Analysis
-
max time kernel
135s -
max time network
141s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
12/06/2024, 04:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://european-athletics.com
Resource
win10-20240404-en
General
-
Target
http://european-athletics.com
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2613095199" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31112324" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2613095199" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2612783267" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e89f0f25b8a4c5439b64406049d0c7d300000000020000000000106600000001000020000000b7830ef012946c706a6ddbb7524dc0a7ab5b04d1ceb48d3fa817c5ea6c9f4415000000000e8000000002000020000000f08e861c3597a892b7a69ab7b8bab28f78f3bec97ea847b5cf74c7727abb7233200000005a8e59b48b79f2b0446b09d387d91ebd08906286790c1f51033269da468fec2e40000000cc964a5dcc14c75beb99c00736ba416da72b7eb506e69a34ed69d7d60eb6d525e53d6b76bf62cf69a5e0f12b3e4cdb84cab569b87114b6e1bf988acaf6f181b4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31112324" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e6049d84bcda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9030079d84bcda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31112324" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e89f0f25b8a4c5439b64406049d0c7d3000000000200000000001066000000010000200000008b2199243c46043ab2b60d67c975732b6e28c013eae8f4aeceab905a22e3188e000000000e8000000002000020000000026b9a1f54c1d8cff31564bb1f37fd37b907ce1204383276b04bdb0c928f24dc2000000046bb1175ea73799581ca361ff5bf09bc902316b30ae7106f7ba7110b2702d068400000003c37d274cb1e1c892f9730f97ee345f1c09127f58ac241fc9bbf2f98491f271969b6d5a9a374e8258e8749b193ae74cc16ac17d4cb723075e1b83420cbf28ccd iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DOMStorage IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2612783267" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "424949606" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C74740BC-2877-11EF-92F7-524829B8D7A9} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DOMStorage\european-athletics.com\Total = "19" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DOMStorage\european-athletics.com\Total = "67" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DOMStorage\european-athletics.com\NumberOfSubdomains = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.european-athletics.com\ = "19" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31112324" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "67" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "424981598" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.european-athletics.com IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424933012" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.european-athletics.com\ = "67" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DOMStorage\european-athletics.com IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4144 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4144 iexplore.exe 4144 iexplore.exe 4636 IEXPLORE.EXE 4636 IEXPLORE.EXE 4636 IEXPLORE.EXE 4636 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4144 wrote to memory of 4636 4144 iexplore.exe 73 PID 4144 wrote to memory of 4636 4144 iexplore.exe 73 PID 4144 wrote to memory of 4636 4144 iexplore.exe 73
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://european-athletics.com1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4144 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4144 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4636
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5c8b2277e1abc19d9763e470a82686be8
SHA17657387041d2bdec8d5fab8fd93a6e512e6f4253
SHA256bb576639e17296304a9f75d907416704c7fb2f8f7e1b1c481aba4c273d39eb4b
SHA5125285b7b6bd4dcc9ee5af74e3619ff6305ff4ba5216f6692f83c070883503220b43ae9add8e4f553a52ca75f7e4ede08cf61c5c70125a07b796b4d9cbfdcdcf9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C
Filesize471B
MD51e67b34cf9a5f54b427d1b9c7492acf0
SHA1ff8b65c5385d419bf26f814c0e14e46f7ae01e7d
SHA256f9554898f4e845e037b5f4ec9bce34b4daa1db54e37dd00e45a15eccdf747d1d
SHA512571353eeb1ad682a35735b7bc02a58f241cec1a5d4606ebe03c6df8f54dd7c3ef8021940248ebc9d29d55639ef36150588e1cd6851b2840f0bf32e778cfda00a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5b47b4a9c1018a4b87a1dc58f55c46573
SHA10eeed6e24fa5d067031f5cf78a7000c78084cc3a
SHA256309259f25db15dc8c5ffd2b4300935c46b71ce1007bfc1a1ace17a52eddfda77
SHA5121c355bc1b97676731367ff63a83128138d197122f4f40a4173c26dd2ccb57ce4a5565d2cf981b02c8feeb3324618bdc4d9dd2775f6794c7765944785c239af8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C
Filesize420B
MD5756aaedae79181c6ec26c6409aafed18
SHA16e2cf0080596f379904cdf3d917438384da10f64
SHA2566e9b9d0a9727f57829f59defc523bc045501ce3aadaa05578f74fada860233b8
SHA51261bfe923d0a32ebca1983c8de25a23eae2bd0f2a0d9b9a0a706e9ab3b2dc652b3e65d23f97acd56191b2c9b6ca585f191ad5a696fddb840328fa8c4fc1938ff1
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
1KB
MD5db6135cd92103b245a3edaa6524a5dc1
SHA11cd0f78fea29a0147098dda5da88c3a47e550665
SHA256364c44e603718d2f72b04786f8c3515fa33c75a067ea2a42288e6d07fa44b6b1
SHA5120ea5e47ae4178edd539abd9eb5f8a953c031db6df771a69791b5c1b65b3e38dd1c6ccf76e6b40044f53276912d7bc95a99e64d558add1c5845bfa735e222359a
-
Filesize
545B
MD5240b79c59e2ce91c45c445fb6574ea56
SHA11bd2b3e07a3c36f97626d977d04d2c162da15f75
SHA25698f9ba122c390a1a58a4d9854c71afca2bb9af547b939fa6939141fc527eddfa
SHA512ad3f22a36b03801ba96b9256a57fea604ac59a0e5197cc85ad26c9c6e143005f1f180efa88930c023bf10d5565f411a4c4f10b7cbeb5998ec7e1b58d5320b195