Overview
overview
10Static
static
10some-sampl...1.html
windows7-x64
3some-sampl...1.html
windows10-2004-x64
3some-sampl...0ff.js
windows7-x64
3some-sampl...0ff.js
windows10-2004-x64
3some-sampl...2.html
windows7-x64
3some-sampl...2.html
windows10-2004-x64
3some-sampl...04ed7b
ubuntu-24.04-amd64
6some-sampl...2.html
windows7-x64
3some-sampl...2.html
windows10-2004-x64
3some-sampl...60.exe
windows7-x64
some-sampl...60.exe
windows10-2004-x64
some-sampl...5f4.js
windows7-x64
3some-sampl...5f4.js
windows10-2004-x64
3some-sampl...5fc.js
windows7-x64
3some-sampl...5fc.js
windows10-2004-x64
3some-sampl...6fd.js
windows7-x64
3some-sampl...6fd.js
windows10-2004-x64
3some-sampl...ed5.js
windows7-x64
3some-sampl...ed5.js
windows10-2004-x64
3some-sampl...9.html
windows7-x64
3some-sampl...9.html
windows10-2004-x64
3some-sampl...bb5.js
windows7-x64
3some-sampl...bb5.js
windows10-2004-x64
3some-sampl...4.html
windows7-x64
3some-sampl...4.html
windows10-2004-x64
3some-sampl...e.html
windows7-x64
3some-sampl...e.html
windows10-2004-x64
3some-sampl...a4f.js
windows7-x64
3some-sampl...a4f.js
windows10-2004-x64
3some-sampl...0f6.js
windows7-x64
3some-sampl...0f6.js
windows10-2004-x64
3some-sampl...7.html
windows7-x64
3Analysis
-
max time kernel
119s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
17-02-2025 20:54
Static task
static1
Behavioral task
behavioral1
Sample
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
some-samples-master/00d2876c4ad4ef3bfefe452f55da9432.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
some-samples-master/00d2876c4ad4ef3bfefe452f55da9432.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
some-samples-master/010c1e2ffb9d2fc30a429b7db204ed7b
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral8
Sample
some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral9
Sample
some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
some-samples-master/0157d50dcd839afb5ec4b79cae965360.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral11
Sample
some-samples-master/0157d50dcd839afb5ec4b79cae965360.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
some-samples-master/015f8027e55c523a326dd06a1082b5f4.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral13
Sample
some-samples-master/015f8027e55c523a326dd06a1082b5f4.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc.js
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral15
Sample
some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral17
Sample
some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
some-samples-master/01c3927bd930a986d3eb6b8662527ed5.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral19
Sample
some-samples-master/01c3927bd930a986d3eb6b8662527ed5.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral21
Sample
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral23
Sample
some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
some-samples-master/01e080585e79879ea4e54844a2737d84.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral25
Sample
some-samples-master/01e080585e79879ea4e54844a2737d84.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral27
Sample
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral29
Sample
some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral31
Sample
some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
some-samples-master/027159c684c78666d4a1eac52f89cd57.html
Resource
win7-20241023-en
windows7-x64
General
-
Target
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
-
Size
171KB
-
MD5
01cf52ba3d0b385551b1d9fcad2e7b59
-
SHA1
45d68fa808741a479bf9ab1fa6637524c8dda522
-
SHA256
7ef5fdf3711473be955049aae0088177c8be78024e5ee446d2cbc86c4d1fe23f
-
SHA512
7f1527c564d7acad396229ba58c02b4ef08aa117b9713e14144848e3622f0a4ebe2d5b5642b3397e430a76c453e0c8afc49122f0d303e7af1fcbf409e5845d04
-
SSDEEP
3072:S4kXFwsIdF1UfHySW6z0hGWc8xnobN2Yls2nmuho4amFahRMUSNHHUWfuvIyfkMN:Sr1wsIdF1UfHyx6z0hGWc8xnobN2Ylsz
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1D2C6C81-ED72-11EF-B45F-4E45515FDA5B} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2080 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2080 iexplore.exe 2080 iexplore.exe 2596 IEXPLORE.EXE 2596 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2080 wrote to memory of 2596 2080 iexplore.exe 31 PID 2080 wrote to memory of 2596 2080 iexplore.exe 31 PID 2080 wrote to memory of 2596 2080 iexplore.exe 31 PID 2080 wrote to memory of 2596 2080 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\payload.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2596
-