Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 15:22
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240611-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
df5b39310aafcda93fc2f7ccd52d481a
-
SHA1
c778258e4188b43c71ab3f2ad762ede5037c35ba
-
SHA256
49d8534618f3b4237a136181d99c2b283c447120c42cf0880fe97068907f94dd
-
SHA512
5279ffb7fc59c5797cbec71f6b256f391a768640fe66dedc644cd88601005dc74ab607910e7dbab4e5766a32c64033220b9f41bfefccc677cfd78df70457f0d8
-
SSDEEP
3072:SRq1nz3QZM3PpyfkMY+BES09JXAnyrZalI+YQ:SRCHPMsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{481ED711-2BF4-11EF-B0BD-CE03E2754020} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424713233" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2116 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2116 iexplore.exe 2116 iexplore.exe 3024 IEXPLORE.EXE 3024 IEXPLORE.EXE 3024 IEXPLORE.EXE 3024 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2116 wrote to memory of 3024 2116 iexplore.exe 28 PID 2116 wrote to memory of 3024 2116 iexplore.exe 28 PID 2116 wrote to memory of 3024 2116 iexplore.exe 28 PID 2116 wrote to memory of 3024 2116 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3024
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5363dbf46c693e052a595bada3e5a3fe5
SHA1b35fe0346ce9dc175f8aae707564e4028e64e4b5
SHA2561d892ac4b9b882061fd4d57072028cc50e09d5aca844991e24a8a289547d0116
SHA51203a3087b42d563cdbfec82c1ccdfe1b0efd46c066238c79efca3d00b7ce4fe715f2ff33e3c8497a840a5f6e749bdf521b6f5cb81f80bad600a89d19a3b6c9e9c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c4a6e45c20b97edd92c9e0866e52558
SHA1a44b73380ba82d1cd0b0cb164a0f35c4505e1ccf
SHA2563c2d5b9701a1c93c4c4bb2f4e61a48e2e0fc41580e70a80a1719e16fcbd3847f
SHA512c3fa4dc262529509a5c3ab95c03469ed614de14b0a5f08f85d8affcd999ea44e1a10eaa8407bac5e6dde0a3686b3a0fff347a2d773eaf8319c36e3f3d61127a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c77172205efa081f2ecf888b632d38ba
SHA18e51992774646031347bf74a28dc8c4aaa161a51
SHA256228f915e33fdd1ac21e2183b82e92f0f6a795fd5e1b4f40ddeab2f0bc4b22af1
SHA512347f0b5b810c804cb1b66c27cbee7aaaf7b5897bd8cc2c1527b261fc8cd42f3690cd3ff19d1b90ff7131b2cd5b92ba31b2a7e54bf94521e37e553c2b471798b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53d369cbd2eee2ed9347f6d8bb84dafa2
SHA1d7b176c214f1d5ecc997317a1ad57132a5c60fdc
SHA256591b8039bc3dc72ee2daa3447791c2cadcdea56bbebd10ef1dabfe3e2f7e1735
SHA512a63aceba8cd54b45c61c2d8939a33648bdc3370bff9194431e0d3b50dad806e3e54a9ff7bc93bc8afb8d197a39a8a73a45d4a5bb913f5e5ff8100dce6400dfd3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57908f7836cb54ff9c82b310d569d4b18
SHA183885e35046b2e48625b2dadfd56787e6c5b39f2
SHA256e09a7a166eb68c584f04ce1ac8829f6b79ad8c9f6e5f6b60339d3c67ef85fe5e
SHA512b5a80ec1bfd804ffcd28b298cc01ab8f85b8b91117e9503858a40b18b8eea98959ff7d9969696051f3eaf89415823bdd4b864dc22bfa0f8aec83c27cd428bbd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570a3893b7a9468f4776ab6b8c4f483bf
SHA163cfb94d99bda74151f33f747cb1410dc50b0f93
SHA2560034dde8406713f75cf0505737195c1c13547636ee48ab65796dd94fcc0c3e81
SHA512ddee1cc589f86403f01add99d10427c1c8c2bec9bdf4b0d5020e3cc15f9f731159f3c9866645200b3a64191f8f6de71666a0463f87dd4325d273deaf95369207
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a047c8e2e3ae15be62753b619ee94f51
SHA1c039950eda2aa0fe3121c36ade3f0ac86c499ec8
SHA25674754e4cd9b42d217137dc397ee333b056c8acbc1f648bc45e746c4f61cc6321
SHA512841582cc746c5ec1512489f4d6e849e91d8bd0c95d6fec6d62875920884f5e65a1953b24efb83a52f5ea7a153bdacce5fd82d041a7f83a8ce75f4f25703e8876
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59aaae30494f7563b4ea5586f1cb09a89
SHA10812b50138ed42ce37f9f651de26504628509ddf
SHA256c04ad4a78865866f3b82511a057c5dc4d79c02aaeb6e6b91ecf5470a8327c052
