Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 07:39
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
053c36b9150ec68b9ccc775f84f5dde9
-
SHA1
054f842b0cae3f6c5f93296c9b0b0ccb39d19aed
-
SHA256
feb3e9ce7b2d2830a367f3774218575872021cd8e89ac5913bd0402552da89ed
-
SHA512
f3a26a6c8b8d034383e795ee35d3bb79f62c454547b4b51a3144f0d3f69f765e48eff257cf2851befe2648502f15cf37f6310b0a43b6f9847f8a24e933590d5f
-
SSDEEP
3072:SPt08rsmzFPyfkMY+BES09JXAnyrZalI+YQ:SPrPasMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424685438" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90F44291-2BB3-11EF-8F92-565622222C98} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2908 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2908 iexplore.exe 2908 iexplore.exe 2256 IEXPLORE.EXE 2256 IEXPLORE.EXE 2256 IEXPLORE.EXE 2256 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2908 wrote to memory of 2256 2908 iexplore.exe 28 PID 2908 wrote to memory of 2256 2908 iexplore.exe 28 PID 2908 wrote to memory of 2256 2908 iexplore.exe 28 PID 2908 wrote to memory of 2256 2908 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2256
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9695d22f5ad32e757f49db410326c9e
SHA1a9ca5453f7337ae0ecc7d6857161033840eba769
SHA256a8576d5d5c728fcfcacb1bc151ef7560d1edd226fc96a33f33317d71c7c4192b
SHA512b6ff0881fe066ab956d1cfa1c87c5e03458f6574d9801f6739b7231de14d6b9ffe5faa5d8b47d13e38c58df7257e8914d664641c1a68529d4e53cf434c4780f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1a6f55e74f8943f99bafa2422178d87
SHA16d49967cd0ab304b9a00030d3445528f4ab148d7
SHA25615e2fce9d333a7797a576fcd3d4ebaf962721e336af65539897cd21ccd76d69e
SHA512e4a93c56f2fa37c310190774b214cb99b5b74b09eae33cdf5dd9be1f4500dcf994281f703bd00d78d416107b6d2bef380ade1b6328856402aa3e63474d9f40c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b011006d4a7ab0e9551317c0c7d49ef8
SHA1cbbd4cf03cb4d91a30ba46614a932e8bbff9db35
SHA25681e903619e878b1cb80d2c58d2d974c0f5115fed2be595895478e7a9767ca8bd
SHA512690b80c46398a11916631ae6a2143b68fd8986f2c32050044ff588237b056bb78d0310ecd3bf3ae47f34aa853dc2b76dd06c79830b1497bec88e17393031c63f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6cb04e468b5b98002b47d8a493eedd1
SHA194b3bca2765acc5d3de90461d5c5b102634cb14d
SHA25618abc9f86e188ebc3dd458d5c57feb81f61236460cf0d7d9048ab64a6742118a
SHA5123c83792ff167450dcd362857ebee79b31bb8f921441b117da9c5d662b83d588a5ca2009f1f4a3446bc3f22d4b8adafefe9638e7c8081ae59ff273a801aa9361a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a395d850a5876942776494abd1deffc6
SHA17831c8088038ade11556cbac364dabcf207c06a6
SHA2563d7df8e3cbcf5433ca4977569f016e6105094334ca1df2f9314b5936d3ab06a6
SHA512b47a0211e76706b3791625f9a0422de8e87414c93b895b9dc88a275049c4154ced8084852443fd1d4d0b16b04d0dca06a6ab300e33de352448239514930ced8f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53380e70441bc19317f122eca123c0db2
SHA1ca9b1e99b441e6104c4d2efc5e4ec88ffad50c1a
SHA256fa51b19750b641a4dea3f0c6aa9881c5f9ab03f72516a6732c58a66d8f001ff7
SHA512362a4fcb50f6695c4584b4e3a7dba0569d49e31ed32d7bc7211a9f319f17249812b7be306265003ec6c5b3a9d558e4067097e3734bc2e63ce9bb787793b72871
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599b0fa66488cedb43bb2e540a578799d
SHA1c6d26d21c2a072211386a72a9c09710d99e8528d
