Overview
overview
3Static
static
1textadept/...ogs.js
windows7-x64
3textadept/...ogs.js
windows10-2004-x64
3textadept/...nts.js
windows7-x64
3textadept/...nts.js
windows10-2004-x64
3textadept/...nit.js
windows7-x64
3textadept/...nit.js
windows10-2004-x64
3textadept/...eys.js
windows7-x64
3textadept/...eys.js
windows10-2004-x64
3textadept/...xer.js
windows7-x64
3textadept/...xer.js
windows10-2004-x64
3textadept/...ext.js
windows7-x64
3textadept/...ext.js
windows10-2004-x64
3textadept/...ale.js
windows7-x64
3textadept/...ale.js
windows10-2004-x64
3textadept/core/ui.js
windows7-x64
3textadept/core/ui.js
windows10-2004-x64
3textadept/...t.html
windows7-x64
3textadept/...t.html
windows10-2004-x64
3textadept/...i.html
windows7-x64
3textadept/...i.html
windows10-2004-x64
3textadept/...g.html
windows7-x64
3textadept/...g.html
windows10-2004-x64
3textadept/...q.html
windows7-x64
3textadept/...q.html
windows10-2004-x64
3textadept/...x.html
windows7-x64
3textadept/...x.html
windows10-2004-x64
3textadept/...l.html
windows7-x64
3textadept/...l.html
windows10-2004-x64
3textadept/...s.html
windows7-x64
3textadept/...s.html
windows10-2004-x64
3textadept/init.js
windows7-x64
3textadept/init.js
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
01/09/2024, 20:18
Static task
static1
Behavioral task
behavioral1
Sample
textadept/core/.ui.dialogs.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
textadept/core/.ui.dialogs.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
textadept/core/events.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
textadept/core/events.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
textadept/core/init.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
textadept/core/init.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
textadept/core/keys.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
textadept/core/keys.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
textadept/core/lexer.js
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral10
Sample
textadept/core/lexer.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
textadept/core/lfs_ext.js
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral12
Sample
textadept/core/lfs_ext.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
textadept/core/locale.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
textadept/core/locale.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
textadept/core/ui.js
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral16
Sample
textadept/core/ui.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
textadept/docs/_layouts/default.html
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral18
Sample
textadept/docs/_layouts/default.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
textadept/docs/api.html
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral20
Sample
textadept/docs/api.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
textadept/docs/changelog.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral22
Sample
textadept/docs/changelog.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
textadept/docs/faq.html
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral24
Sample
textadept/docs/faq.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
textadept/docs/index.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral26
Sample
textadept/docs/index.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
textadept/docs/manual.html
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
textadept/docs/manual.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
textadept/docs/thanks.html
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral30
Sample
textadept/docs/thanks.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
textadept/init.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
textadept/init.js
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
textadept/docs/faq.html
-
Size
7KB
-
MD5
729e6156e83ee1b44e6874df04fa9aaa
-
SHA1
c5e730a12a90cc84f8cb750dbb6f551f9b1b096c
-
SHA256
409f32c3980de812a8ff443fffbc31d550baf57a5c6ca24af79b9d77aa5a31e6
-
SHA512
fb5a58fa72fa5b4a054813f90d901ff008aa94a9cf9d7b30ad83cbbbbae9194e42a623a33e21d9a069dcb6bb055bef6f74367deb4e9a521902165f7890cdfe76
-
SSDEEP
192:bBMfpBghBSBRXBmR10wv1jefpfPkUXcf19Rh1IQsa12SJAD7oQD5BSLNoE:byfpqhEPXBmv0wvtefpfPkUXC1zh1IQF
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5CE41921-689F-11EF-BEDD-4E66A3E0FBF8} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431383808" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000ca562cccfc6539c7dbacc4e462a012bbeb5db119ddc1fdc7d21d0bd2903206dd000000000e8000000002000020000000d02a0d3d925cf23134077dd7b444097118905ff42f5b38c7b1c7a074c41d0414200000006fb23d357dc48542d60ee30f309a240db33733c2fc661fd7fedefd8aa18df21c4000000075feb3ec7a6852b6b17cdc4db3213c5f8440706dbd7588dd1e218fcc9b25bdda27a408906e2a94d6eb3be164f99edf2ff4ac53038abbe3507dbda86ed4e1cc4c iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90146831acfcda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000faca434625627b4dad25787a42a025f92d956d2a885fcf95972debdd01186b0e000000000e800000000200002000000081e0606c7e3be85d3b070d92505f9a1d32dde82443d0566e965b2fb69104c292900000009776a21610cf49a6db5bfaf8852dfd4f0da70c02b480d081d5b46bab0cb731f910548ddf5b5333c3953683073667db629c7f33ec43d73261570bcb189c56ddbf4a1b0cdc12865523a2d07b2a32afe470aed4882547bf0b42c7799019a54b74551d26c88613ee96db3c95dcace5063432b38bebdb319ce3d765c2b4b86c1e51fac7fc723c307c63d22e28b32c46955316400000007f61b9239196d2841dbadbd87e0c0299af1a53f9472e1eb74c65931b58656f01d5bfa92bb3cbe877b910a4062c8043a1f7a63b0fb0bea8386f76d75b8b073b14 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 536 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 536 iexplore.exe 536 iexplore.exe 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 536 wrote to memory of 3008 536 iexplore.exe 31 PID 536 wrote to memory of 3008 536 iexplore.exe 31 PID 536 wrote to memory of 3008 536 iexplore.exe 31 PID 536 wrote to memory of 3008 536 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\textadept\docs\faq.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:536 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50a39088f7391cf17402ff37456eb4d4d
SHA17be3eb5f6ccb3cfba44ddeebeabe84a053b71185
SHA25652a6db7b5f935831f1dc3e54232969b8f796ff03a42b0d12f0a27210bce64986
SHA51212e54c04e2b8e6f52a6f1255a3c4bf20af697c40ed1ce80e777ed1bd017b3e0f439e19270077a93c17186a824c4d15151be3e9da6bb21492c0b15e1ab8cd2aad
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b