7841ec5c97e5f37251f54a4e65c8151ee9932819691d7a5bbc2d0d4fccecfb35

Analysis

max time kernel
137s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

23KB
MD5

ef2abf64ed16bcc45eb0f7306d703c83
SHA1

d39032b47a7f48b9deb9c8233089dc20d9adfa1d
SHA256

10f30eb8847bf7438bc0d14bfa97813e6fe9fb12c7bcfdb3b7b4e237bed29e3d
SHA512

494d5320b0a57d68382c1e2f6921ef6818f58d5a29b4ee14efaf3f7a9b4982ba5ecc1aa0a72d29fb5de12a01d725f786fe6ec0a6ed3840ea3954295e23b9619f
SSDEEP

384:wefiSFpvsrxh74kLbCn4Wf8EL4n7DBNi/0m//1RFcvMotdvu3h+:wefio9GxekLen4WkEL4n7DB/mkM+dvag

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2358A171-AEEC-11EE-9E63-EE9A2FAC8CC3} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410965841"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000fd70f6fac6e739b32b9568693e684ec0fadaec8b5fa715545b29d741c1691132000000000e8000000002000020000000259d1bc20bdd5b14413577db7f5a319632d1a99eb23f288e44917efc56e1855f2000000032771589c08213082227483b5c691fd1d8697e9d7808221f5795e7579aff0c41400000009fbbf168d8b054c415072392829dabcb08a507283cd1e00238f5f3a28dd0f05be9cb444c73aeb9d6821f52a802ddf3aa921420c2321b0fd39b62da7531b62ada	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0cd2503f942da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa0000000002000000000010660000000100002000000071a01e07517681110471753630b892a48dbf9a32363a0475b1f5e3c205c9c3a5000000000e8000000002000020000000d28c1be32af7bd725e9ea6195af788846da98e98bb8a783a5b45d5896e8a5974900000003d18ac017e026082ac2d49cf747968e4a619fbedc0f48900df318a5b027e348dd6701d7ee9dcec57a6a2e31dc4cda95b934860a0a1a41e25f7ad63e143f04cc439e7b9f447fa9664ceedbf0ebef646bf3642f476b1fba7f5ce94a1403a16eae2f653bd4acd1c0a1bc439ef7fe4c49fbee7f93739b713b8bc948eca81ba5d1d250716d05621f49a6d4f21a512c4483c08400000001156134d619f376635daa316d6a517c8f78aa2be4031a47fb5aca22edefe498a3038aeef9cb6fe76509ff2515520b91e3265f74414da6afc4bdfe90388486a04	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3000	iexplore.exe
3000	iexplore.exe
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1404	3000	iexplore.exe	16
PID 3000 wrote to memory of 1404	3000	iexplore.exe	16
PID 3000 wrote to memory of 1404	3000	iexplore.exe	16
PID 3000 wrote to memory of 1404	3000	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ce132692b4098134618a71d6d7adeb5

SHA1
c01ec99866b69865f176181a315745bda613e83a

SHA256
222486135e752fb502f87a752f13c054284dabfc45c758cbf22da791462d64fe

SHA512
9f36a830c1d95fbfdd6004dd93b40e849b716a9909ee31b9dc3a5b3898b9e1ced7a0ad22e8a65bd558330ec4ba82b69fb37d3d2e27a4971e1b7b35a8625f5fd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce5452f4b440d95063f3d38151a641c5

SHA1
51a3f1f3c73336b4e3a7211c22ca59471b7ebe4a

SHA256
9bb36dd1e885e30029cef209fd0f590b6a6258de22e83b60acd073304eec836b

SHA512
14696ce697adc5d781ebd96132aead22e04252d3fcbf3c58cfdb6fc6b3ca7d85e5a319ed5b4ed6ec422ffb636e4eda51029ec58ed0289389f378f1da4396ca6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
429017fcc32442e0fcb10ad8d7c4cb9a

SHA1
1adac014cecaf10e305af0a62e6d76c1e84f9814

SHA256
a9b00421cdb720adfa0f4bba7cfd88c0448a7e586b8a4fff6f8a9d18c20b1110

SHA512
9bff5392ee75308a114efbb9d36bf85150ce98702b759bf55c2b75d83fa2658b5615d39e443399e9f20c1ea608583a9d2f7bf01187a4693732c8595258b9a9ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84be6030482f13cad5f0a79d59fdb4ce

SHA1
17bf145b0919278cbf01c2686bdc4e2da6c57fdc

SHA256
fab2e46612188e9f00cf9942016d5413f03e502026681818595fba3817744ee7

SHA512
9cf2b27f5c35e8877597199282cc0eb74572e83f131eb1356d2121910c693598687a2f96327b363473b727c8c2c6c3741529538a17686b3118601fad56cc411b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71c18208c938dd6bfb9fbd14bc113da7

SHA1
b8f4d819f6f6cea2d6115eafe5822bbf5a35eb69

SHA256
7a7ef9d3fae188b6d552412a476d34bc3d53753f002d81d742cf29bb58b83cce

SHA512
09462c0bd25ad24191d8ccf356636f2a10bea4b16f62d16000374e30be0a403db011bf2cc556cd0d6686c0a794cd0f5e6db6c77e742f1a517beb7361ad02574b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a025b82fd28e9089a6a21d0bc7c74a8d

