Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
01/07/2024, 12:47
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Information_209.url
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Payment_Information_209.url
Resource
win10v2004-20240611-en
General
-
Target
Payment_Information_209.url
-
Size
209B
-
MD5
36121a06f7d94bd1c18f5ff4618d5f29
-
SHA1
50b0e8a3153a09f542bfa7c8aa2ccc12e0335d3a
-
SHA256
7ffaf82d721b2050b063c4c63d8a711e6e9f0ff3f725825f0a7ebf4501a95691
-
SHA512
5e01f7829c9665def286f46c8898fe585bde50ff89ce6af379611c8a7d45986abe4cf4a3b1ef79fc666b7b4f341f7f86a7237b73272a82180bdfb60430fb4974
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D94B691-37A8-11EF-831B-46E11F8BECEB} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425999907" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2888 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2888 iexplore.exe 2888 iexplore.exe 2524 IEXPLORE.EXE 2524 IEXPLORE.EXE 2524 IEXPLORE.EXE 2524 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2888 wrote to memory of 2524 2888 iexplore.exe 29 PID 2888 wrote to memory of 2524 2888 iexplore.exe 29 PID 2888 wrote to memory of 2524 2888 iexplore.exe 29 PID 2888 wrote to memory of 2524 2888 iexplore.exe 29
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Payment_Information_209.url1⤵
- Checks whether UAC is enabled
PID:3036
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2888 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2888 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2524
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d8c085ca891c7a527c64bdb16933dad
SHA1b620440f13ecf1ad6902cac5bb3fd91c55e951b7
SHA25646f37d3907fe953a5fe025dec5abc23215554cb97a0a09ec7451171543e80a6d
SHA512ca7edfb4f9d533ffed7157e59535a5675d4355d5986377ce4daae1d25a6dd35b4763c3a9f354f3766e984bb6daa7f678971741776663f4669b55195ffd4b5908
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6ca48504ddea39666e86a225cd36032
SHA16c2f810d4430ff695f2ca3c02de6a7a109d77401
SHA256bb3111be7e2fdd146ec163f91b35668cf5bfdbed0cc64f1f2435c34635d8cf3e
SHA5121e67e15ae38d99de5282200826c93ba151500edd81841cbc92e3757561eca2792a1d95366fca536a17a5d530aefd77e60c716e6074d5c0449fd36d0a0cf4671b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f89394333fba6fd0c014bc5ce5ed5fd1
SHA1115e47e57675825e42dc21bad0ba01273f5ca5ac
SHA256292ee7720bf160d5bf024bd1f750bd3a2c86e811b32b5728fd44159a075b73c1
SHA512ac475c5a360a2863bc2cd03619e02a9a44f9f028745739926f2cfa96b572a817127b980e7c541cad96730e2bf342c44c940d52d027123aeb07f0481d76dea0b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d816528b9855d8c57810fe83af48990
SHA11a09ae01a72e2bb88a0077697af6c01fb6694892
SHA256bf49cb97065d09a0340e1dcb9b9e85467aa460968f64194a8f76473d818349fc
SHA512c5cb05f3d9a29948f1859c9ac666413e90abc9a36b63f47ef7a4052e1780e7db64f7233d6a71713b349c993258d1e45672937039250f52e4691dfb0148d64f6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d016b0d9feee5e96142e1b1a4531d52
SHA1f7d8057b32d983320384aa4f94ab70092e09b981
SHA25633dd79de1abdd118c4341a9ebdcdf1ebf77d3df7d423efe4703f2796af0e4c3d
SHA51207e4aca63d7d97c2e70da629a5443bac8849c16a62ba9d7f43cdedb37a61cdaccfa08e2bc4dd8499ca3d2c7d293249e3597fd624f6c2d574906c8f5da873ac6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503c2c7d736e88a107ed3e99b31401531
SHA14aabf6970c2ad3ee931f6a1efe1c0ea96e4218ba
SHA2564afee4b690807eb6837aef2ba9261e1abc1a62be7b9eb7d87c4c1ad94e852441
SHA51267e6fa55080088d1d47798f908efcc794506eb42672ab77c5a3286938a32bf3142acbc14f2d03ba28f4b58d8ce19288aa027f7bc6d85af0f6f404b4b4f3cdade
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fdf4f121f33de561d39643615b1600e8
SHA127ad0d1b69dc75592b85aae4bc7655aaecb0e8a9
SHA256f85a562568179f022c7c70bfdb3de16a28f70b9dc822b97b581eb1be2a43753f
SHA512eda95df64a25c68fa1936846107f1cafab2e7866767e54973256b6d562db6f972776ca9c90237b5118647602465516f8e8b653b4a3cd07385fd9ff980472487c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD516e2ef8baa4bdc88bc551179e1cd2e5d
SHA1ec52b44054123c44945f43cf28a80f2cdf7761c8
SHA25653a1fcd4701834dac5dfe71e782a7757540026c86fcb80ab7eb9502e9d18b4d8
SHA5129da0f4a2c40a35831f4806d9e311e559fbefb1a73445706a09612d9709d8ca70288581e9eba5cc784603e011195b108f4ead77dd64da264a4e28899b4f68405f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d5fc34d6f4274953d95b769a9cb3844
SHA17f85a9b53b29cb49d025b560e0f7763f503fb6b2
SHA2562279ef7b90fd13c627571cc5e975cd5dc270c5901273c7ec809a547ab006fd60
SHA5129fc48eee00cf93750de40b86e7ac0c08e73fdd416056c73e365f32d72a5231f421f1907205a8c4136e698ebe1cb89323521783df2a7862c473454a9266f6f78f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b