Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 10:06
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
df9709a392b743bc865ee98cdc7b2885
-
SHA1
222cdb546f6d946ca2e97422206544793450b184
-
SHA256
1e7d613fd97ef9105bceab6e1b5fa08cc1c2b72ced4110e1731e66480121eb15
-
SHA512
d72c10a2fd11fb11cdc93b3fecdf210fd8b3e47c07fae44d84c84194145415051edd6723895cee090275db75507124f22fac8023ca68f06ee0954c2443cf363c
-
SSDEEP
3072:StR/Zc0z7xXyfkMY+BES09JXAnyrZalI+YQ:StooisMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435048" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{94E9C5D1-296C-11EF-8B56-EE69C2CE6029} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2184 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2184 iexplore.exe 2184 iexplore.exe 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2212 2184 iexplore.exe 28 PID 2184 wrote to memory of 2212 2184 iexplore.exe 28 PID 2184 wrote to memory of 2212 2184 iexplore.exe 28 PID 2184 wrote to memory of 2212 2184 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2212
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b560b91b3165b4822ed58b4c5bff3aa2
SHA163d80f7fea28d5a3f2b47b0cb3ec3d8e64de79ce
SHA2568295ed01976d956753beecf987c3576b6b17ea1ec844fe46b6e7698a0da5bf73
SHA512249633c477e8a092b95033521fa1f5990ddff288229d52cb42acb8f8b9fecb5abe1e0d4cbb376caa5a8f54b5c9ac2fae6fb056a24c4fb7f9799509184f488346
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5175d13d19e264a131e874456fcca255a
SHA15186d88d79fe1025ea873a3ac0139987582e56d6
SHA2561295f699fe2d04061b3d081ec45300bdad83b74efbc0c58b2da92b9618770f8c
SHA512e16dfffd8e1b8d5c92690806f0c8fe8bb7563c9d0296a3e5bfd891167544c491a21509ae2229a33e7107f06ab5dcc0dcde87fa2b487a79156e3bd517e465f2f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a7af8029cc61bcf65c032710cc92869
SHA12580ceb4f0ebb156f7fb9b81b1c6481721a6e776
SHA2566a187d32816f74f6164cb8b4176384045a56255a48664a8927cc23fc047284b2
SHA512a4fed10a7fc67c49407dd860b3c8b57661de56846206d3537b3b570e633eef5f77f4d5975d7a1c003e55ed8ca3115f6bcd1f1d10cf613381addd646523e25f69
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5caa77f556b1e2ee4f871863be6024746
SHA128da7cc33617b185e7bde5d31074d27f35323f44
SHA256c3be1eaadda86d1cea3821ba6d072f2ebee226a0fcb9ee8c3d2f46d1de84ad70
SHA5121ec4e154dcb174765bf93bd7e51440932ca74d53fee3eec72f8087ac89ac9b55bb38c063251c5c483c94b3557c61ddf47689e2cba65a794d842f643f7d24e189
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54212bc59e505e4d04c19550be8c9b46b
SHA17ab785433f34df979548adce0a4b81000cd58aec
SHA25635f19bf9717dd980bb68de67d7a571aca13ffce8072b36e47283e2712f6fce11
SHA51295fcdbc206b28426f09227f787a1f2c93b91677312bc4eb209c1c562df6ff8089f7f03f4b9963c1d5f3e159f0540eb1c7a27ebe1f5eb6a24eb8d71d3ea32c9a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5208a5a4290043be497a62f107b8c8f2c
SHA19e402b2762287fb4fb29de057fef8f787eb7bd73
SHA256d488655485eac1743672515f78f297267b3dde9c172a4386340f4d1e0a2aa26a
SHA51264a7d620cf5c74c1fae3b228850435d120e54cce8a4f7d2a52d75665cc23ccbf8ea49a9d129b8a31ed1dee2734275b730af9c733b960afc73a60575ba7d2c2c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5786f1f56020a88ae7c8d74ce975c4853
SHA1cd6529f4e8d55631723ce69229e3df51c8ddf0a6
SHA25602cfb3a36081a38dff4c4bccb67af99e00ce93c007e93e14c5788299b5f20cfc
SHA512cfd9815729a86801b88fefb7014b180e239037bccb4b290d36122d331136b0f898095ad527bf1cbe4a05159ba3e258e20b17856180a3dd1e6c7184c20730db4f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5263d846a65a2bb7ba90a586977ec74f4
SHA1f60dfb61d49fc8897c87d82a3a09d0467aa23513
SHA256400fa5d1a2e937b2d5386824028ef280446b25c753b2dbbd5a9883bcf2eaa774
SHA512c55cc6ff954cbd28079bdfec31f2c1142ff8d5aea8561338cdcf1201bf19988ee432558f267adcee902a4d122c3c26a3c77d8e6ca2df649d90a2bca9c10e7158
