Analysis
-
max time kernel
136s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:42
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
221KB
-
MD5
81e15ef9672556568a3443bf96193d7c
-
SHA1
c8f0fb5b84e49584be8d24c4925102d3c065ef1f
-
SHA256
918197096755e61067cc2ab7fd46337ba3ad02c94fe8c4ae24a31963e52f6d1b
-
SHA512
0d6e5ad12215a1aed02d8d871c5492c37ab331cfcad55abc94bb047c9e46708f5b4188cafcfad563bbde2e589fdbddcb8c551671412fb0d0d72fdc0350ca11ac
-
SSDEEP
3072:STssEBYMnjj3yfkMY+BES09JXAnyrZalI+YQ:STIb+sMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424379629" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C7EDA61-28EB-11EF-A8D3-D2DB9F9EC2A6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2012 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2012 iexplore.exe 2012 iexplore.exe 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2012 wrote to memory of 2144 2012 iexplore.exe 28 PID 2012 wrote to memory of 2144 2012 iexplore.exe 28 PID 2012 wrote to memory of 2144 2012 iexplore.exe 28 PID 2012 wrote to memory of 2144 2012 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2144
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5f718bfbc6a79c487e7608d4aa6c97c
SHA1cb31420e4dae1e48a02cdd6bb34f7aabebda759a
SHA25620c4c123dfa406da4b91b69a29ffaa5f92433a187f0ae4792b2c6ed2afe10bff
SHA512c5a8fbfdb631d325247cf77058612d3976784a3121ed12c946ef7689642cad6a4c13d6e8c7da8bda4bbbcbba69fefbab196e1bfdb153889f4d2ba2a7aa6ef3bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58dc0ca715a38e7355cc55d90409bb84b
SHA13f04cb5659ca9561f8d5770455bc917e73eaf2c2
SHA2562e85463b371d6fba2f50bc91fa69f429858ab076f82f3b6644b3bdf259b36253
SHA5122e7f51e438f971c6158a62f39c9ad70ee04f6d84580beb8ff745e52dbf0c3ea993ef032a56743910cd93ec71692aac7d254fd8fce5889dcf13fdd8bf00fe0b3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51bfa5af1b78dc1230007d477eb1477e3
SHA1ac6b4f53838b9cf0f51ed11fce6c27a2d16dd77f
SHA256672fdfb9b5b52afe77e9e6f8b6d576701f6de0b5575deee1c3b092f03e702b07
SHA512de04271bb72e3973ab6ae701af41d589d83ca916fbc572d766a42c8ae307b87033219ea13904d8ab98ddb15789f2374a8853a23e67f8ab5428371d635defeb4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59400977802c7d0949dfdd6b385f5a725
SHA14f78446d2c82790802fda56fbef78a57cadf6a77
SHA256326a8b16a7ba90f05af3f66fcddbe8ecdb285644f41a3e80637f2e0562f2fad5
SHA5124f8485bd60dbca7f56a114b37bbb100364c2827eb79760abf5b6a07447f74b6ef2b4f96476dbcea751a4f1b049b5a321bea5d4570d68aad3638234f4b2cb0043
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ef556d215fc058a35982774c98308377
SHA17a36cadc7233f76f9c005d560d4fb9a78093ba48
SHA2565f2b3c7537a1829daf066de535a101524a92acb423bf8f83546c45b848363042
SHA5129449419b07c324c218eb225c6bc5dc990f5456dfc93bf5ce5830ea8cc40b29fc0bc905455936f695edad8e30d86968e00b5024ccc235fdc81061b65a64999b26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57895afce04a1b908bd7e83e84600fe21
SHA1bed29b1d555b9f061ca56ab8b107e0338183aaf7
SHA2569b0e62b9ddb60ac93b688f8121c05467f464c74029293635b43335c351d9ba32
SHA512817b735c5ef2b5c28ce57d81258ef42459d67d130b6235ed2457e4c10d3dc13162ed5678c0a88ec5d040b3ec8db03a762277e557557891b350def38c55c0d5d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5def7e266459b08d8706fcc3e8dc34d43
SHA1dad8a0f984dd52cd76882d6e2c5c049100f53b1b
SHA25670298f72485e2e6df1fce0a6f27e04f749473680c9165f965b8cb38dda2020fa
SHA5127a09824d41af39e934935af2297ba9b8690247509f197a67ae87f3ee974b9474e462566cdc18e6733ca9b4fb2cc321b05c86128660e61cb5b9eb3bc5945c2fac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD525a4abda83f90ffc72e4c97a29d54ac2
SHA1e7216e029aace0a51444af6f0583797ca21399e4
SHA256d2a2416f2e2d9d40fd15f31325cbb555bb783960888d9ae7be3538f921692bc0
SHA512257d783a4c2ea8cbc4b491d8fb9bc58f011f0f3be29621d4fd125fc8f3e314cdc66940f64606c6d5cbce731a6919b5ebaa815b636b4d172ec794224768439226
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1d622f842d1d515c34f7bc6b9a9f8aa
SHA10f21b913e2a97b84886150938532cefc9e285526
SHA256895d8aad596c3d12fab6e019ec6d14405f60b7c2735469a562b39ae3be1ec10b
SHA512494a1c3ff55d6833685b7a29a3dfc7075b1c822541e3b64e262d91a39cd159fff8dd3efc7e3d888f300e4dc82eb100c3ae6c45c7c9ae696ab26d5f004a033ace
