23fb264ef4a591865ee18000f554c58bab3ce4218184e2a57076540c21fcd78c

Analysis

max time kernel
16s
max time network
19s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/04/2023, 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

44KB
MD5

7746ac388b08bc70fc1ca397c115a3a0
SHA1

f180339db85f5be942428b469b9d8aacf2f293ce
SHA256

23fb264ef4a591865ee18000f554c58bab3ce4218184e2a57076540c21fcd78c
SHA512

ed64d23f6df51b2769094fd7e47e60fcf63f1b44cc36aa521cccfe45df103403e711af6fcfe54fb5dc3662ad68c8381435283ec2a6d1caa02d018eea384a1e04
SSDEEP

768:qfbIvLf0TEeDzyUpbRgwPo1jsdLRogv9dTUjFMVr6nmu1Sv1S5cg9um81l8BLNzt:i+Ds9p+91jSLOgv9ZgFMVunmuwvw5D9J

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 23 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BADA6B31-E1DA-11ED-9682-E6255E64A624} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1704	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1704	iexplore.exe
1704	iexplore.exe
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1864	1704	iexplore.exe	29
PID 1704 wrote to memory of 1864	1704	iexplore.exe	29
PID 1704 wrote to memory of 1864	1704	iexplore.exe	29
PID 1704 wrote to memory of 1864	1704	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1864

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
fc010b4f9394506eca026b8b88b5eff6

SHA1
831480932f05eb5435d7648a10582ab6b9c4ede6

SHA256
91742aa388fe8e337d47191ba2ff30b8b9564c55c0a6892f12017f3e53fc286a

SHA512
cf1c122e011bfbc37e4545459f5ab1aff25b51dcd9c0aa33fcf3cb11c6f9980aac4d68a01619cff23dc1ee9fd443914a55a31de2f43fa77e2e6e3f3f9db95679

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A337C1765C89C5A17123E6217F3048F0_EF312EF1EED104459B6697109A57DD17

Filesize
1KB

MD5
6d7a46d2314912fce24512d4b249f68e

SHA1
a46f6246df60ddcd37b2c01b61e9b9054da13418

SHA256
452ccac305d8fe017a82ab14e9fe914103d9fbae01ce165a4aee9472008f8bba

SHA512
9afd5ad298be342b0cd3dae66408d97f99e9b90062bed0b35bce973315577953c8fecec540bd0ae47cfcc2dd8650c3ed2a263d20045318cc752c24c4d2ef2aab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
457e9f38c180f6a0279ae05e5037f386

SHA1
b0a2a871077b49102662479ffb5cbaf7d66d5318

SHA256
33fc62d422d09a8a6c8a8ec3e3cf06618c33089b1c51e820dfb621afafa1333b

SHA512
6fd90f9ab6fa125a7bdc193a5b753f371420347303d86b0f29e248f5926e59e2549226b8da8e84946cace206920d285f6f94ec9782e7312292bc9bc2fb9d2baa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a7d895444b8d88123588625217fa8bf7

SHA1
8d16897837d844296c07c9f2da32e5d40bd6e7fd

SHA256
8fde58cad4baa0879ba2502ebbc83b026d2c9582b9fcf645f03ae09c8171e5f0

SHA512
de20247bd1d058ee230210c7032a6b8d1760ab14cc93f79debe817997500ca4b656731a1c9387175827037c948702dfd2fcaa0d4cc8962d2a561843aa1e8d3ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e24150f4fa3ecd0c4e1a0b1f85aaf261

SHA1
d0535c7bb67acbd9bc76d733ce8e3d82a05835c4

SHA256
e92c598ad4935dc279dae1d43238eedfed76e81d3863227f78f6caf846b36e56

SHA512
22a9c0aa91da5156ef4b185af0c0187db658a417b96f54b10770fdccd5a9427f3d82c855906b8b05bfb55d1b9e05524d7635a6e72ab31f95129f257006fc7495

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09d5bf7f4bdbda6be501a96d9ab6f9b6

SHA1
68d36e25ac8bcb4be88bdd31130ed90663e05da8

SHA256
6256f398ad83f69ff8be02a43cf131686c310df2d991eb6a14edb8671e392fa6

SHA512
8992b18ec357e12a983f75fe339eb8c6e330eb4300ff0f84a58bed66b358ec2eb30486f0ef4732faab51a5cbbf609ac3d681f22914069d330f391cc2c3177e26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2ed286727531effbaa44ae4447122ce

SHA1
1d3d2367074e5cb08a99033489b40f5da0bc31d0

SHA256
13f58815e365babdcdbd4250bca517d915ecf0860e52b2ccc9a9bc8d85d7affa

SHA512
f90687be3ed30d2c31ee5814cc40823fdc6d577d4e58139b42745e5b37c96950fdaac823848bd1fd5a284fb2f8104a85de1d90a9f95d25ec3609ec1058c0f89d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a5c41663b3e64739e2000b6e50b51b3

