Analysis
-
max time kernel
143s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 13:33
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
217KB
-
MD5
f7e610771da9c8583cb788536c37395e
-
SHA1
86775f1872d1d9482c5354f27c1598a9f71a6ad2
-
SHA256
51b1f6fa931e33d5ca0a4ce93c1e4cd96ae45bde2106cb0897c64bd65773d183
-
SHA512
ba8c3f4e2b130ccb9c6fa82fa3ea21a40961637b552b8a0bdec253d447e39e6fc27ae5c3ff23096ef433d9376b72d3e310da76fccd2126823a26c8a046120218
-
SSDEEP
3072:SQ8tJQvQm4yfkMY+BES09JXAnyrZalI+YQ:SQ8bQIm1sMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c0366f246679724d8e5054b1da5277df00000000020000000000106600000001000020000000d9377fea06f3f7ad3b0917a279ee93a98872ac0f532e05f1965f4b25207e1182000000000e80000000020000200000007e8f5df0d8db0c1d88d03971e4622e7ddd2bf5365b8ab01380b4af50c5f46a4320000000f59b95751ae0f36d05af91070e04e33074cdb99e4763ba34925ba35bf4580dbb40000000b1e9ceb63fcc1660298e366f02c4a747e60ff4415180a67987bed514d85b8865c42b479f4b787db2a6bd1f6944d0193eb0befad1a011c4fc1a4887f0647282da iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B9DACA1-2989-11EF-8DE0-D691EE3F3902} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447461" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c0366f246679724d8e5054b1da5277df00000000020000000000106600000001000020000000693e76559fa9cb7d56d9d14941ed5bfe8eef0cfd3d688f4ccb7f67cd5b74b21c000000000e8000000002000020000000dc0da69d5b0701f3d7f985a2ffcc66217c42fe5266e511b9d9851227b1d49dbf9000000085f3f6d4d43a1cc3805c3967e49595865ae29d6b6a1d0a4517a0d2ab1d3c1f38bc4d7210b87ca53dc6c6eb836a6b3b962368e53548a49ca6a80435defe48e98399c5377b3a0db31b711317e630a808ee0febe07fb42c7b42cddb6929e34d682037df236410b6df2c15d4b4ae0a4b732cc89948524da074c79553a6410249d46c8e999e66f413cefb84fe391837ca7e8040000000ff6a3c0049d758242556ad330888c43b322036f0be86472d3ab628a26422ccd69620fb52dccd14f6f1038cba5e243b45d4d2966b0ee95499159ce5612dc280fe iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60076b9396bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1688 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1688 iexplore.exe 1688 iexplore.exe 1916 IEXPLORE.EXE 1916 IEXPLORE.EXE 1916 IEXPLORE.EXE 1916 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1688 wrote to memory of 1916 1688 iexplore.exe 28 PID 1688 wrote to memory of 1916 1688 iexplore.exe 28 PID 1688 wrote to memory of 1916 1688 iexplore.exe 28 PID 1688 wrote to memory of 1916 1688 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1916
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD54ccec9e9e7837f84af4891ca647cade1
SHA11811c3c7437aef99ede8a66bcfc4dcfc933ca1f7
SHA256151dba8e8d861d3d0e7d5665540cadd964a90aefece8047a7758ae7c53585241
SHA51238f6a8481c7620f6c723ed547f473d40902a4542a88c1e4266ddac5c2aff16c382c81fa324dcff360581d4907ea7ac1b32601e347d958b94879f8c136b38a85d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5705975053a8cfa0fa830d3345cb25f86
SHA19043ec2e965c42c6f971f4b5b0dad7105479ea66
SHA25673378ee29c41de6dc5d992ef937ac73a83887a0128e969c8f492c0aebf808b65
SHA512090b7d4e7d4aca5d3bd807bf3c54eb77e7b06081a7251ae197fbc850c13c5bd1cb43edcfd8ff176e71ce355329897f655e9270d8adec630f97aebe9e8dd8c279
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512ed5259c794476b646a743f7b64464a
SHA1da14f6a212ff59f44b4e6fad9cd2441f909063c6