SHA256c37f8a8c4b7845be319f3e3646fe426ff709423e486649d5778569b2b4835276
SHA5129e5f5dfe9dfe8187ad8f0035806d514dfb6652bb834e004f698f08432c26ca8ce8a821b8d702ede54dc3e44d2c20f22b7e905c80119b9320f716078171662afd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518dfda9dc514dcf48b7044cc68ecec1f
SHA1222da2babb5bbd50d5a26023b9e6f2147e653b22
SHA25635aa6d974cdeb14fc6adea0be62f08607b5bea780eb8d8a9477115dae522dbf4
SHA5129caac745c946c4ad98531bc607a8e749ff326e8aa818499fa8a1ecbaa74285e211b9b6dc91c637cbbab7dce4689166a53b0053d325985f59c87d9457c2505e93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e92a3706ba59d32690dfbf64d37713a
SHA15789b80e64d5b02632b36aab1db850a402ad54ad
SHA256137d62ba6c551f84bc6617699b506562b16f681965f4087554d20e789363d223
SHA512a13a746dd2aa8576ae6f4c8095898799aedc2e9c39df478bde185ffb704d963f5865b20b81946a5fe9652df35b2d8aaff738c89e3f1a2ff7539a65e1ab2b9f10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9911e78617e61783ac01eba8c43151d
SHA1428addebfee4cf7c90c47fb7f4168b13cd063929
SHA256333e26a901179df4d8ca03ded0b5165b248c455fb0c3ffd5b276f2e91d3f0067
SHA5121e68f5b3f8092bfaff11bf900452e334526aad22275362323d189ef5940bc5f2c65dde7de76ac418866fe03e5583dd9d1f46337aab72b90217e9bce166dc37ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c8102e905742f44cdf5e19a01531e2a
SHA16615c1d9d278899e8577af8912479d7fc40c8985
SHA25663006e2ce0165ed1aadc91e3bf39f90b33a79226208f819e1c1c0869373fadd3
SHA51252a23bd623f6510c540184fe01f2ed53614defecb8e56b30200a1a4d9f65339bcebfeb33bcc1c5bc418092de0fbfa97f20cef3d35851e3b2ec2e6258b55e335f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50eea630297c286196782fcb47967817d
SHA119541dbf62fbafb0176b2026ebaaab8771e5bbec
SHA256e0779e86fdbf9eba7eb1eb200ce5d2e3eb93e2330d75929a03e796f200d45d5d
SHA512c251e5e5d197b7bdeacfde68c885856e85b16a07b39639ad92b5398b163c9d3f15ffc7b6ffa1c71bf25170ccbf67082c1c13f9e1a604235a93cccb154f30a5aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a010782f2d0fe11c9eb7dabfd59dd027
SHA1d229d84c190fe00e98d4e380f494fae55841b619
SHA256471bb571960c725a237d41870a8c504d335d5ca2e701484190fb002b3fe79207
SHA5123582d0810e6be2d9885c0aa3a8a7a481630e31e737375414bfadc3d9993386e6149da0dfddb65ca0362a9b0b39d9368158046984bc5e493cbbd6766404706d63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8e8bae8f807b1e1fd08ff839a067974
SHA12955acb8d4950c651a8d0098073eba59be9362e1
SHA2560ed563ef2676bfcd3609a9fe4ce113fb54a797c70d362bb7d040d8acd5f42b99
SHA512d726b42af61ba6f02b441b747647bcc82c322f41046238ff3804f12a8b2403cac4b81fae4d848539941e2825aaaf0ca5e7af6edc188b272a59b082b737223b96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e4ce5ac52999798a3a87a19426d6a96
SHA1813ddee048548e43bb98457bbeeb69fb7d359d76
SHA25656e9cce6dfb04eb8d599417d9c72e0ac132641b7bf25d8b5bc738961ea4c1ea4
SHA512260029cb723533a29b6011ccb1821cf7bb48f55c1787dba88dfeb019d785f5e77aa1b8592f5b3a2c115156b7827fc15a6d09ad293234a547fa3f1ef53382818d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5669ddc23cff1253cd85b0789bafc2ccf
SHA12e6f4153a835b176e39014e9edd02061c849a570
SHA2568d18ce355f31e8ba38c6477b0a8c9d9916b308317a2998b730803f77a77dcc74
SHA51220695da682c39b84cb040aa8b6860a2d492d04db2b6c324c9c6b44fadee4b3f2fa72f67b7823247574ab07269eb4de03a00452c5218510f9b5e23c6ce24684b4
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b