Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 10:05
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
220KB
-
MD5
0e77e21122b3d6c6af9262174efd45f2
-
SHA1
dd5ad2f8e84622cb197bde9a50cd9f25a9a96d6b
-
SHA256
b037adddc2637b124b6cbb15ca90d053ed2c829bc9a9fa8a9e01410f720cbf6a
-
SHA512
0cab97b7c9110a28c1222f9a0bd8e25906e6c73498028e4b2a134686612bf49b2909cacb491a3063f7bc845f742ee6e734af1b9741bdd9fccdb175f35063763e
-
SSDEEP
3072:SCgM3RwCa+GRyfkMY+BES09JXAnyrZalI+YQ:SC/1XsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{67041BC1-296C-11EF-A304-E60682B688C9} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434971" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1796 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1796 iexplore.exe 1796 iexplore.exe 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1796 wrote to memory of 3004 1796 iexplore.exe 28 PID 1796 wrote to memory of 3004 1796 iexplore.exe 28 PID 1796 wrote to memory of 3004 1796 iexplore.exe 28 PID 1796 wrote to memory of 3004 1796 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1796 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3004
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59297f11a8c8ec13678997c9a4dc8b5d3
SHA104612392ff9f21d116e34b485440b4aea8ab2553
SHA2567bfd1cdebcbbe2f196f3be2b31ff241e9abbf2b738ef30b97500feab76cfc908
SHA51210ae6e01f4530239b81338dae38922ac9b0fdc097419c667365c54e82809c3eb865dbe481a8a0600e87f37f6cd259f13a9857b515431427ec7114eba1eb600d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55a51f94c3b6bdd81ba60ddf00d87829b
SHA1133f1f0676d510b18e672c610f6d0611b2bcac7e
SHA2565a3aee33905c662bb1df31217ff17227100f05ff7ba83472244cf70e412e17fb
SHA512b9afccaca495d06dfdcc33bf3df7a4ece033e42047e1802143dcf0e93f49fbc2e219390360ad0b929cc202bbfb58225cbfa72b3d8f95d9f2a72dc9517e7120a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a0d97bafa27d91f40237082c02677d9
SHA1e5a9829947b8c759828f4e54481414d2d44bb262
SHA256117b6c72802b983d68d970af74431537b196db5bf14803f71b43d8a4af76e025
SHA512ebd7b342a9db123096cd4e43ccd854f82da0deb041bc0d77f347fe0a9dd228d18442f8c740d65c2c49012705949da4d227140ce9cf47df276a7ee0dcdd051726
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f617fc81ba7e795cfcad597ac5dc5b3
SHA18bdc520e0f568283eeb6d8ab48e5d3d74033dfdc
SHA256b16f28e1a6b28d8432a7590c7c55a71fb7cd842c1caeb33f9ea62a0819b3c77d
SHA512bdfc18e0fbf6f35aee36ce677a0f3790809031c3036a3a3f2c4e1b04f3f0f0e0bf9cad72f0fd98f790f539a6fe13ccc6a7d7bfaf8c8b145dca7b70932e2adc35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e4f58d5d77c5b873298a4626d4b0728
SHA110affa3a7962ebd6b5a6635515c62601b5eec281
SHA2565c3bbb4c8dc25536a8b071e57844a33373f178c39554c5204097f4ccb9afbfd0
SHA51293cd2edb50095f5756d9bc0ca2a19ae248a6177d5e3537eec036d22384c7fa2f0f3beffae1ce9b47e49ce39201ba907f1ce55c60f94f12651672e7e677a1581c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5377b30155487ebf27086b566b6a45a22
SHA15c3048cf3f4e7c63678c786a8bc87c2cf796ddad
SHA256ae80d50e4cb9e109d782c963769249a4ba8a2d3af08dc0223ff955168cf875e8
SHA512aa45cb79267a565c441852a1b572cc68ac7895ee44c5340f1e52fc36afb6867e8fba98a7fad4c973744254697f22a4626aa750eaa21b3f5f3acb3ed3b262f0e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a423297690a5f1c3dbb3fc5298f936f
SHA17e7229df36f523c292c0ba546358cfebee07cea3
SHA25683670c16c78b802b3a638d9cdaa50ff5dd12e23373a0eda2a639cdc0212cea38
SHA51229d80d12ad2386373e6ad4be256fad96ffd84026b230439883a86cfc80d2cb2a71b6029c4770c8b5ef23042312c98d5ffef56b1d68b213fa0e6ce768d82d1cbd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da47a7a1fe7320b6939981ed4e8121ae
SHA1beb949b7cbe752a17799ffcdbba34166820b678f
SHA256c9f7b2242fff847e4a00f71e064fb58213fa15cacc0b7d6e41f6c96f5cf81d12
