Analysis
-
max time kernel
134s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:09
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
da19e12d88b911af5b755b2be0e26c49
-
SHA1
fee472a3e4fe52a45c3c81c260da1014d5267c69
-
SHA256
c5e4641dd5f581fcb40d0a725b89b5d1dca29f1c9d3389eb32114685ad28c6a4
-
SHA512
7509568f4788afab61054e0f02588da497d148172f5b79ff87d9a8f5ce4c6304437871a423162e628f7dcb52f38f781f5175fd1780f9e701df8849ed4fa3a382
-
SSDEEP
3072:SqcHHj3Ye8KzdyfkMY+BES09JXAnyrZalI+YQ:STzvzosMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366862" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2E57AE1-28CD-11EF-822E-56D57A935C49} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2340 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2340 iexplore.exe 2340 iexplore.exe 2176 IEXPLORE.EXE 2176 IEXPLORE.EXE 2176 IEXPLORE.EXE 2176 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2340 wrote to memory of 2176 2340 iexplore.exe 28 PID 2340 wrote to memory of 2176 2340 iexplore.exe 28 PID 2340 wrote to memory of 2176 2340 iexplore.exe 28 PID 2340 wrote to memory of 2176 2340 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2176
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5375814bdf6b643e0d73af8bd9f8dd167
SHA1ebabcb192fd063e314d6dbe9c5d1bfed4c47662a
SHA25614381b8807efcb0d44eef9e0923bef2df7f9967dbbdda9594da0f67b6b452659
SHA5128d73d3ece70a1764de0a30ae3fb23014ab7c9789bb3a2f2c35f9b6ec477cb504f2b60ba6ef4c5ce330f56cc182185b74beafd0a2bb096656d5617bb0ecab6509
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c30320dfe9f249cfe575576e6b04226
SHA1e1d5d781eaa5f79bf01bc33d9da8c221183932e2
SHA2569cd14d9e34dc7de8b68c440f32ce5ac3309821ce32f590cace85fe64893465fd
SHA512ba82c1de990744cb2176a5cf99698080add486681f03e578b9ead5d48dea6118e1a096c3c3faf1ec40cca83e7663885e4a56a2fd6f327b7b8f39fa778eb1f1a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD529ef3d7c4a36dcc6c47fe26063d1d0f1
SHA1605811d4618c2e7433139747aaa7003f5df0a2bb
SHA256bcfa935d6aad61efe6f8f962c74e36043f2d0275819e19bb9b78caa3a1caf188
SHA512496a21b5b19950b8d0193b2d812a7ca4b9598b764b51c385bf3cf8399500f5e305a130e5193ba4e1260e680996e6ba863af13a18f68480b4eaf347827bd1f330
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57004f0cd20adabe54a08b8e314b6ddf7
SHA1965b5d6fabcc0de39a94b407b43da3d29f9e548c
SHA2562c375570e3e76a1b5e98f7edf83021c37e3c99f85e1712f2c2cfe15355257f6e
SHA512f2ae0f4eb028f02c67bfaec3e1ee2e0ef90ee7f44d4cc839f2bf5037111ab27a834c38d9ad451492b285c3d51c92e988c4cfdf4f5be27e15b3866d9722834252
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5009ffd91bd3ba642baa9deb7dac6e636
SHA180bd89339e26f8b951a841224cec7dfce76f3508
SHA25625e0ae7aaa10fc1b707c2837b641fe4af7ba893e9da2dfdfcce2c6954d50e9d0
SHA5123c868b061554413de32fb838b2984681b8e8a8791bbf2f0be3c0529ad1bf8cb0617fd5c26e7b376dc534dc91e990ab8bee6dbe32bdeae46ee4c6efcf7fffabe1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD543da749345b5fc129b862015b2a29979
SHA14f09452bdf8244cb910509bfff8637af023c012c
SHA256e139455d3cbb2c488ace450a38675edeec7facc92a64956904d7ac8e2d17c504
SHA512c0b17aae43acc74a545492a8308a7cf6c5e391d95d64fe80fa45e0f4dfcdbd330a74d7956d6ee1116d4e369e86bdcbcfdda3e60e4c41ce3509d92bed18a0b1db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58df977b4a37a26e62b05d7795921d1fb
SHA14523333aa375507fd4c3582699e965e2ef254ce1
SHA2568fdfef5b0bd55452dd45cbc1f4ea149a3544d59c9f1bfedacda17c6b3ec001d1
SHA512a4ce15a13c113bd4ac41544a988ba24ac8a02dbed541b6649d546da436eb36b44365bf0e1de5312631a629dd42079be6d3efd204714434a92481639d609d1ae7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565896d7b1d57807e532180696bf604ab
SHA16b9c29858209c47a11c957a1a762659ebe638628
SHA256ebca7f7582f8ca1234b3c4559361fba7330f648f4f94e8fe2264c77afff25027
SHA512242a78ffc5ae3a6e341733dc1e3cac39a9d8e4cf870bec2c1a8d4285e39c076ca3b3863f12aa486f214d662ce924bdca05006091b4346ca9af770d5577acf1b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e9895b5e7d1aef0deeb7861bcc73cb7
SHA1a4a1f0e43be4923631fa9ba7f85ea11edc504d3f
SHA25663bdd104c70154f8f0bbae548152c94612d785c03f338438a06f964036cd7bb1
SHA512ccca6b3b1b95de985f09eec6fad9a0048f9a716b8e42d03af07f9e568d0d16fd7d0dd792e951e39512342b01b395f326e1a143f9658a87c498d05f0ad5b9288b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b92337dd53ae61e0eb28f09aeec1b1bd
SHA149f34916c794691385890bb6dd4fe50aba8dc93e
SHA256288a396c4c9bcc363f0faf8c3654283c551908857c17a5f5517ed3efd13edf66
SHA5127bc1c731b15a9afce8fdc586c5b6514293673748e165a5ea12d590c66e21edae6edb9f0aed20b9d4b27742c903e57c5c02ad0a33fa17d66b1b5a8e04dc146ea9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae64f3e69dc20f8ef683f885b96b938a
SHA1bda1c19206af55452c4dc3644abd83c9c5136470
SHA2568455f4f035a802ec87fad8b5ad4e49fcaafdf8cc4222c3e3ed30bc7b3907f790
SHA512f6e24a252fc872670df4f52a81092c2a3ca10c7f87cc5986af4b7f27ed88ec6914896503da62887959d3e0f01cb1011a55607168c6d844f3b40f5cea689a485c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5044beac4429a3c6946777f18ab744ee8
SHA15aad9432abb93e28dc0a6d3dfe9c35ba9047b9b5
SHA2564ed5e5c13194a9a9fc90426f54a376fdb9fe4b34fdaf04dc147cdedce014667b
SHA5121e609350ce9f26e4b16b9e9eeb0b601cbd40e3901003f8b56cf869da50c3f16591f8b2e8c2c44b7fd4e33224f1320c6ada5064acdcaa4ee87e5ab4aac1f79097
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c52b2bdf1515041ea178f642c2313cc9
SHA145c4dfa8ee8eda11723f448b74814e263061175d
SHA2565e1efd06f6344941be27c2329edbcab5737ab20f1d21722628a277e58f914ab6
SHA51287592f9e51066e09c4b7beceab21fa05e05abbd72faffc209586ae39cf7fb70e50d248065e7f33ed849bfcc015962829520100de7a1b0f28e4598c76735e889b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537f8810e391be28f5fdbe6eac17ec760
SHA1effbd61ec6d372b1d8bcce2cf9cc545a7138c563
SHA256f1cc4e1df7fcea254ac402bda4d83fca9c1ad2da94add6c35ef7c75289ac51b7
SHA512e9dffa5e83fed51bf44de4a27544b328528be9af8ae1e237dfc9e070d77f8cd4f47cd78aea38c57ef5ff579126c323fcf51485548adc3a4925affcc38d3a4ef3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d265a389c622f3a5fde8f2a7813b9edc
SHA1b66012ba7362ce2737948d338eb6a32a7c0d3645
SHA25623083e343f5c158a649cda76e02818fb4ba8cac8cad1f323332e659c3866e3bf
SHA512a05ebe7a1b0411dfead47613b754c90c7625c9052bc1bda83dd498b2737c73771b273e1c785d4d46db333aca5f8d5ef21659e064c710425066ca422090805ace
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0da491b1f6874da9e7ba10bf3b33b6e
SHA1aa8666aac2b25cfd868744150d42f79d8c05e969
SHA2565878c3bd4407843daf673190fa438c8da0322a4a86c2594b1950d50e77d94bd7
SHA5122b8cf59cc0a9fa9891d240bd12a1d0c277e295b19ce3452e2c1829b69581bdf889f087f38edf6c18feb49f1232dd4d1e5f592e364ae96dbfb4984257c21eeb83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7e527727c01c86ccd5f3aea6caae02e
SHA14fd3ecc58b9c0f20c6a501bd244b93b90853784a
SHA256ef4ad5d2a151a228fe0d80342a1ed8cde898ee367b611faaec9c2672323a5ccd
SHA51296963d0e46373aa521baaf43a4f26b7589e072083f73f83b6ca595941bce17ad8de863f2368b30f6cd1effed200047a2b3906ab4ef5d612d25010b0eee9beab9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1a8704d9f2b9ba0aa3c956d2fd8aca6
SHA1c775bcb1bb35cc83ad4d8917caceee434a6f7b93
SHA256d3a4e9c373fca215f5d581548543a5f3d37ff8c765440cfafff13e625f0deb41
SHA51200e4f4e0e8c3c9f3cbc80e5a86b57bc537aaaf5f1ea26dc4c5f4df8ff1ff91ae15e4de15a64a40bd87be69f870081c70b8aac3656b681d4c9cb904a9b3a144e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da8a962104bb323749fa2ba35e17e161
SHA168f290e93e6a8ed25cb341808781b044a8a88167
SHA2561bd7deb239a343ee3c692ff868c5c0bdbdebcde9bda60f911dd55863a1ea09f4
SHA51215204f0bc6d070c0ef56468cc9a185f1ffa3b228165f20eda2c742abff25f63a86ddbe2f66b7c7d1c130ef5f3fecd44862d35f7a7abb098e859575e38a9ecc8f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b