e2b5ac56c1537bf6c355601c70af06ef4584869477923ae84940866210a5e2c7

Analysis

max time kernel
0s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 20:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

356KB
MD5

3e8bd62721dd05a42ca5dd5fd09d8cb5
SHA1

5c919b8346dcfe02176f1481f22cbf92fc4d82e6
SHA256

e2b5ac56c1537bf6c355601c70af06ef4584869477923ae84940866210a5e2c7
SHA512

d70323c7b90721be1ef3da4d002321d0de9eb408530b985a87d467da10788f7340c4f2bc6535d28c30a492d337cf45c9706de9d5bcc71a64e34a09dc365d5ce2
SSDEEP

3072:w4E0nHk9tf4HF98tsGlKpje60I45d8KdhRQF9VyQF9VyjsGlkQ:00nE9tf4l98Cpje60I45ldhJjsEL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{82A85ED1-A9B1-11EE-B696-EAAD54D9E991} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2444	iexplore.exe
2444	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2136	2444	iexplore.exe	16
PID 2444 wrote to memory of 2136	2444	iexplore.exe	16
PID 2444 wrote to memory of 2136	2444	iexplore.exe	16
PID 2444 wrote to memory of 2136	2444	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
  2⤵
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89217a467e7093ad6dce85772883e4a2

SHA1
0a05db98675b53f9163bd1c22e5db686c9f2383c

SHA256
3e480409aed787d764cc9962d5cd581d4d1740659e258447fe9f692e25b796d2

SHA512
bc7b4d46063c7d550158cddbab941cb032658a0a9e84146b10d66f4e4eb63e4bc987f2daca2f4af1fdd4e9cd2e5ff653e8370d4dd019a7739f67a1b4c6644f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc1b6131c2142f0ee0d04904427c1b9f

SHA1
3d5ee7f215b4ede792d4e009059e39dab971c996

SHA256
8c3c533887b4c94f8f3a6e08783bb25813f2c8cacf126c125cc2618a6275ef3c

SHA512
fa367e175a15465c78c915e7972cf54a69607650feabceff0010ab50ae81855a7788470745d29728f84f6371e028c429c65d2e0654b5c9e3d94fc25cf4e63c7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64003e6db83f537d31d10b74bf50a227

SHA1
87e1104109bcdc45de70c51c0f22c5504a082954

SHA256
b75e2cbf70b71e18901c9f9469bb1d417912ad744cd72b4d5475b704c0501531

SHA512
b7c95d12875d2531343770acd38ddba45183210bc87693f1d6ab55e1d8c3e41faecd3fee57240ac32a8e10dc4cb3f040d1c3ec26cd4318de3dfa2c331f7d0ba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7c048ce239ef9359b85e350f783f11f

SHA1
ba306c9b69a64ebc1bca44b0274d0bff021254a1

SHA256
a026f148722ef62b57595e90663b2be2682859cdf05cdf43f6b148e014cace17

SHA512
c9c26511a00ebd21eb784d9ec5610200764a1d5d0a2689e13c4da4760ce6259b72ee20e77614298a1b67cbb73ca5014dc3bab15901c31bdb3869e256bc1bd54b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e864985bc7c4a05521c2dd86943cd4ef

SHA1
cdb6e801db28286de6a3c51e0def32bcb253882b

SHA256
089e0b92c4b2c092b9c114f52001d0fbe449b4498a0bb81f60b1bdfd436ae47b

SHA512
462de1fbc3e699e3efac7a3b81c6d25aad9992e32eb6ff618a329c2527f1cbdc7d77a9b8d49dc65ea30d37dc7a5b4d0519e726d7b72ecd14dc7194be131c478d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f096bf407c7a8ee4f17aa87800d810a

SHA1
6bea77220f9f5a6c370e6eba8028c430fa140f14

SHA256
b9c34dc29ccb741a757e0cfc183068656d77f48a745ad94a5468e2d63658840b

SHA512
90886cd36892cb145e6c915cd0fd9e2be78ddbbb47f2e2504a5741d24fa25ed32f85e4d282881f81d487bba66b513b5aae90ac80456c60d88778dcfe7517d8e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03c8842bf9477004eb01e7aa368d61f2

SHA1
268c5b0979b0d3f9c6c9013ba6faf391896c99ff

SHA256
0c37dd4f1fafef32a8a1abafd5df2e73d7fb605e4c2a5cf379c38f6ee4493871

SHA512
eb2653a0f4e5f6016a32c107a01abf4ae962cb935a688b7ca7f2170f0102bd63febe58a6cfa0c5871b70c1e5a9d30ca18a942ce82352015e6ce23da178a78788

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e5fb45a681a22ec3d73268259f02da7

SHA1
ee300429e2c49e3d115a814df5bd801d1c6959c7

SHA256
eca7cf905b59a5e386e3bd4a9695aa989f2842d1878d53652ea5ff37ab932e59

SHA512
ceac5d0ee00aa927dfe99964b56b6a44604f2b87d48b2b09d08f7513b04e0c1cd19906eb70ff76b9e49999c4c1c394abc6e9fe24056de3a037a78c106f1ede8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c288aef3be2d0972d805ebb4c9a42255

SHA1
a3e14f2c6fe2e81e686f3160ab6199c84a2beeac

SHA256
cf060a6c50ac898f14410f8a985c735918b172cc7cfd897e7b7e5dbb3027b46c

SHA512
c17042ecbff54125b69eff4fac17eb21c45de577b7ccd035f1d096991c13d7a55943e9e72435e799491ab0718a1b0a44b14af4261003ac1f2cbed1baefb96dce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1f3b99789f52f88a46f75ebdc7ed868

SHA1
73bc085ed3ab85a5713d81b494378fcca1257ace

SHA256
71026d0b7303529755478e034955bb49566e71377f6f83576d3c072af65189ea

SHA512
b60072dc9edbcb93a2bbaae4af8df2b9a11b881feb41341fc8d2f5b837a775f3fee84ee59bf0a9728a6e201097a677decbeb35542ff869f2c39c21f324ac5f07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6e242a905916dff2e7569d86b8c7ed0

SHA1
cb5aa67e33223e2bedfceaf8aba849a88765ce83

SHA256
1bbb4511c93e1caef9eefc84ee4d148f7e917046bce584ed56059ef30dc8dc0c

SHA512
c14dc36fe6f2f80c69ae479a8dff8f15df2649c91a901ed75ce58e029ee88253c2af343fd57008836d30c2e10decd551bb6372c9f6232f13913226bced3b23cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fad97ccff7fdaefa7fd7f01986cd98e0

SHA1
9584d9cacf223bcf6ac50780f7f6094390a425b6

SHA256
03290370ba72af688d1aa144b19fb564b4aad74a3f3b8daa7bc5412f8a4a8445

SHA512
6c6ea755924cb24cf082dcf49febb9c24be55d84609d19130922ca8d43809a84de640db785e397f0f96a57b5b9cbe6b59509aad115c1e80d30cd2696b23f8c5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
573780928ac3f97a016bf704bc1f594d

SHA1
ab8978d1d8852d563931a082c503d687749d7783

SHA256
6215c468e21e5744aada6ea7c90a358bbe44dc702f48e51f6f6df70812606841

SHA512
383bf90d264f0c7721972272fe83c8795e0c26fa2bdbfdb8e351ca147e665ae1acaa31292d2e072ad78e789168a5b2a7bd4b11cd8f01f8e078994e0266ca479f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57d1b4e713d0a75c108645a120bc449b

SHA1
35479cd29da6724d652bcb4680e204b654e034ce

SHA256
08d52d6e4c05dad198c28bba0157f8a7eb0ad285cb94cc0ff72c8954fbf9703a

SHA512
6a2bde1420f85babd9b272c7e2f6a38fcf7948a9863dee98ca9590d542c1c53a82ca4bb29e77ef85835817fa3f873e19e45b9f184c196cda9b8821d2d84d7581

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4491.tmp

Filesize
18KB

MD5
161d60fe57aaa087cedf788866babd03

SHA1
3b0baba8b2ed14977ede08e57b3684103df1711e

SHA256
6c25833bb5e0602a5cdbf5a8c59c424273c76816151d6ac5bf157419c3d7b582

SHA512
3ddee0ef71ffa4c61bbf45df4f27c3b7f56d12eb4e97886d0da7f132f69551ea47fee99ab90830d0bbf2d5b534098cd7ccabd37b8c5db3b18e77755f5809c024

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4743.tmp

Filesize
24KB

MD5
c8655f88b1d492cbde9846508eb6b67e

SHA1
ca7db995588845b4e449eeae4b35621208c3bc58

SHA256
407083fdd1813abee23f8a8d0c13b475f43b3911843c88395b47206654b1572e

SHA512
87d87e34c89287806783d54b5c758f78676beaac032a1dde367ffa07c91c44eca07cb31ba2d9d66f9f5955b04454f4e4c7cce44bbc3e3f9d94ba20feb990f260

Download Submit