Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
09-06-2024 02:24
Static task
static1
Behavioral task
behavioral1
Sample
XyB1Uc.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
XyB1Uc.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
XyB1Uc.html
Resource
macos-20240410-en
General
-
Target
XyB1Uc.html
-
Size
520B
-
MD5
e94599644c40d64c685a60aeca1c6322
-
SHA1
96d56623f3eb9a3c7120e8487871517b58fda426
-
SHA256
d1be270c73073f46b07eef477ca15e81df050aafa15c225bfbe1b8fdaa107026
-
SHA512
1a2b42a0314507b04fc9990c6a336540df560b73050dd8981ee4c7b9d86aed2e1e37c659b33e5b0ac115f0b6b34cc66e74cc074a9a1f638398a3a04ca0230433
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c73133b66f2acc4dbc69211227f73b120000000002000000000010660000000100002000000099e352995c9460359a4fdabe2d67cb7a1c534238375bc437a7ab4f7c21fdc451000000000e8000000002000020000000edf56085e64df4aed22bfc762efeb2d22775c5f61f5e2f65f10302983bce0dde20000000c992f763ef02864ffce1d47f7aec9e484ff044c72351134ca7cd25aba6d6e11e40000000bd9dc4c3bb43c1a1e2cded3c0b0c37f8acb471d8be6211a021f39f4ec2e04961756d12bc40dd84dde0fb286a423d4adcfc7f52ef5e83b002a13e415473bf0b2d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70a3516d14bada01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98D9A651-2607-11EF-A6AA-4E798A8644E3} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c73133b66f2acc4dbc69211227f73b1200000000020000000000106600000001000020000000493a38f5756150f9369179a689f0d5f0896789abb90e831ef34cf3c4f336af56000000000e800000000200002000000054a0a0187a74c887a9a18b2c664dce185c23d14a6c65a8aa1c745e749223fecf900000009c503ba8859a15bdcf253ec77b3e0b9f6478a5ea42adaa5ed09ef2be9fdcaa88f761f9c2834dd757ac5ed0180acb024015aa623d1fb280b044a8802d5dff8486d418445769eaebacbc54668b607c984547a591471e2524c3077f4b3a7f7123527c6c671d669888bcd6f43adca7715893e27f81bd12b818905ff34f9c2af0b0c46c95ec7f0a83976689e5fe1fbcae605b400000006cd73d123178dba2e69c1dcfac8632af5c575c3e74eacfc0802d5afe525fc5bb1e774bc7a2683d481ad60599ac777174b0462506ee93db98b9fb5c014bd8d256 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424061822" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1804 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1804 iexplore.exe 1804 iexplore.exe 2752 IEXPLORE.EXE 2752 IEXPLORE.EXE 2752 IEXPLORE.EXE 2752 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 1804 wrote to memory of 2752 1804 iexplore.exe IEXPLORE.EXE PID 1804 wrote to memory of 2752 1804 iexplore.exe IEXPLORE.EXE PID 1804 wrote to memory of 2752 1804 iexplore.exe IEXPLORE.EXE PID 1804 wrote to memory of 2752 1804 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\XyB1Uc.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1804 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2752
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD519b2a7ffa5a1c10b2a4a2d317ef3ea10
SHA12cfc22dd827cf8b0daebec0e172d34197857d8f1
SHA2564d5b5856e977a07886398801541acbfea8cae7b917de1bfa9a5d18af91fb5f4b