SHA1
2e07ad9b3e3f6e354ee6d134c6733f2c3a10bd67

SHA256
6734eae3730f9a04fb99514de68a707c3e252100bd558f7974af440d7d3b3c93

SHA512
9052294772e774d20de255a063c488c45fec31816fd22e0966f1022350e44ee148f77eef708d5a2ce5496b2cfb4f3d9d4a5d7ce8f4237dd69f6537c427101d6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45bf6a3975d5791dcdd0088a66c987fc

SHA1
0718103e2738ad2f87ed0126c2cf483842ad3267

SHA256
db5c1c6ccf32c1d283492a8e3ed9f0c9265bec29060d5a4b568a48a3caff4a53

SHA512
6eb329edca7f03e726c5e9284a2e554ac0553525891d1a173379491deec185fa6a188999ffd3d33d75ba3335eb13ce41506c7f0eb3d772aa469d34fdcaa2e20d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de5407507acf34f2cf8b3274dc31d542

SHA1
123b54eec0593fb0256d1455d21a45c0ec55b113

SHA256
e8ec131f27f22671bd99e7917de431e87b7a71f9c0ccadb73ca64382e0b4db7e

SHA512
feb29b7efc07093ae9d06b45888ade3908a7ba95bba647f19182dff91bcc91843d8629b45e7d536aeca71efccc1ae2622713a69d9a42621e05a272aa205d3673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
205e058a439d9a29f32dea08cdfed185

SHA1
8609d84341f4bac310afc7d3a012a395b6ce4027

SHA256
752069bc0f27c6fe7fd7b7cf6f47fd206729a5221637639d77ce1b3fc0d993fc

SHA512
4cb9bbbc1d00766b5814cfad5b2de41bf7291ad4de303c981114a6602ec78357ff0f6772b1c6c6e85efe11fb6290f4436054b62f634b046ee955488ab322ef1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22f06beea7fbb1f87ab4da5e02dc8e51

SHA1
be6feb74de728b854ec6a4474beeee6a879d6461

SHA256
12d2021266ab58eaf0cc31661619f021f3720f26f2af976293abc008483d03f0

SHA512
a92d5c6e17050e1eadae1cfe072d6e77a52b93092f6777cad5d330fef5cbdcb30562dc14e554d394d737afee40ef382fbaafdc50266e02240a6dcb0c5cd78d6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae7a5f004d54c1f4fcf1f65193dffa34

SHA1
87c78c43ca245a072d1166e9682ffc70b1b725cb

SHA256
6eeb75148bc352c26e4d00d62c15c01eec6ce09e13829bcf04ba4b5a648d656b

SHA512
bbafe12d1c3a1f17d3f6ee342f20a8105f0d14d278acf87132118722b1ebb1497e12b033431a1bf443b065e6ed844fd5ec7c6af19d42f756b92f58c48f5cd5c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c8e4b8adbd810b0d854434e8968bc5b

SHA1
1b25956f2aefd19cbb323f78a5fd55bb34c58f95

SHA256
825ab7de00f7c851cb53f3a619e010c6ceb4b7e89c48606ed522a62b6e9851ca

SHA512
10ee11b1e4f359f73a400cc9d30738b4c280e1a839fa42318df5393c8b1606ab0d7251908a561141601d7210cd8d6898897879c3def74e8a51c52a76020d9230

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f11fc5883fd68d1a27687e4213c3cf48

SHA1
9cff88d102a0303cbbe93057e66e3f62b1223644

SHA256
96b928eba3c28fd0c878bb70a97d811212efc7973c7c135f63661c2e90800dd7

SHA512
dd8743e8e52dc02639317c4b07798e000eac12660a2e6b78344d7dedc097187aca2e7e89ccf1800d97e9af96b6b57150306c5bbd1959da59d786b77c520a0d4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75ff123bf1322e60fcfe3275db6be3e2

SHA1
000086f2fc1604fdb58d3d13b1ee6490d0c1554f

SHA256
c0013d80a1fe1f2e36d726506456a569c2924b15cebd9ec235aba5f64311cb1d

SHA512
efc23d972cbebec129273af26725b90ddd095ef477bcf2ec11bde7267ac3ef0c93b580d10e8ae3e5353e6e25e89da7a77f6617ba6517b83d8ce82f6bbbf0ee97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
952651775813bcd2bc7b089c0a042447

SHA1
a7b7d3e69663478f61981fe415ee37baebf8d9de

SHA256
97957469fc33960125d2d9ec93238b9475c6e4077808a1ebae7eb965e4d796ae

SHA512
a0fac6e1210e2c88924050d69570ad44f8caea4a20dc0980526331d42e1d973db29fc18b60a7344e51d3e36b121781786d7b9da9d575148c360dca372676d4a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dc1490d46907e91cba5e830f033d1ac

SHA1
1bdd08e98e7eb46f4db5469f1fac3678b322fda2

SHA256
11288b2213d1df181ed646dffa28ac6d7302b0e3877c399eea7c284ea132502e

SHA512
d40c1b5cfc1980ffb76609acca236328393e2c44e5df66b9303fffbbc249f4ff199c795a7c52fe85c1d9c64bc0ae46a87b6525f8660227ded135375380156890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b70bd1f4d9fffc4554d398c77649567

SHA1
082fa16ad9ba62d59e9f4942ea304d480b6ab8ba

SHA256
b2e752c7822a8c3e8ddb6c516ec7a58cf1096723fefffb6f4f8fbb77b2eb5843

SHA512
19ff4e9871a86db1f693c338d0a0f32bc06ee59ea29d51f5ad86684dbec758e0360530c2503ce4a06533ffcaae87a44aeb811d5d6baea46c74ebb5d903d3c796

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8806.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8896.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit