Resubmissions
04-12-2024 19:24
241204-x4fqgsspcn 1004-12-2024 19:06
241204-xr4a1swncx 604-12-2024 19:03
241204-xqb55s1req 304-12-2024 19:00
241204-xnnq6awlhx 604-12-2024 18:20
241204-wy7fksvkdt 704-12-2024 17:37
241204-v67kwasrgs 3Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
04-12-2024 19:24
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20241010-en
General
-
Target
sample.html
-
Size
19KB
-
MD5
dcb9d87a83da8972f5cee58389fd1805
-
SHA1
04288b3a9f36616088c0111bea2473c8a32a9756
-
SHA256
2ea93fd81425d720cdfcbcccfcc878f16f5e870139e14b851d149679ec82375a
-
SHA512
2e5cc2973b00f2d9688c4cd051c3b40073828b5e65fbb4cf24f0123a2c262c5bc09e8383d4a27fafd4acc96c380d9b7c646176d4d92c77f337065dd69acbeab3
-
SSDEEP
384:X6CdeU1ocy4K4lbGaIBvhpNC9CKVlObz6r0sZZfk1xCejiw:XVdZ1ocy4xEaAJpNCCVbz6r0sZBexPiw
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b9600000000020000000000106600000001000020000000c1c6530de535632a7545f6b487ea1422fa618701fb7f4de914829f9b2abacfca000000000e8000000002000020000000c1d8930af5f52a9f7ce9d1db0fb7c3ad5814471e22983bb5f04ab1fdb2004e579000000079a1cf47af5622ac13891d6a33923402a25151a951f94a5c47e8724c299d926cb70a8f7ffcca5939959c8b0d9e169497f3efb8ac60774dda466908f3b316763a6fb49ce7bf4f765ba09478387aad9fb16b37cfefe43f56906d90f0d0b829aaf600d8cb85cb4276174532a5ac57c9add858ed3f94101e4765bcb607ae17a77ec965c0872fcf3753a66f338979d39e5ffe400000009e3179bf1714a52c490ed7674e0e187f502c17015cdb67dad0bd88510492ebb6809cb659f5183e69a235b3894a66ce8fb1aafc3a6e1e513097d2e79c45f09667 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b9600000000020000000000106600000001000020000000f36d03579c5cd92ab2aa109efcd4e93dbb19f489f7244df35deff42bf3bc02cf000000000e8000000002000020000000ecdf7dff6fcfb171e334b54af9a1a3a69ae2f0295401861156330da427fa96b720000000a35dd3b8bc680c45128d3c75323b7751be9c0e50d6ad510db085a47661eee9884000000010f150efe10f607dc70835a6ee59fd359494333b87d4a65af621e4ea78af940b7163241ce6ae83ca451a2259fa54d4daf3fb27d79ad528fb839d0e0e60113de5 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70eeb22f8246db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439502126" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5B35E841-B275-11EF-AF3C-DEA5300B7D45} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2700 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2700 iexplore.exe 2700 iexplore.exe 2812 IEXPLORE.EXE 2812 IEXPLORE.EXE 2812 IEXPLORE.EXE 2812 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2700 wrote to memory of 2812 2700 iexplore.exe 30 PID 2700 wrote to memory of 2812 2700 iexplore.exe 30 PID 2700 wrote to memory of 2812 2700 iexplore.exe 30 PID 2700 wrote to memory of 2812 2700 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2812
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f780364f4608954de3bfe5ccdef9431
SHA118db9b3a2690363aae3d640dfb413051fcb72904
SHA256bbec7dce898487b2be084e49007023aa6e6a5c2e6c58ceecb07bd5068e59d2e2
SHA5124652979111d5867145cfff76f7af405981414a4fea67558e642cdce35f9a0e155716e7c8a95ee5d81cff8a9a75b77ca5e7069c3ee399edda2bea115a9ca5cfff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e51d014b87fbdbf55df90efbb90d14e
SHA1b51446b14f8335cefd289f148271b05da3d7a5ad
SHA2560c110c861ab779bfe131c00bf6e36c3a79b6f39bc6fba5ebba1ee0c266cbb4f2
SHA5127173371d0866c54e7412db24933852ba42a0ef72a34baf4778ea07b23d4ac9a0d4a66ead9cd04bab45024e14e67c3cf63d51b963ea59329f8ff28ac3e74e5c3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af0d45fd88f1a5cc655b7209a161dbb9
SHA1344f9e1c0b1deb9f811c47cbeb55ae4219fc94bf
SHA256fb98e2834c213cfa67db0bbe5e05f5bc102351c54ca13d44edc4cc82ad18c85d
SHA512ca83aaffc6dda0417609422fd59e3b8c5d3daf5d9da623c42cd5c72a4229d5e10df9d391a9c2d8b648dee41d73f37281af135e2922f8d336ade4f7fee1423592
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD592cedf7bdad86cdd3721c5f78f939254
SHA18f2b24f5210f6dea1d64d4cad4b575314177dcf2
SHA2567d0d0a33fdd0e733778d9bd976804f654ef5eb2aae0f77c10057741208f6a721
SHA5126e13b63eb97f52ff694b61485ab1c4128f78e2b4b5dce53b2995ec226672d373318f87aede9fdaaf43d50b58c992bbd19695422283bf5fbf0454d216fd60ce83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b3f612ec9bf5aee5af4b1f721949156
