Overview
overview
10Static
static
10some-sampl...1.html
windows7-x64
3some-sampl...1.html
windows10-2004-x64
3some-sampl...0ff.js
windows7-x64
3some-sampl...0ff.js
windows10-2004-x64
3some-sampl...2.html
windows7-x64
3some-sampl...2.html
windows10-2004-x64
3some-sampl...04ed7b
ubuntu-24.04-amd64
6some-sampl...2.html
windows7-x64
3some-sampl...2.html
windows10-2004-x64
3some-sampl...60.exe
windows7-x64
some-sampl...60.exe
windows10-2004-x64
some-sampl...5f4.js
windows7-x64
3some-sampl...5f4.js
windows10-2004-x64
3some-sampl...5fc.js
windows7-x64
3some-sampl...5fc.js
windows10-2004-x64
3some-sampl...6fd.js
windows7-x64
3some-sampl...6fd.js
windows10-2004-x64
3some-sampl...ed5.js
windows7-x64
3some-sampl...ed5.js
windows10-2004-x64
3some-sampl...9.html
windows7-x64
3some-sampl...9.html
windows10-2004-x64
3some-sampl...bb5.js
windows7-x64
3some-sampl...bb5.js
windows10-2004-x64
3some-sampl...4.html
windows7-x64
3some-sampl...4.html
windows10-2004-x64
3some-sampl...e.html
windows7-x64
3some-sampl...e.html
windows10-2004-x64
3some-sampl...a4f.js
windows7-x64
3some-sampl...a4f.js
windows10-2004-x64
3some-sampl...0f6.js
windows7-x64
3some-sampl...0f6.js
windows10-2004-x64
3some-sampl...7.html
windows7-x64
3Analysis
-
max time kernel
118s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
17-02-2025 20:54
Static task
static1
Behavioral task
behavioral1
Sample
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
some-samples-master/00d2876c4ad4ef3bfefe452f55da9432.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
some-samples-master/00d2876c4ad4ef3bfefe452f55da9432.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
some-samples-master/010c1e2ffb9d2fc30a429b7db204ed7b
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral8
Sample
some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral9
Sample
some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
some-samples-master/0157d50dcd839afb5ec4b79cae965360.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral11
Sample
some-samples-master/0157d50dcd839afb5ec4b79cae965360.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
some-samples-master/015f8027e55c523a326dd06a1082b5f4.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral13
Sample
some-samples-master/015f8027e55c523a326dd06a1082b5f4.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc.js
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral15
Sample
some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral17
Sample
some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
some-samples-master/01c3927bd930a986d3eb6b8662527ed5.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral19
Sample
some-samples-master/01c3927bd930a986d3eb6b8662527ed5.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral21
Sample
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral23
Sample
some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
some-samples-master/01e080585e79879ea4e54844a2737d84.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral25
Sample
some-samples-master/01e080585e79879ea4e54844a2737d84.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral27
Sample
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral29
Sample
some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral31
Sample
some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
some-samples-master/027159c684c78666d4a1eac52f89cd57.html
Resource
win7-20241023-en
windows7-x64
General
-
Target
some-samples-master/01e080585e79879ea4e54844a2737d84.html
-
Size
11KB
-
MD5
01e080585e79879ea4e54844a2737d84
-
SHA1
1c2d8d126706957d316bd293d7ec54f18f61ec22
-
SHA256
80384e6d5c2d8f2ce64115b2e1b320513deaa08e5fc03f1b97807ada21937940
-
SHA512
95bda0feb277affebd2265162d47f5dd5cc039270083699d3690b1b5d3a08a30bf690fbc0d14394a71933d0a0111e403d3a4009d18a49bd9f53d611403e8e8ee
-
SSDEEP
192:TiqsJ3PqkDPkGYziiodcFm5b0bTqixwujunS10NA5XvXfxEFYVtjtqSMunoQq9i/:TifPHPkGYcdcFm5b0bTqixwujunSGNm1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11250461-ED72-11EF-A58E-EA7747D117E6} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2568 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2568 iexplore.exe 2568 iexplore.exe 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2568 wrote to memory of 2880 2568 iexplore.exe 31 PID 2568 wrote to memory of 2880 2568 iexplore.exe 31 PID 2568 wrote to memory of 2880 2568 iexplore.exe 31 PID 2568 wrote to memory of 2880 2568 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\payload.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2568 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2880
-