SHA2561b5fea1b011dbb9c72e1e1272e5ba139c620f3b19091fb5c268842b7f3ec870b
SHA512809a1c98bab61f2e00e6b101c16e7272e9fc8a98d5775b49caa90dda9043489d4ae7787eef6b96d94912412e21e755019e294f06006f9883d0bc908df088a50b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ef5cf6bcefbbd2b40b220634e8dd54f
SHA1466e1cc645afe177e5801eba1f07fc1a3038b568
SHA256ec15d03a64072e4f1ee671eec7e271b86d98da1ac350e172c5b4bd89f7b3ebc7
SHA5128389f25b848ee18fe9bcf0ea6b2f56ff4d25bbecae1c1e111c190aaf033243790f38399ebf6c4f8d15b647a17bb7f547f128e3651087976b79dfabf330667689
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5baec1e46f37d311a2286710a97c0d251
SHA129d1ca56cfdd7351ac73dec89ea9fa22325432be
SHA2564d5c91f3f5faa530b6ca1426551f66f8dc3349a2d247ee3c44ae919ba2e56a73
SHA5124a3d2511e9f76330e57a0c84363f82ee083b19c7f6009506d1697f2c9bda0b977f3c7dae89fb04411d69bf052021efd8c1a3c4ff87a606fae8094a25006d5269
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c8b4f2499127f0bd4791c2d272a678d
SHA138acf6c6e0713701feefaf210e2d797bf5a921ed
SHA256ad3bbda2f717f8b19b330f1e4ee15037fd802f6620026ec5db52751b2a637c81
SHA5122a25794cc4c7521808374be262b1cd85d3cddbd03efa780b372e7dcc7d8e81f9be7fb4c6fd296ad1b098eaa923c4bfe08c23cf2d2607476b8ed7a2faeeda3a52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d34e7d45d8d918851ca1f7d24a60edfa
SHA182a650d2d1dc2e2b91b2a9197f9112016b27ca87
SHA2569d9532ffaf41306ebdc5e10f93ff8caff5335b36802d04a8e46026ded31b503c
SHA512668531f59f79152a1840edbe28af73e3b61d1633f1080a421f4b2d536d8b3c02f2ee3577bded6e32559b24c5b571b993a235811729ec5ea9c6b364fee0db58b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b518605b94e967f10b645f3226763453
SHA19a13090c0ae87809e246fb29628b2d5c067a9e77
SHA25659f26e3fa686ed03eab137a975df007ab67929d7c0cb94d9d08b9c623fd9edc9
SHA51254511f52d2b38d0824667eb0c1afb40b13a777dabff7d8ba845b5e10188c743eb51bfe818a14e834724e8c462fc0ab40d69849ca7b504710505bd72c9faf907a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5520ec90239741bf15520fcf4fae5799e
SHA15e88fb8d8a668543384199f434847a4be376f910
SHA256557fd21629a87027cd52857528a0b2780abaa8d91cf84bd2c591d6cb0812ae83
SHA51264fbdae0988ddeb937f3fca5a85ee8369bef6be60b05bfd6c61aa1a0b0c1cf34d69345dcd5e9bdf71df8258dad15332ce9918287bf36dac799e46acdd84f160c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f18f6db1be8dd1d18d8aeb9feaace9b
SHA1b0db18b97831f4a24e8e5f99a2a0d0a09f5f7864
SHA256aba4b5f078f7ddf24750e2f6d91a4cf0bc705386ff697b436bc5815db013fdcf
SHA512617f6d1d4bfd88efb8e8c71fb22e4bb977a1d4cd4584e41ffc9deae61d982c4b157a662377f48bd1f255d13dc4ddcd04dc285e4b3cec1464a8245ef2a875f533
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d247ce8fdfb20899a25634fdb8c3387
SHA1a15e4ed39b5ce8ff463cba81c622e378098bf5ca
SHA256f94afa02786bd1c405ed93d0c50c3d38ab471adffb4b721dbc3727d3a4e163ed
SHA512a3cc7fce1bf0386ec993a256fbbf12be69dfe0a10e358c91be57a87420359e9424405860e410a234ec3bab8b02cc238ca9420444f0a9d7131952ebea108833c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD52aa8bff2760ba5ade3e94f2beb6e27b2
SHA1aae5f7bcb76ff4a3ebc61d6ddf2abd2a1ccc9254
SHA2569e83b615dc979aa421e9ebfb90296a2aede4f37a53ec0a4790f7b50160dfbdd6
SHA512f75258dbbf3ad249cc11d68a321bad1a0ffe9ae96d4e4ca7bd90513bf784b49bad3ad122da378f29be50640e8a28e42d921fee2e743e55a000ba313d04931b19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b