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ddffb435232fdcd59d08e321570f242
SHA1f677dbfc05b9fa9fa778a7b05edac850cbc7169f
SHA256d0374b722cd04e4864235fa3b9399714883ce2e095260a2a7013450005db1cc0
SHA512bf985b321c3c6b65cac2231573a34b76d67019a6a78f0af0435fcab0780434c7391a54c564cb0c0a1092968bc8983d851764450fc0c459428783366c653a360d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53721c62889816edf7b92f6820ad0adc9
SHA18fed13daf228d6af3a4b20dc6bf7039eb111bbc0
SHA256a1a491783a157ba323c392221bb3cce0f46c9b43c7268ae13ca33675370806a2
SHA512135f306d18e6cf17e0319674b6e315386da92ffb4695b04b58bfc4e6c5a36c87baffae22d1bb209b405fb49fceb201349ece38edbc242d0efadd6660e8247611
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50dbb3e7e7a9b7238110e17c5fc20863b
SHA14ee006560a8b7b2958ca1ea27984171d353a0df0
SHA2562ef1f741dbd580ceaa885c8e5a35fea0dd6527eb7bcbd5ff920a5a26df9ca3d0
SHA512c7336153127d9f6ba44376537ada81094227807add1db0a89f05344d8a372549037da0c0211fd99d2a1bb7f0a5d7b53f75f3b57068b4e5001c1c1682bbd93f92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec10e52f34b7ca8402882a916768bb00
SHA1f87f158d87c9acbab29a63b51b539103a9608b8a
SHA256c7edc85a75ea7369f831acbe80b6341410903f1fd3a1c9fc5b08db484d22aa1d
SHA5127aece77826e84333c50dcd3e84658650828d28b7fe2d7f2897c352a11d446e21c720569b466ba8700a07b22096b38565edd091064ad9268918ca332e8a0007a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a6a99ce7acbcdb5d9c1792476b3d63e
SHA109d6dec9aea49bf17e708f95f6b59058df669180
SHA256e8a94e27ca0b02b4370c82e45d356e52e92cd9abe42aadf3bf0e343412a46254
SHA51276aaabc6956b430095b09370d2bcb7deb859a19cd999d6d2ca51a88fdd395e37f56fe66b8e20d4dd5251c6bc0c7af87bba4965e0356f23674c44aba8c99bd4dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3f7779c73dfd6feac07dc753a335623
SHA1e33405b41565746676796d6f429a43158550babc
SHA256fda3a8b5b9e5a7aea61556f38916b4732ab856240c2996cd42ec43b407611917
SHA512248939259f4d6a3f708c69b074412bb342764aec1247219a35b520fabe4927d3339c1bdec4ff5503c1faf5969da78f52792d2b5ce3733d06f2abc89e519fdea4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5433969a42f1e8711d66ee817f37c00dc
SHA1f2c6d9be28bc7734b8666c1dcc41f1b529e03f92
SHA256fc886fbac8252e0d7b3d9de2e6dcb0c6c36423fd7bebebcebdd7fe7e6950571d
SHA5127a4f496432d10217ce0ceb0c648feb9cfee844a2526a1bda38a682c3fef32fa34d99e683b04704a67477c2e97b514e313a889b7158ace7dcfbe442cc234ab52e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a059a0d6abdb19d3fd0c7b3f923a92b9
SHA178089c59034416e7896ea96656f40b559626f0d6
SHA25647662f1dd1f66c649768a3d5275c46db2d2eb79d36b99cff2bbb502b7f58a96d
SHA512c323cfa1002f8493ab03c8132cd1faabea8eae4afdef4180d365f27733601ef5fcaf455c9b00cbf7585aad2cf2d1e1d92aed6e7eae03aa40c77f3700526609ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c60aa8e8f712abbdb3edae02cd7a8a02
SHA124d630c76cfd738c44143e625b4f0b19e149e953
SHA25682f138c2945efbdc6da48d2db2a62120059be5efba243e06658276798a7e056d
SHA512d8205670c2990f71881d7ed14ba2ea2227cdbca0be92a7e318760324e2072cf8fd29fe9866eeeb584b53f9765b8cfd3c2c42f08af004001b804cdc23abb64032
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512a35c384883424e59ccfc6f766de020
SHA14d65b33c36d2afa89f8c3bf503d868ccf574a7e2
SHA256dd34e5a0a90d4364d6b22a8ee0208bbeb3ca389b45680b7d0557de2639370cb7
SHA512816e541f387249b96cd7df5bedd28b611838a10fb996e67bc13921db44afa35df6d9fbe5d636c21d84dea61164f96d9f6efd79ebea32d30d2af1c4b26234759b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537b993601a30b79c0b0975588ba848bf
SHA1a7af22f66c1de9bc83d8e16dd4f2833efc02b6f6
SHA25660e6f7a088ab9a2335a3223a8d952b00a43fed91a994389f09b23f0a48905646
SHA512e51b83dbe9505e126892b9d60c42e95a8e9571154238850f7e174ffb9b70591a3ae58c2f80592d4db6d87b8af0311b6df4d2426d478b6d56fb325619a41c5b26
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b