SHA5128699cdf9fc8f9dc6619af6b1015fa59e4b3773e1d8e1544176d4f3e1a4f7330ccf68561ed1292ea21707938a5c7fda55dbb5e01082916927ac238edec102e13a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ffaa5b15f9df3299e78178096dc34cb
SHA1f4e47777b31984917f55ddfbe32fb37d3390dc43
SHA25687abaf05b53b7963d1929a5a0248b5ea4e895a2c15f8b0d12f5e50ba9677a134
SHA51229b9c762a0165127e564ce2f50cbba0411b33fb68f7cd990a0b6405b0ccce2c67003977c6b9dc250ef0f12bcd25798a33971a889a83501ab285f569dde57c460
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf7e4e97a738c9fe9df589ea44b3758f
SHA1828c16aa944f5efac835b5f1bab57441f1c76eef
SHA2561650bae4b287f539c6edebc305fba74bc6c3b6420bcaff00b9b44ff36e31bea7
SHA512d95c73fa742ea8505e2d8e647c1237fcc706560e0147e8ff0b9fbd64e78370c9495bf54a95d0b0032593cfca4b6f0b3233e08992110e3393c0f3cfc6af681db5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fedb4fb9034ed6c5bcb268b0f888dcd9
SHA19bb265f5465e5b8a7749684982eee64a632b796e
SHA256373d5b9a622429c4a357c97c8d35dd3626f7957f41e141221547ace6cb46d3aa
SHA51217d8f32abfded9154a70c5f1124501508157242a720b42152eeb813c0c04f68639d60f3ed79f79d62f0c072042a388416449f6ec846caef8405b5767293979af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d5d8a3544b4dd13d9082479d7b881742
SHA1e37c8f295d2f53673e648abb17f894f602d25c8a
SHA2564e8a28a2cfdba8afed86b837ee4b923b01a19dae09afbf947f787dd808df248e
SHA5121d297f82bcab00a6f0727335451f033997b8785933d9a48f279b9d67b1bd80c99bddc8eb28597af640f33e354d55d3ffbd045dc9aeaca0ed32d0e1bed252d38b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6594f131a2bd4c4530fe25298a0c416
SHA181e1b5b67f9a436ec23fb68a499514d297d37103
SHA2569e9ac5af57d342f4e485f43d0de89cb096d7e158d1a4ded632a6c2076d4102c5
SHA51222830198df8448d931db724968cf62df73dcb9eb872791ee1592fdee8f452978b194e9f5f21fb6a275f302f7f0bd8d48bde00cd0d89993ad983821237bf85bf9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51debda1ac0e0767345b9d9fd5eac1d9d
SHA1c61fd5ec3c165ee56d10f4e82ffb2447bc17bc27
SHA25679ffec6d2ae2c49a4ac95f23b89c86cfc94bca220433e44c897b6804114eb6ce
SHA512295d9aa761bbdb3a7dee44e9025094c205adf001c63ee1cab3921aaffa748df4001b5fa16f55d18b7ba30cd722bc620a4b444660eb2b78536f6e204c9dcbd3ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d905e15a4b00b572c0a030fc81f3c052
SHA1fbdbd635ac4bfa75d6d2b8bad4cd1e96466d127b
SHA256dea7168d991779bf48ef9af8032b5575b68f3ff34cffb3d2ddc887157830b760
SHA512b733edc17a0e971ac422033898acd4eb51b5733031b8909647ae2e4ef9fa74b14972bdf54c5645ced6a5d49fa8ad43167928bfe242b4b15688e5b1dd883f4864
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2f2d0b74e785307c7dbb3bfbe65d7a7
SHA125b7725da222c8763aeb3908e33293f550a561d1
SHA25645551d3423afbeae965a4c7b0ff0d27a64b1312ec05d8549a2bcaf2734702336
SHA5120b9dd3adfa121686ca3915e8314698505d36f83b6622fb449c6dfa92f0cc762be2bbf114b0eb4033ae232ba8e80730f4496906d73d3e6ee21d53d81fc2c74d1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b73984985b0de45379e990b22a1cddb
SHA12a1120e4702f2a010d1948bb790bc60287c1030c
SHA25686d9b3d5f226ac4631230baaac07f8164ac786529facab9be92ccba742c5004a
SHA512e4ecc5c8e4118c4f2a2a1897bfd7311a27abcf5fe520e7a58e10fbe671ca1e79737596989b283d26762a90e09228e89b3fe3b6ae6a6f4256cd900c69c2c6ddea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d4a2aef3c41feed877c376c8ca2a4cb
SHA1cf5abf7ebbaf5fc056a3c9f49703a33644461103
SHA2560d646d3332d7125491f3ce40d6b383f6d2e6d8c54997a2af0fc91d7caabcc43e
SHA5120aea8ad38d423a501adcc85e23da964360261b97d86ec6638fbcd7867e3d178f6bb30b5646fcf94f32082ebd2abc4d0f4d6a72653ab48df66a652258297387b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582f4d80f63623471139330103c0b5b2f
SHA1e3a5abd1a46862a1e7c48d7042374afe35d2850c
SHA256fe8029a1f53f937741c6e5df311c928e9ff7bdfaa99cab3a032deb79f00e09b3
SHA512f3f34b9699286feae0af24cfb66aa3e09f1c415ad05c31065fb348507ab9cc3498bebc671ac9a70903e99d1141cc9f971d074835ffa2743c17dc4803e9c45a0b
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b