SHA5124b88c6f54dbc91b6b50641acf2b14bcfb083b2f095a37a71de03fa28ae0bf5a0db7eac78c926629308da132ddf4a0fb0cd21995f161fb27a2a2f623b72bd58f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5267aeac28012ea3b797d14b2a1406bbd
SHA158ae5967ad31ac2a751a82dc36f3f8fe943d2260
SHA256504700dc3c9cc8375bb770d62589f33c3d45b45b949c07dff6221c8cf459f925
SHA5121da570ebbca2df0b158c2396bc6e5f0788163d8972a55f1c383f4713ee1bdfb6ec167aa3b7b3f05a1c1ee7b122d1ad3245ce00ad06525c2d7cb6080d7a264f4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5109a6c8beb8f0ed30b7388e8d38f4429
SHA1757d9002ab7b2e3340c0dc7440b544000ac0126e
SHA25608ed2e75f88f3bfa953b8bde64990b63bf48929ba51b78cfeb8b1aa4fdd11379
SHA512677e9d52b349c99c26ae9bd8c43937a76f15b4b03d7db77b1ff8903947de82991fefae8dcb7c79522678c37ef88fe8a52f01ce82c0bea7f4c6c8c5097aba3ef8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5885c1b89fd9cae2f1fea3fc5e0fbddfd
SHA11eefb9b450a1351c7941daffd01371f0df483f5e
SHA2566ab7f85e9953d751cbd7f2bb3b39d8367bf5071e94cce78cbf8c4f5ad2b003fb
SHA512c68f2f2e3658a1878a703f2da4d5f310923c04e76a59dbd3909a4de36887d4ce5052b1ad817163be54f9483738dcf93ececed94512c73d84721b216a9ff39cb5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d235c34dbe41dc8cf921b62061783503
SHA14a93de3b48cba63d32bd0adf0e6c2a23da1b4664
SHA256d2371bcd81e898874d79e8642ba5b4879f2450aff21fd2609d77350ec0dace95
SHA512b9fb502fc6f6437045e86132700652ba572e5c663037dc1cba2c35676260b7cab8f82defcd6222dd6682956e9918d3935a632c0f142151e5546ed4c6e1af6606
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590e4a686adb01b8b0f5f618275bf2f5a
SHA1b5676a214782a1c87de3e85c2e0f42e8d67d38f1
SHA2560163db7841f9bd015ffa2901bfc3515b2b12590a51ab4000ec2b87e81f263bb2
SHA512e73fa5a3a19865cda7e4aa0343669a306230cba4936cab949e1624129ab7628796e2d1e1954746f0f248327d8a4ea8b6d305ecbf5104b17b89d8d336137f221e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5498d8029620dfb1244bb42220698468f
SHA15723603dc10dd722a6a6b518cb35a1b5d02730c9
SHA256471e5d28d040118eb9f47514b88b8743804bbcbd5a84808afcdac48b420ed98c
SHA51253fa87fabcad0eecf171db7a1152f761b6abe69bff4577fc6d4a4c849ff382d56e84fba600a6bd830cfdf34f2055cedd2fc5b0b1d172fa6c55fd492a2710247d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575f07345411255a4aa7cd4e82f126262
SHA1b761ef8e0302ae046a97cf425fce3d1fd4a6e4df
SHA2561cdc32ee4904e24872970517ac157f749907f037aa821fa981a6dabeb6b1a586
SHA512303ac6984a4c03c7ef3964ce930edc67d7b692313d41772a20bca51dcf728ad26665d1c1376b58691b7664c6e8077f9f0446191c14019f3c9b2c506f51ed3239
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a1eefc829ad332040909e4e7cfe05f5
SHA1785c58843f880f6700e4f28c34846bb094e58175
SHA2565e752aca47a6000683e205e76933c5c148ae7c64d90bebd77715d1cecfea0a63
SHA5124792ca40adac78888cf2897efe72aa1f05e5cfd21d8dc2d69507ff1cdb482fc307fba4b8d135a2b388de322559afab1521aaa992fa2021f7871adb794bd95fd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59389a5c2063d9a1a96bf8cb069e0e5c0
SHA1330c43ca89d320fdf5d4a13dba280a56e4abf1ce
SHA25653198a0a62873311c9be1f2dbc84e512383a1f9d5e8024024774edb2362dc240
SHA512b333aa90b9218a42ffa9e4ca98f33f0d4fc800cddd2624ac32aeca850598395252b8a5641fa1479272e3239e05925ad0e2a97d9f8e7ee727e7191cb6b557d72e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3649778c028288fb2a58eb1238bcbac
SHA13d3eb47e80cbe6084dfa07a0f3e4e5849a7fdf4b
SHA256593202119731f84a270c5b1a72c62c7feda87f52630efb988c9ef89645d1938d
SHA51233cb1d6cf209fdf4fd7f2dc50157ebf1dd6ae6ebcb5af22d2427d32320520d9ede04220cd84e9af8207e3dc9e08f057e73d7aa7ce97e3d8568c3b32b1f822d30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5992f4fde6b807f17b52cee3e34b8aeac
SHA13cd9f4e93be7966a4fbc63dc2bf17fd981449046
SHA2564d73e7314bf423aaaf8d2d32e8e770491ca2fee01a6d94a498d3b0c37ccd91a5
SHA51253b36953a883b15af8e626646d423288d8956c3fb87aca0676bc428a3aa812ef6c4a726aa817ae2e560eb5d5c41998fabd7d273c6497229ffaa223c1403b47ec
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b