SHA512a05ca98b053f20761e6b882573cd08e571fa226bc9816dbd89d888770ac0771100b3a62cf76696a12d03ed05311b2f0cc25335d7df3645ae3f6520479d1fb709
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5232265758dea455b53aa351fbbb8a4ea
SHA1237e1dd235bca5bf7b981cf8b462eb2e784823fd
SHA256e03017127a42e86edca7a60709bcb6d03c8cd99b57590556a97ed583804a64f3
SHA5122c3d1991aa686c5e3ca45db0843ef9cec4cd12b6fcb169aed826539b0ed62ec52dacca0aaab82775a7cd22291adf398af94759e78b3aa31c8a785b13f5e324bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b64d5e7dff8d15ef7ad8c8524dc309c
SHA1cb94274053a9fe44b6347efd4622d6b7c5debe9d
SHA25683b677f10de8ec555b4026e9375b7aa462054d64716fc3add2d8d8272cf16def
SHA512cc068eda81d836f46ecb1265a5467770536edfda2ffc839200f1ac2616d7ca844e7059dac02ccf177905c3d2d5f0e933b0daa4f15dcbc6bfcbee8b7cc867a842
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f03869e5baa2531475084aa06b879907
SHA1b34a70927604cbabda6307f0c128fe86393ecfae
SHA256e9c26997560ebb051743fcfa855ffe3882a2da43ceb3d068f77f2d65746d8fae
SHA51287fc1e8a4f619b1dd79a05ec8b77689cab035bfebc96e76b3fe7dea2d3e8270874599fe11804f7d08bf4309b1f0f273b95a2ed29b2a5dffd1b0ba3ba3ac9ced6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec5bef4bab57b540dbd38ce528298b55
SHA15a97915f884b3220efdac3861b9133056d964f8e
SHA2562af42b481d70c54675d4b08b0333ba01453324c09fa124a4467784cbeee6dbdc
SHA512c6289f2281d6d9ad2e82be9f450079a322da850f919444b732f18d1cff4cc88fbdde39da25be9f32f34ffd754e8e1dc9c46345a539a162e98e912c7b750f176e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5837aede1e2d350ea178ba392d1ca429b
SHA1640cbdb443a710ab10b5cb29973fc6579a197679
SHA256f647c4c52d2d02bd1023909c2020e8e7fcaea9be530c6ec905fbd45c1b649501
SHA5121a6995dda479c85e39946e774ddc282cf19e76a01072f41da0690395d1d1f311bfe0f7956769d1c969f1ad92ce938e9176b489a0597664f99fc2899c1d6e28a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f10d1d8896dfff952d5dc65781d6597e
SHA106f154345fee2d927ab36f9e80c7049301c938d9
SHA2567d3c7f10e72ae2bd8d167ff760da9c3b76071a9daf8a27a743c1221164924dc6
SHA5124b671c6a95157a5eb8fe139562e67b22672168b3f8dd9a775621124438e2566cd976f2ab5eaf2eec1160f3d454d4d2ee3c3e3216373c902e4ad185f76a0c17ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd87d39344fbb6000d51a55690f116e4
SHA184b509141cebc303a3d7154b5aef576f206a6387
SHA256650788f8bd846af861d90b953e055eef5c7afcc04bb0d412a5d14ce195bd8358
SHA5127d8b7126fb12fd6383651837246a7a0426e9870a526fe1a54bcfde1f2f834f6a3630548101a6c1161c1bfb731dbb8bb44bb18014e85757fd5620830ad4b62848
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b0f6c62dc0a840a22e08a4db9f0264e
SHA1adaf9868c886836b50788c3f884bdb7016a4e786
SHA256303a09efc1bebcd6cb33ca4869b73c8b37adef902116b75c44771c4812c74b37
SHA512fd67cf1a93acd0cb3f25ab775c40e3054fa5a14fac805bbb45f25b7b3ed88d51f5c5903cdeddb90fda045f134f39be8d587f24b0ed70782f8437983bfe22497c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD549772a8abdbd92be43d344e5cb5b686d
SHA1a159c1658775579943d52bb46c0d31d087f0d58c
SHA2565a2a34f8e6abc5dfd555af32d331ece39434a652e3f0f85e073413e5e401128c
SHA512b0fc1ef0d9c726ac59b1a331373be36f119f1bb7ee0c3583d3e019cb28f8825b3d701bd437f34aa2c71eb686bbf4d0cbfe7cf1b6264c4b4a20c14ac77dc01b6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f54f5e4763732d1f1ac9463ab8f4c9e0
SHA1f47b4d78dad1dd77a42c45a568286e73ef047179
SHA2568a11fbfa4ee3d054a835625aa98529553b30b9cbeb228615b0bb9619e86b459f
SHA512e1e534e5ec580e7d874a5afb46d2cd5559b1852a5ae6010d7ee747b3c4bc658eab4b2bcff2674d08b9b9ff3a93e03df41d9e41747d9a3383f45b1fcaf284cef2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56db43dee4834f9b9f513ace54289b82d
SHA1b78bc4312a7418f1c4e772f08b7b0f912b206270
SHA2564d9de58a5824ad86b566e5ff99205f0e4b1e0fd485cd6248ce26fe374c8d1849
SHA512c4e6f366d8e5a1fb413550152e22bed7f9bf3cf651bda3e133d1fb9c1f5b7066e42b037bcb23adb0a68e123a7cefe7f303f63163e45a195c20351ce7d3c39d77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a6e9fc8eadfc8bbd1a8f16b48b07d4a
SHA17871d55264bcbfe219309f5ac9acb8d6188075c3
SHA2568064454a05e4cfb47995feda63307af963125baca93cbda070216ed9de3a1477
SHA512868db87c6184dd3a4da138a25862d1ca17c41794c8b64b881020669156ae1460aeb26377405849281b250bb7c6e18729aebc36f70f6d1b6625383cb16fd66b4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50025aa0e1309595204f84f74638fde64
SHA1646f64cfec0a0748403e79fe4b8a02152d1c0e1d
SHA256724bb8fdfcef012f8b7f439829c5a5bb8488307cf1e282f9069af394ec376f36
SHA51279f3a66028ee12f2243a6e8e4e9c25a7614853f0fff174fea467c1e78690f5515a23e407ac020a56b46dc51a2686daa7959b3e1c3390eb1704687403b3f77c90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da6a3d7b99fcfcacad13f3f7688303bd
SHA10da2a8c02fbe5ab59aa14d8e1f8237504c1efcd7
SHA2568bbd976b8aee1202769fee0a6dc747e5d4645f06c133b0d1cf55baa0b3ed1b7e
SHA51283144b37256fb64d323c6219cf9fe9c03d7e071c88fb12cd79c50bea64b1712a5c2e9cb08adfd62a32a21a46e236d8573dc19b98d2c101976669805783bdd152
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e69879cb87daaaf10b0b624b405c991
SHA1cfd6da2f1feaab2285f3a11adbac4c545cab0643
SHA2564e0c4e960eb112eda3288fdf149d7a45981e0f8467c6a98bb281066e7e44eaec
SHA512a0dad8e69d1aa55a7fb20efb6c99daa6cf31789170a3b398f235bd5216885a3d571680b7958623f29d74d43d4a164d4529d161aacd863cf732faf266285df44f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5467324da391404fa983badef1146789f
SHA1d0727db875f295a4ff45a6e2b94acc5be832b058
SHA2560ea011eb44f9badfae8e75a8e9d9dbfefa75722bcc50b12acab2ef361e76e807
SHA5125af92fa455f8dce4f19a0967ef83c08184e9d9d7b63cce004d12104134de4dbfa138fd53e978612e0ef3e659749cbe3d35bcb5a8d4fdef0ebc727b04e277f823
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aead540ac5c040c51f49240d961c9b2f
SHA1c2a54ed5f686c2b735e162f2bcc2bdf4fd17022c
SHA256b4e797062cff9ffcc4d0d5e7e4adc34bc8a6045560d21283a602a8b976965350
SHA512754c20d99db7eb525e9d76376810494ec0f68ce141eb70ac7b56963da5ac784a4a6c60b8176f4d4d93a5438ba1d391d989bf0ceb5c67834d1081bddb968971aa
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b