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9ec9c15b781fc4cd8f0998e8e7e5cf9
SHA19a5ce1394e822d4a2699697c6854e27bc4514f2b
SHA256ed64e21d30080ed8e0ed06a54dd246b1211c51f7cf2167273fa5a575fb21bd92
SHA512d897ff9fb04a8986914540180128f55dc411194fa97c7e6b27eca13c8e8c39dbf732d2dcebc4cf056491e0ee751b1871f25086749d3659f4c0e903b792e03f1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537a459bfa523884910d3de85215c4785
SHA126516f67de41d7b133e755da972ef9fbf18d2cc5
SHA256f555118faa8d8e7d1b68af09835394b10118e8793ae9ded164b72ed6097e29ce
SHA51255749a13c1bb9aa37d857fe43a20eac745370d15347de5dc32f5f3e1996fe4df9bfe1186a759c2e7db0658d37600d4c3de270f1fe50f9a4dbc8c509880877d04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD553f5e193fe65499eb025ddda116194c7
SHA17263073f8af93b503b8d28a01266577f84a668b4
SHA2566c4f8c66c08accc34dbc55db0458b75e6a93251567c48dd2817a02d5326e8366
SHA5129dde4371a8a445628f3f9b5f3d6eae3ac8f840e26de5e4c6ed924ed8893787a35e00e941dd3aa42558f71dfcfa5c88c17161b39741b9cd535f08deabff001eca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD598380bf587c753079edacdfea0bc6431
SHA1c133088b6977cb3977465e4deb7fc6f27912f3f8
SHA25680a367f460cdd29347ce19cf628f91340f63239e037faedb4fa5fa0b06c4c251
SHA512d204ba33dc6d5653c2145079722d596bd46c0b3bbc4cd935e265b104f70fb5879ed38785b61120c28afc79e738aab638df82020a89fadbf71af88e45d2d0616b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53bd3244324887098edf483b621c689bc
SHA1e5042766d7f729e83ba3a4bccad36ce00ecca2ec
SHA2568b9fab0786a215fa3283ed7f0c924a9a644df3bcb7b5c2cf3f72619ce1905cbf
SHA51228725f6360a89452b59f9f5c3ca0179f2909c1c44923a29591dfe841ad2d3ae0857f9097cc9f78b245240ef1a8f4abe59f04e8fa67f73ff89d2b2be65c9b362e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c786b1fbf8475364be4f99d7adbe2840
SHA138449ed2c89f1ff5864b6536dfec2c1079f548d0
SHA256623625593dc2862b38baa18cb6e93c7fc656575fad97b417bea3cc00d01489a6
SHA512b57fa91d8a374a5afd251c185be82c183ee7e7dba43ab915ce9c36691ba7d9cc81000439f08caeaea3f363cf641eb0f9d95761a92cbcd31882e919950a01377f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a497227425ad7aee450fe215596ac1f9
SHA1d0fc2055a0103b9026c88b7c7e42dcfa4a66229d
SHA256d14af57e303cbc223f53c58471623674e21b0c174be10a8af1f13069022aa263
SHA512b008933d17064e4a1849cbdca22a262dabd974088df73dc5637a97b986ca796a5a3de250a976d7949142bf4307e870a41622ae4d96ec9a421f38f9b3ea913452
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ebf3ab3f666c678231d88718a0853ba
SHA19761987633173dedf634191f697b60f762ff706a
SHA2562ff15caf5847becc53ff2da18fc607f45a5fce7814d116f700de53436096fd11
SHA512a97b46c9087b5d8ce8bdbe888b574448491db2088de89f0e65dd425f987b6f98de2e5b1f05c97d42abb2665587c541735832a4202d428f09bcf1c29b04dcc4b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596a50eab5c72c701e716cc435b5b4c48
SHA155efdd4b0d035e102ce0d551616455166f72f064
SHA256340e6719bfaf36680111cbe04e03634193e8b88c53f650e3c2d974ad1f8efd6c
SHA5120177fef492864d59e13ad545c928158e2c22446122c0b2c04367d72991c452a6de032b6631d4cda18acf620e3e0cb65ec86038fcf2347ee00c31810012da0fe9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591858a91882712a0c6af065995e39800
SHA15424bc15d4933c72f49391ae3b9a54ad5f77e25f
SHA256c4f1ececb8d5dd0539eb4357d187a70a874bc67a37e12ad0702456377b21f41b
SHA51265598b34cbd7d939e3044349c6c5432a710d90c1b2163220aa973b285bb601968e913b2ec917a44dbbf433228d456c26cfbf7fdfe908265c539a8cae1225a258
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5048ac46e2535d87d4a3fa149aef208bc
SHA1ab04d2a0f80c87e9054d2a4b0f88c277be6f2a06
SHA256c001af532207f60c79de97e092b771a69f4d59067c45376e4c0441afe3edc13b
SHA5125242e33ebc8e4ee29ee2d77df8ca6ab2e712dcea9dfad327d5ca9f824c69829f0140043d22e03dc1f9be49b766c21057921bf8306771e855d8b6d5eda644be19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f8acd772a1a6dfe254a01a9d504b9fb4
SHA1ae4a1e5bcff10284c41f2aba7ee70170aaa1cdfe
SHA256b7e9f97ffd680f08e2fdc43c4a7ac9e1908461a4b112b3c3fbe78c7a9007abd1
SHA512545f68dba2090f980404369e0c03e7b1fa3148c27a5462847acdca449ad072ff53ea0a28d8389601eae2e39209f6837f23dcce432bf756e4537048ca9061432e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b