ea3f7451ae1a77dec79b659e54823316b6ff5fda276038608c0e69b0ac916445

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

23KB
MD5

abe205f799930f8cd4362e69fba801da
SHA1

a49271616044d2386146e6969fdb093f074921ab
SHA256

e3a127cf7054db29834fd45a4d6245d9f018939f494a0ed82fc63bb3fbc0b283
SHA512

b382903a02c60fbe75c884c442a2bd2ca4e31dbb759c40af69bd26deba2958ae659e400f351dbc9d71716b5792cd7dd34eebf2962bcf3aaa935498d8390da1f2
SSDEEP

384:NSFpvsHh74vCDdpqSoycsFREZVd0QrFVgr/YQ/1RFkvMotdvu3hl:No9CSqDdpqSoyczZVd0Qrngr/YhM+dv8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000e66ca1a144466dc03bfdfb99650c7be9b41f6c8b2888e539eab753a551330548000000000e8000000002000020000000222558a685190ae0e7c00ea7cf245983844be80d5801c651a2e96c13ae66994420000000ba6d85fc0190cf7a9134ed1fd246ec8ddf55f10269e7f486fbcbad8cf11fc29640000000ff590806bcafbc9bf633d146c5fabf6435ef326841fd2bd9a8a836cdaac16c3e61d5aa6bb8320927bb6dadea0d495ffb9ae1d741bf16e5a2d1d3e5f4e468c697	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000000b1407ed21d48b3f5a047af332ed71b19d7b9edb3eb22d8bde75d566f7580fbb000000000e8000000002000020000000d23fd82133835e897acd7c2c3aea085278d5ab9750e72cb64480ef59b3cffccd90000000a5524460135ed164716b5ee084f3a2268a030453f625b8b8375909b706abc753c0ee64317319dc9df7e103a32fae6762ae84fbf65830611575366f1676c31b58471d63a4cff97fad0a4280a346048fd64bc100dc86e06e4341c57dbfb30c121935b4ddb55c3cc4431b062c4fcbeaa3e5255d40775d8c842df9ea6581b5614ed0418409af9a4acaa3e5d59e77f268e05f4000000079054c4942bea606cf5a60e919bbdd337f0b12439364fd5f4dbe9d26d9b1cb3fe7b6e412bf4e07104d0ee02524d0d222d6d50f8a8fa98ab843c0ba4ff0a2593b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6AA11C1-B0CC-11EE-8427-464D43A133DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5009008ed944da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411172249"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3000	iexplore.exe
3000	iexplore.exe
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3068	3000	iexplore.exe	28
PID 3000 wrote to memory of 3068	3000	iexplore.exe	28
PID 3000 wrote to memory of 3068	3000	iexplore.exe	28
PID 3000 wrote to memory of 3068	3000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37024a99ea8f5fd486ec9591be1003c3

SHA1
45f1407cbeb39862c6fb0a107b86b135bf7575a0

SHA256
c73c833e0ddbbcd3d395635ac496af634f4cda2168abc4498681fe6c748e0754

SHA512
1e11ab0519267669fbd5d54e686a91c10d4b98e4bb4c5fb0a046136dd540af2aad32b3a5527cd4938d2c54f23f87c394abc2a9145bfdfc3e3db42c84a767cc1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8ce721e2a2330223540c994d14ecff5

SHA1
c3802a07ea6f4ae51cb3893a26208f38bc792e0c

SHA256
ed5d98f8517db0e3c019c4900e5e4c6e858e1afa0364fceb1c2a6148bcae7064

SHA512
e1ed402c78c7ef6486a45b6527253f26b57946143590fb3478bcda4216baab91176b685a4514961d8911fa245969fde40700a6f1c550f535e586dd171afccfc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d511a3583d5964150b274c41e0e76e24

SHA1
6d8e6b4a96f966def40d120fe4d93f0b6dc6fbf5

SHA256
73caf80a51963340affb65d4af1669fb03cc3dd6f8f6963c49363529ac4b47af

SHA512
6da3883c58433607b3245d8c34fc7588a1681b9d27f5c8bceba5300fee07e58a36a33ebf0ae9c40229160c54172df462f6a84147e6f13915c18a6eab8eb0c89d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b3bcc096f8a6026343624b8091ac6f8

SHA1
9d1fadd04c95f1da7dbd0545ad6947f9e59b13d1

SHA256
f7fe0ed8483228eac4ec2e20da0269e8e9844c0adcaa5403bc2ff373bd7ee444

SHA512
e43285182843f741d03e2cf7aafa32eac8e92055f13480d60c2440c74a662f733155432492d9fc2c5b74eeab13d93bdd0a545e1f07f878a4fa8b5bd2b0434683

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
deb883e284f436458e22b9032b14dbd4

SHA1
26c0571e293b6d6a2ec90aabb777f34495ce2bfd

SHA256
72d827e26a86eff3471ae7cf98b24f9b8b442568c2bc87a11c8851e2a7d67ee8

SHA512
362c54e4b851d05fa94f0822bb3a4c29c26d10825420e35789447af4cfa9a45c5d204b368deb018b90c4dc1fb137537ea5973ff81582b869682da959f969465d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f98c4e8636bd527ee0b7a0fe29d6167c

SHA1
74fb00f3e83152b4dfa0bde6a050e1d443c6de83

SHA256
2e9452d0409c954d26586e5e20e3f03ed115d9bedc97093c3d78e5af25f912aa

SHA512
fc77977a0f910ac301b5d95e0091b7e03282005a5ebd304a3906bc4c4927e5550c171d56ebe6c0aa9dafdb62722abe06945520e20c64121b9b4d92721d116b14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd64a52d7a8d7a12e90adf1298055157

