Overview
overview
3Static
static
3Fish-v327-...sh.exe
windows7-x64
3Fish-v327-...sh.exe
windows10-2004-x64
3Fish-v327-...8.html
windows7-x64
1Fish-v327-...8.html
windows10-2004-x64
1Fish-v327-...ge.dll
windows7-x64
1Fish-v327-...ge.dll
windows10-2004-x64
1Fish-v327-...ad.htm
windows7-x64
1Fish-v327-...ad.htm
windows10-2004-x64
1Fish-v327-...ni.htm
windows7-x64
1Fish-v327-...ni.htm
windows10-2004-x64
1Fish-v327-...op.htm
windows7-x64
1Fish-v327-...op.htm
windows10-2004-x64
1Fish-v327-...40.dll
windows7-x64
1Fish-v327-...40.dll
windows10-2004-x64
1Fish-v327-...42.dll
windows7-x64
1Fish-v327-...42.dll
windows10-2004-x64
1Fish-v327-...90.dll
windows7-x64
1Fish-v327-...90.dll
windows10-2004-x64
1Fish-v327-...90.dll
windows7-x64
1Fish-v327-...90.dll
windows10-2004-x64
1Fish-v327-...60.dll
windows7-x64
3Fish-v327-...60.dll
windows10-2004-x64
3Fish-v327-...90.dll
windows7-x64
1Fish-v327-...90.dll
windows10-2004-x64
1Fish-v327-...90.dll
windows7-x64
1Fish-v327-...90.dll
windows10-2004-x64
1Fish-v327-...rt.dll
windows7-x64
3Fish-v327-...rt.dll
windows10-2004-x64
1Fish-v327-...ib.dll
windows7-x64
1Fish-v327-...ib.dll
windows10-2004-x64
3Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 16:37
Static task
static1
Behavioral task
behavioral1
Sample
Fish-v327-0221/Fish.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral2
Sample
Fish-v327-0221/Fish.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Fish-v327-0221/kdocin/p-00839798380738.html
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
Fish-v327-0221/kdocin/p-00839798380738.html
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Fish-v327-0221/kini/SWFToImage.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral6
Sample
Fish-v327-0221/kini/SWFToImage.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Fish-v327-0221/kweb/defaultad.htm
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
Fish-v327-0221/kweb/defaultad.htm
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Fish-v327-0221/kweb/defaultmini.htm
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral10
Sample
Fish-v327-0221/kweb/defaultmini.htm
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Fish-v327-0221/kweb/defaultpop.htm
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral12
Sample
Fish-v327-0221/kweb/defaultpop.htm
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Fish-v327-0221/mfc40.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral14
Sample
Fish-v327-0221/mfc40.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Fish-v327-0221/mfc42.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral16
Sample
Fish-v327-0221/mfc42.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Fish-v327-0221/mfc90.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral18
Sample
Fish-v327-0221/mfc90.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Fish-v327-0221/msvcm90.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral20
Sample
Fish-v327-0221/msvcm90.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Fish-v327-0221/msvcp60.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral22
Sample
Fish-v327-0221/msvcp60.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Fish-v327-0221/msvcp90.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral24
Sample
Fish-v327-0221/msvcp90.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Fish-v327-0221/msvcr90.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
Fish-v327-0221/msvcr90.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Fish-v327-0221/msvcrt.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral28
Sample
Fish-v327-0221/msvcrt.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Fish-v327-0221/pdflib.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
Fish-v327-0221/pdflib.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
Fish-v327-0221/kdocin/p-00839798380738.html
-
Size
36KB
-
MD5
02b87ab2e8cc4e6e5da057ac9e446dff
-
SHA1
d00f5694953b16540478a9093795d09f70d1525d
-
SHA256
e90cd42fa161551bbba1e8941e75348a6f4d8c8f8aa6242c6e14470ead08251b
-
SHA512
b1d39bce3f936bbdf88797d30401ce649b309b4d6a5deb7337a446e0237aab81944cc9343fd611e13450f2b9bfd047ccd2083a489d3828fdf794552f4b4f067f
-
SSDEEP
768:pRlNcBbrVG0S44E47wNYF30DZwu3efp+K4dKIL3QujlHTIg:3XsRG0S44E47wNYF30Dm6K4IIL3QujlB
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{051C8F11-28DA-11EF-86BF-CE57F181EBEB} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424372122" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2792 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2792 iexplore.exe 2792 iexplore.exe 1284 IEXPLORE.EXE 1284 IEXPLORE.EXE 1284 IEXPLORE.EXE 1284 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2792 wrote to memory of 1284 2792 iexplore.exe 28 PID 2792 wrote to memory of 1284 2792 iexplore.exe 28 PID 2792 wrote to memory of 1284 2792 iexplore.exe 28 PID 2792 wrote to memory of 1284 2792 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Fish-v327-0221\kdocin\p-00839798380738.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1284
-