SHA161ccb3712c8efb8c87283e8125d1bde358a6c347
SHA2562829e4ee2ecdcacab17ee79d93c14869dc3aade7bd26327315557fcba9ca2c83
SHA512ae98d41140fb1f9ffbacd8664edf1af6f0721b455efcad542b9059d4f3b314355c5b1d8587cd2f4a026d1edaf029f0424bde213288d44f480efbd59d6ff7342e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59291926fdb5a2b04c8cdffe788fbc99b
SHA1b21b1e9e92505734ea1ef7fc88c9231238052e6a
SHA2569e15c2cd16cb3a400ac8167902ef78b11826f5825be79dbb14ad6af3d3d93365
SHA512ae3295da41be6ca07a93d16bfe1be8341a95f8d85968f9bbde9f613fa04757e53894b4253a35481578b406442901ded41473e0dfc56f897e634b9fea0860ee6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e93502fd98565b8cf51b757ceac9cc87
SHA1ce998ab0529e1f8a83b352c714f27d04c924dfcd
SHA256436c356e45132b210f43c857d1a523c1066b765ff02d48a699dd6e882e813fc5
SHA512bc4111e7f0a87ad770ccbc46220e96ce07e3195256ded2b613759f10ae6259dde2af133051853d49b56e620e2b76487a2bd208f27366c910fe9adf404874520f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b25045453c2ac0410493b53c5a50457a
SHA1bc10682a23e82b1930fd077b901dec2a1a0412dd
SHA256baab4d11bd448545729408d902ace28675c6605540f4533f7fd2a189d13f06c9
SHA5124568d029ba4ba14336791da3792cc3bdbab90926aa5b46f92e928dc18b09ee2b4bcc8dd772e30cdb673afde778a5852288ede4c0c635f19c3e77e3a4c6f618e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5723f14ab2b145a503108a3b6fd810d58
SHA119d8312c3e14405fd899d3bc0975cac1553d6f71
SHA25650ea6b86a4c8c4ecb28b9543d0ba423210c76e85b284c39c38bb5495f8e2f627
SHA5121bc267b37a033474ccd623b0e7a9aec2ea83713bb364140b6c9faf3f2d272a44db6416de6d5512501aa3f84aeac9ea3847cc73e2cb770e09135b37ab3f4ffa03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5234df794794e8bb847b79560ddd16244
SHA180bfa2df316028f78afc3e7ccee1449345eb521f
SHA256201bd748f1b1e0cf331c8c5a0aac91430dc1384a0e382fe93613cfe1f7b62fd2
SHA5120583639e5d0a67e3d677d0fba8a6214838013b70ebc21fd61639758ed6238900d1fc4fca2b1495b0045276d76f4d82e1b63bc006d9bab0e5608679c264eff090
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596593dd2932884f03407b15cc57fc017
SHA1dd6de0f627bef47485c77a8eda3def0500d4c015
SHA256ac5f9f27abc838e8a4fee0e3223629bbbdd0d01b90b66c6ba51c1dfae9cdb204
SHA512ff2c6e5b61d0456d3f5ec3d3b0d38abf2ce29d11a37d25e97962766cc6cb1c5ff16817129c7e0f3b215d287ced4f6bd413a81000b0fd4dda3c136834e4cea39c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545d0b26a84ce97df88b9a80968453673
SHA19bde404fa981fd4bf3cdd879cecb7abb2a9c7821
SHA256937196130c5927e47bb3210eda8f1c76b11b7b7167078a45bc222de87c7b614e
SHA512df156f917df3fe76639339eedccffbddad6881bb4e18df529a5172f2f39b632ccfa8a29044eaefb8b420830bc2d1e9b8e6132402c659c64707f342fbe5693afb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e3364b8a9f4fddae02693761cf6d7bf
SHA148062d9a4dc0f28929d757c71fd013634100f846
SHA25661a6d3345bf3feaa727ddbfdbbb0010970e4247ab5b5a313ecc5853d48ebedbf
SHA512453829ce4d3591286063038d8135af9a49f3b8b52513472b4c0e34638e9b7b82b9052b0eaf83f97e1dd6b3883827458e7c445cf1bf4075e6c276c5bf99fc5865
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc409708c709b42a39c69069ad29ddd7
SHA17d3f08b703215ae0ae5ab0591fa13683ae77c888
SHA256e69575bdd41f6e8d01b1bf9a2bdd290cd1b93b04f5ec4ff386d509dbd51f24e9
SHA512ed695a1489fa75015d8d944d517f09e9631e5454bdc161668413d3adeb883aab41da512cf4a071b446c7490eb3d7ea100b91fe4b7ad9d5362ac9fecdace48bdc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554b4cd79c47441664271d8886f7d44c1
SHA18dc1a97f7249ce75d25fe3eac350146fb02cd039
SHA2568ec32643f090dcf8ab543007515c3defbdc97ef66c1d9829dccc6270726b9007
SHA512e7075df204f62f33c051f9d0469c7acc5d08d011824bb394de49aba05445363b97d8c1a5f0c8a0a0b749a04b53079317e77c63b235ea1c9eb0962eea4f68fca9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51eb8bfcf885c1303135c4fc7b17a7c30
SHA1ecb2b790d82fd23aea59b76fb4d615a3dc7bb298
SHA2569af83424619c220bb947578f59b39ae12346279a2b2dd35055030058a5794184
SHA512ceb27c8f23305504f41d466e6e8404fb042f651785f58c4862db66dbb7690c81b7be13d131e0e754ee181cd7632b55fd207f74ecef01cc8defb6427ded50860f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b