Analysis
-
max time kernel
136s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 20:20
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
c556977bf72ab2e28fe527bc14979159
-
SHA1
64a0939a92637f374a9b224768e468c211a34aee
-
SHA256
3b1bf5fa7dd3c0187b234dfca22d89fb3394f09c289266b89457fa0ba58774fe
-
SHA512
5ffbad51e704c11eeaa12354909365a95685fb5fca9dfc284b92c22632ed2c48442950ba7f1689c786233f1e95802c38014b1fa7f47513cedba292327216bc51
-
SSDEEP
3072:SGCjiqxLK7zyfkMY+BES09JXAnyrZalI+YQ:SGSUWsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385483" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2D2C0CA1-28F9-11EF-9E55-E6415F422194} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1440 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1440 iexplore.exe 1440 iexplore.exe 2724 IEXPLORE.EXE 2724 IEXPLORE.EXE 2724 IEXPLORE.EXE 2724 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1440 wrote to memory of 2724 1440 iexplore.exe 28 PID 1440 wrote to memory of 2724 1440 iexplore.exe 28 PID 1440 wrote to memory of 2724 1440 iexplore.exe 28 PID 1440 wrote to memory of 2724 1440 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1440 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1440 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2724
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583d9ea332d45927f9e910e05ab3e3b37
SHA1d6f0f630beaf09b63b5b9c79b213c0ed65fbbbb2
SHA2562bf01f87beac9d5b282e1f62c3d69d39044799a7f2812ae65ac5b42abab471e3
SHA5125d0a4956b8913afa8824058e4a72c234f4613b0993c7c210df37431e57608e63018e27b19ca285baa82a66406db78714b12c71413a667d1066732f760d4083e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3b97e42474ba3e1679483f58d6ea404
SHA19bba39b475fb8ecaea9e65de6ffdcdf6f74d121d
SHA25636c9388c8650f1166638bd2d95141f0f4dbf6dcfbb76a2d54f49d479129347f4
SHA5124b63b89aa93d901b569cb25dbbabbdf80ec5a945332cd2f65a492fba3c9d1be21bc3040c66dca849d634fa84cef930798e3643adc42ab39c8a9d00d0cbd15dca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58fcd3017bd4d566ec8a2c9a8bba1a13e
SHA1641453776551670f41dda631a7be5908827bdb5b
SHA256202c5929f113fc5ffc12a1a4a6185a0b721bee62307b9ec0b4f5a4ea5bc4037a
SHA512626877fcab83ec919a4319fd2097e69d316b3bf6a2dab8abcb4c9f3ad7482d6caeee59f47befde5427d93bb19b954122ae7a4140e8b404f135656479d4013ca9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50697b278eb3ed3e18a3b8539ecac746f
SHA15759a201733d766fabe136da52c723984d0fdb4d
SHA256d36b398aa7bff11487599ce59b6e37925cf27d8b91c3fc41d63dce0285d2f009
SHA512b7becfe4561398fea33148777f6322fbb50701bb130223ef7f96110a7bebdabcc4a32660be67f7dadae4ae47271abffe63dd0b2b2f52bb3cc14fd9e44a65bbde
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f1c4827069e21afa9032a55ad72c3c01
SHA156740b410b29948e9f181cd24ea532bd7f472d4d
SHA2567c97e87c4f06d343cb0c46f9c48a6244cfee2c6cd57545189f8af788f7c5fdd8
SHA512d3a00b943af2d90b3582f04e764fa963a88a358e5750b5f9bc479f32f837f45f9e51959284b262d2379be08771bbbac6571265ec1509c867d8d3694d5cb35af8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58fd7e0b5ae7030392d6f899b22f84cdc
SHA14ba6d13f895e45310e70a8feab9531d3826ea4a7
SHA256d00a812fff1a7120fe2a183fd0fc202158a06867b213b3cc4f97bae30e9cd070
SHA512cc640d7e7279884eca81fbd3eb962a83db69c2e5898fd8c3ceddb031cf279bffd6f70de5e1e61c41e563fa4d33351273df805d6901ebce9785de6fa5b648693e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bba3a4a8358b3c0e60860e43db800d58
SHA17cb6a0b41a0b1b41266ee7de73a953a862a0d90d
SHA256178d820be18ddd669379c807417a0678c2891f12881ec0ee43a6f37c0396943f
SHA5128e353f603c5baf68227ee95255363cb4991d586da2cb270fff22f4c79c5f7dac88f46254e45d54c925977c4dfc3ea300e9557313d406823288b7579dfa6d49fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55865df2932c1735db56f1e4e1993cfe1
SHA1227292a82670be06d41eab483c59ce315a753767
SHA2567f03502374832f711aba24751c87040dba013e140aecb57acf47bce29050de28
SHA512aa6b4739e64580b46d72428448c2a8e3218642c3bcd47b5abee1900d1d9ac7bb188a08549d68e76c7dc29f8acc48e69403555120286fe3e11715108208f83125
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5095704ecea68b0fd2941de8b34440c07
SHA15bd0aadb1ab832482f51d9395ca53de851b3f534
SHA256645fead1524929126922ac0fd2bc2af1e889ab520d75257901fbee75f976c5ad
SHA51290a0b82875e8762e21773203ff98cdbe224e0747e6489779468adeef5171acde9c220c3721326b2160e5a478c38f2e0f78121eb012477e5aa8d43911832b930b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507c107029e1f0a69874b56a77375fe7c
SHA17efa1280e80885b063b8d8bdda45f106ebaa4dfc
SHA25672f0dc0368d1ae51da8241bd921c01c86879c40ad8e66abeddbb01cd91e31f8f
SHA5129bc889f8fbf06c92aa6a24c562a205133ff7af7deb946a74407a4ff46fec987983ce5920002d84bfe1fa06661c72b797dc36f3b4f4673e387026c9994935eb55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca45f76fffe5f8741aff5bf29e3f3993
SHA15bf2f7becce575f9f2914508c93dc82c0a40eb39
SHA25678ff33784e3fff7004b56d36f146b45a19ea0f4fade4c7146be3527377e1daef
SHA5120f10b61b0577a84473fbc116ec5d1fbfc0c0970617cb5951e06d4fb4cb35bdea05124cd9a7427ef1b3cac0fae77bee01e79f1a475a39f72fb45f81e8e8e305e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ed376e086f0edd81df50efc79f76a624
SHA124c70e4f4d428db7d4f199f17b63e571b8bea0f1
SHA25688e18eaf6c939d6f695d6130cfc294ba0384589fe56f6aaaa78eee9fb6b5ecc4
SHA5123fdac03a13ac9c0608f569c52771c9c303c04147433a65bf618bb25e60cd88cf3c94b3ef0be1deb91fdf3f62ff340bc8460f63970649d0e9affd01c0bdf6cdc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6cd851ce655e0a6175087c0b827e80b
SHA16c55e803e530dbbc178bc3f41f87b7ed31e0a28b
SHA256669997a5aa6f70105da7885c591e6e34505d522966a6f714012f43201f5eaf1e
SHA5127c59d269823941c217ff5164f0b2a03b58169f296413f74da8032a70a5077f762b732a6ce00cec5d9e436b568b04987b70c5771a1c7dbb2d5f1bdd7b8ced10af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f463f79295e9b256185f9921775e12e
SHA1ad7af8fec67abfbc412ade36d54ac0858f8b05a3
SHA2562685d494fd13b773d86c016a2101d5b59ba32a67f939a07a98c8cb0c12f87e73
SHA512827def8009a829fc13895d6a8896ed934ea6936ec2e77fe7ca5b42914def6a2aae8be2762d321826ca871306082b14cd3f38cfece8247b77da324faffb4b2431
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7d896c2d9559ff3b810329e5aace853
SHA1363fdc36b48a8778d18d10ea07b8d838a75c2e40
SHA2563a8a8758bcbdb17764e0165abdfa4752980a2434cb04199b88405451c180a886
SHA51277a41000f8c0613f80ef86f1c880aa19ee3e0b94a76ab48751e1cbfc63760928273a6b2de9dcc8b6b72344341eb06411156d57493b578f4c735755e78d8ef0e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD520e72f3241457aa96e166c61ec76f6ff
SHA1216cf45598d524131f84bf02992c26e82811fc88
SHA256db697d9eb84ed07f1ef88235431a1eeb6a79f6130969e6570d534a49d5c8ae5a
SHA512b2fb8c1c4637bed145c08fd8c828ec10d7eab1dc93769cc9b8cd5dfdc1b472bb6d6322f4f29bb73ff4fe7f81f6072938ef0367abb017fe252e0abbca9d4f9701
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c41fdd5b0c0e3e4282a5e01c035e87f8
SHA1ba668a73a1a562101ad97aa866fb4829b4ca1cca
SHA256618a69c99f8db0784db4923c78e7f65a487629318444fa26494dac3430cb25c7
SHA5129cec620d38e84fa468c570023eacef6c18c6af8801e97804112fe8f792c569153ac493b4bc4456011157ca121790798812a83b7eac68c5af4f495945a57a1d7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5164b14d6f0bd14abc30bcc8346052075
SHA1aaf37c466f9c8b436bd1b1de5ca9ed58b473aa22
SHA256df0bc6521601afdee3eb4de3b95d8c21369a8e89f7b1599fddef9cd64ed2af5d
SHA5123af9b8f706e5d19205f1531c156b21ebd459e362671720817ab794b638691d28d4336b053dc8df6b5beda4e8a50eac9153520e2ee053a71282d811c8b0cb49b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ae38464275231ca71d9dd69596096a6
SHA11ba205a383e16b2bdc260d95bb3da1656387fb83
SHA256f0345c5614439f1cce8ef61ae46c5f19d3f1959a805fe282e4cbc239abf9b0b4
SHA5128aca699c7f3d09f9b6cd81d6e26c4675414629d6fbfb430f8e8c91dd0e5f4511bb22f6132e0c4f3eda232f34cf4da56b4d43db0dbd6b8007659e2ae3e198849c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9cc3329e9578e78599f533a879b8e2f
SHA14b7599d238652931ee1b9cebea0a29f8273b58fe
SHA256cff62d2bbef66a4b6bfb4231c2f4ce160eed6393b205a9d46a8a566d5fe07b9f
SHA512f3fb1437128841d5f38d114c1aa1cd4ff4be91bcdafd13f7ab15e6f92bd22cebe2a6a9a568e26ed55858aa7dc3c270c3a6d9f7b22435d38c3927fdfc61020d72
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b