SHA1
0ac61830cf6487c4468abb57fe32517934e02498

SHA256
e058990c39b1d224da022e180d9fa43c0d6b312c766bc438df065723f2715849

SHA512
319dc61f73c0b94cdfd0c134be64f34700f7630f41c2fc15a46f668dab7435bbb589a7d8b92b4a75665bd4043d4436a79f7f661b70906b8391433ac82cb4236a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14926fd59904f9430fee55a2504420b2

SHA1
48302ab85378b00769933825ac2d1cb9e8d210b2

SHA256
4ee042fb1c4654b5ebaa5ecc264b6f63e28ec77bfa8fc6f667e80989ef0846cf

SHA512
a82da0cbced0d5cad7d532c814a46b5da5f3a02ee19af7f6ed418e484cf91e441926fbe569478161e93daf221ed8b69af07286738f3ce6cf7dd010d2d9b5a4c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1fb83c7ec821a16c89b8fc50628fdd0

SHA1
882ff4bae23dbde7454beb2515d867a2fa59c995

SHA256
aed4057db31e84df2a61c8976bee8ea1702b4b785ea3713f9e45e7e1d1ef49a4

SHA512
e233f8dfb814c45639923b58be7bd38a46c3cb33352c8bb1e49395d5c51647d0f45fb0c3038af7f589393f37ea27fa7daeb77c1baca026b94b6eeaf36c40e2f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9838ed17a966daafc64d94d75b214156

SHA1
edba50b4b3a0e227794f11135da9a03111adbe11

SHA256
73dd9471457f328c16e0959e35eb17ca3a02c34805560319c60ba9b97ca4017f

SHA512
2e55b6fa6d3db5882f1bdc67c4d6c92dbee929c547a92001fa4a7404f25b531a2accdcbce47d67cf86893676dbe61ebb18ec4966bf2b31ba3b2390162400bfd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a37df9e459deb78e551446cbb7ddf7cb

SHA1
e2a449df9fdb1eedbf5570712ef5ec5b987dd34e

SHA256
ce2069b2a875b0c6a9f45266ac497301da794fde8c5a095d912f194a7628bde6

SHA512
fc17bcadd9537a6314c3a4f88118fc6fcf6b598583fd1c81646f7b52acb431afa8f3f3b9e44fe53fe6a6574156852499c1d48e1aaabe2b04ec8fa12dc8dc26e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7765315e7e534810b877b480bf2a30f7

SHA1
fc898e18c057d23fb32ff3cafa527c5cdf903e46

SHA256
5daebd137c3e83f20d947a9ffc83158cadf239d76964bece0098fa8f82cb8514

SHA512
8b47c3eb23c972c96b4c518a6af1949611fd21a6d39e70bfb49e9af5e3514f7008d9cbfad1aec42ecfccf95dff6aa91bb4889ce093e038d8386528b12093f2c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e1b94180571b796025aff86c529d37d

SHA1
393314d257deb0522f885532111d6ba43e9a7267

SHA256
42fe32173defc3376a1e133d4787fbf53d9a09007b5c27ba74f65ddc76a225d3

SHA512
a670b3ab52eeef4057b02aac0b46faef507307db6d76143b2bf3d75567aeb6a9e00350961ca64edaeebed93b61ee843e29ee09ff255b97bd49b88e309d5647c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d141f56a3f44bd8a0ddccdd7f294580

SHA1
b3f38e2fe8eef4f1b44ae8958607609e5e9c9cf2

SHA256
375822b96819653a31228d170c3e3c16495f46d2123220e70f18abbb467652ad

SHA512
f70a7193289d4282c6bb064b6ef3f14bbd3195ad5549991a1f4a93e7c1b6da2b89df68bf5d465ff4db24fa6e5fe7933d732259c8b9dcca2ee19893ec1bcbd1c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
beec1fe81c05e4805e09a8612b27fa1a

SHA1
a1b8f981cf7cd9d63aaf42488342ec499d5261eb

SHA256
70b1f5eed317d12aa41f4e39f4c6f3abcd53e9f3a931c56a379a45b840749bb3

SHA512
338d13439c2066418e56edb3539b544515853a5551ea9a061319e6f5435f8449b0dbfd7f3b94731835757a98a789cd590a4d635b60c02b21d7dd62433a9a26ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5808313775cdf08d992ff2a78fc044af

SHA1
e7f099736ed7f6b087817322ad5df64b7d2d79dc

SHA256
287474d6645d8589ff0118dc490028b4f5524b466c4137aa9cd092bbdfc71eab

SHA512
2148a0e8557bde6da648aba019935a2839a32026a1d1655011b433c9e7c28b2cd0cc776a9421650cf972c742759cbea5a8d609eb11174f7bf0b92b160f461386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28de04974acd118b58ee42039ee65caf

SHA1
451db0b350ae1f2cd00ff924df8a827ba57e52c5

SHA256
390e25dd3456227c015e1e6d569aec7bfc9508f2e6fece46d04db11a9da3d737

SHA512
bfbeeeba6ad9cf6f716dd9fa53bc4c92e4d894b8a5929b29f8823df5abe06c5cedb83daab7c85957367135361586e3ebdd4241ece8efa61ff105db2dabffff62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab95BC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar964C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit