ebcdacdcf441daed7d930225918
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
23KB
MD51d192ce36953dbb7dc7ee0d04c57ad8d
SHA17008e759cb47bf74a4ea4cd911de158ef00ace84
SHA256935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756
SHA512e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129
-
Filesize
52KB
MD52f7c3db0c268cf1cf506fe6e8aecb8a0
SHA1fb35af6b329d60b0ec92e24230eafc8e12b0a9f9
SHA256886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3
SHA512322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45
-
Filesize
2KB
MD50c75ae5e75c3e181d13768909c8240ba
SHA1288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA5128fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b
-
Filesize
5KB
MD5dc9be0fdf9a4e01693cfb7d8a0d49054
SHA174730fd9c9bd4537fd9a353fe4eafce9fcc105e6
SHA256944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440
SHA51292ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66
-
Filesize
478KB
MD54dae3266ab0bdb38766836008bf2c408
SHA11748737e777752491b2a147b7e5360eda4276364
SHA256d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a
SHA51291fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b
-
Filesize
13KB
MD51ccc67c44ae56a3b45cc256374e75ee1
SHA1bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f
SHA256030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367
SHA512b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6