SHA1
33256526cf37b0df8d76d3ae265627f4004f94c5

SHA256
3a9bb17ce283bf7694a889275975a486101167cf81f39fb56d107ca572808a3d

SHA512
f95fdd32083337b4139d337d0664287e0f09017bd8311f92254ef18c02c8588400979e8c8db12323e7182e209b97a11184ac81ba2d91d16887cfe3e6759515b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d0b14427eaa137f3832be3ac23578ad

SHA1
5ac1395308b6887856c890e3687015ed1a4b4329

SHA256
c418fc90e94ac5a0817d2c044cb0176618e14031c22220e1bc596b8128c3159d

SHA512
9c631b43b7a2c953bd009b96cb7ee03e774cc44351faa3182e38fae4221ad61f37a9b23f7aac7e447fb461a4357acab0578aa0d36b0f5b7cdb17f88d6aeab88c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c49a4dce55c05be155b8004ea7a75d98

SHA1
625cc7c4e2ada630510cc25ae9299a5e4479e4e6

SHA256
add99cbafe8cb38c09d0c88c4e38ae93736ae2a60716a924f6b4663c943e8265

SHA512
f58ab7e974f82f9e5ad24e4611e8895896622b6325c42b36a32f415fef4c2c141a3c13e73ab0ea2fc8169efd5c7c6074bbfb976160d0ae4d649cd0a7036268be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56b4992287183e1067a1be5993adc4c3

SHA1
1f68ef65eaf20e42964c49bf74b0f88c14520086

SHA256
1fa4bd7766bb3846bfce473a6f783a028b044b99c0020318e02db541eb5cecd5

SHA512
2529f6ec7613e2e79ca191e6ade216ffbf96584c76d783695cbe1e20fa89c80880134d4225433404b9a2f5f980e461f0d26bad72ddfc7e3a61a96cfe70855ae5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d43ab49092cacfa1cea734a74cecd051

SHA1
63c9b80397e50d49f456acfd38cdd0cb56bdded6

SHA256
06eb239478e5a0572cfb5a744399d5dae2a898f15a3c0b9703c01608a2062d72

SHA512
e1d2b39d2f68accbc3895c02ca628aa897c63647a546d208328776f7fa0b009455a6107a5f4332144ca8a8a16c16b8b395bace98dc58a87faa2c456b7acd03cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00cd76b7cc9b8e36fd70eb88a3f602ec

SHA1
4bc0379705df5c503ef7a6608b21ffc4012c5f0e

SHA256
cc84fc0109ed906b249ca7217a5fbac115953e2409cf2ba016d47a9b2753f5f5

SHA512
a1102393e73b7141b592527d80dc0c83f26797459301405b38809d6b8dc4d9721dc7ac4c222eb5bb3ae5886a731c08f9bb2f6cb0407e4e245646bf62f18ec2e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
893dadb81f0926e87c72d53e7db53b7c

SHA1
b9aefcaf0e862b43a090db9515f9c091b21dc830

SHA256
bf6db9c6b7fcf65e3035f5df2f5d271a01f518c7922b4c940afa09a171d7c5f6

SHA512
4ebf3aa08c3c67d49aa4831e8ad24ba1fdb6cde45d071572f2dcdcf4240563e2c48eb81003fe2a8f5fbfd70cfd46ec2acc0c268dd08950b4ace7f76e91e3dcd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0705875ecad21cef5cf842a29c6864fe

SHA1
bcfc043c2b7e41a364ee50d1cc31914df42146ac

SHA256
a4438aaa7c8f2e6101ae5036ee75136f7f786a6da186444e64597540293bdef4

SHA512
8b59a7b68c91fbdd4cdcbbddde736f6cfa863d7800fc0b75abc0cf8bae75bf7d2e069198cd0128f3e74c5d9a19d378d625f85dc6445265c3ec325317a5e136d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A337C1765C89C5A17123E6217F3048F0_EF312EF1EED104459B6697109A57DD17

Filesize
474B

MD5
db92ff9c59b0d9a9756d3b25936a8e8f

SHA1
f4f951d41d4c8d8d724eb24cbd2f54d82b9c032b

SHA256
42dbd048c9144c46cedbffa280566a42169b211dee363d7161e626fa83b40c8f

SHA512
e7afe0f5d2d4e008ec685f2dae89cb8bad9a6bd3ff94cd799c5e426a846bec5f457b88586eb95800a998884a54da106ff837be6886d2498ae71173a5b738baae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1C5A.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1D35.tmp

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C6C.tmp

Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D49.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit