22b6701a3be485b788de7ba15737c58b8109c949dc19a12d30084b3521306786

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/04/2024, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

221KB
MD5

8369193825cba68c77848ef39baecccb
SHA1

4c6c6e91c51104a317c53d053d1583ab4d33a0c1
SHA256

e47305fea468ab6a923ac5fcd36617941cdbcd9a24777c1b6656a96c2a78d294
SHA512

0ae5e28f9137e1ad8367e90ce55150b8ea9abc27db40f10e46a04ea80cc33bdf1c96f52c9d90aa5be3884b03b6acbd53f2e1e4176179c2eab2b011079ffdfae4
SSDEEP

3072:SXtlS7TkjDadFzyfkMY+BES09JXAnyrZalI+YQ:SXyYqrWsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C43A991-04D2-11EF-BE0C-E2E647A5CFB6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420410676"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2876	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2876	iexplore.exe
2876	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 3024	2876	iexplore.exe	28
PID 2876 wrote to memory of 3024	2876	iexplore.exe	28
PID 2876 wrote to memory of 3024	2876	iexplore.exe	28
PID 2876 wrote to memory of 3024	2876	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
850679abb70d10c6cb1cbc65398b8314

SHA1
9196b3d34f2981aed4699a0b641e02152f806416

SHA256
32041f2130f629c3d5d5175c9702a0aba8b1684689a8ef737386d20bfa74d2b5

SHA512
38a28f34af561f99b10794259c924aac18517b6ad47412e150b69113771ee1bc7f3d342abc67c90d850c7c99f45b517f1432db4375141a11b55baa4248ea5bc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a913c3c34e2a2155caadac3158be48fb

SHA1
eea86290dc822a7cae0128f135c6b303fe172f27

SHA256
6d24c01e4035f3e5a33d043da61163dc99eeb1b948c35a725fbadc2c5a9331fa

SHA512
4ca4ccdeeb522ef800fff052907908003bcd298dceeddc1394f6b75c59d1b8fb5c1d15d01de1795a6dac6864a74f308676b5cc7586fe5351944ed51fc60b16dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
267770c9822a4d66336707386d4fc76d

SHA1
12a559c5743cc441256cc62cc70f3b9f70f05a62

SHA256
47bdacb2ff6f8326d6389ae98021f64045f4be4d7f3b258be4947573f8c0081a

SHA512
faca4837d656a5eaa80d6a9d5a1c54dee6f39a7598fd3c43f151fe99ac0706fdc2625c1bee3b43cda291fbc7822ee7b55f26cf9e2f9a6627585ff7fb53420e62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32b7147b083a9c157b0336879b3aec9d

SHA1
1554deaea3e911939806e2fa059bc3779bcad832

SHA256
b12f723e45d6788164d72b5401aab4b690e52e6330732539f14fe38444a976b7

SHA512
e66ee987d8324a8546418ddf6065b2d83b30a3f8c7529a10d414bddb66fb54771ee00be7a16af0e86453df143346f10155bd00466ef4805875e2eb9ea6016281

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ecbb14b7331795c86b86b3e435903ff

SHA1
b5b86eb386f8f9e21ab90f1bbabe61aacd4d7f2a

SHA256
dbe97451968c4cdff52371ae8020d8cb2307ccb24c45593bda0acf6df03a2351

SHA512
dd47f6177041056d84796e1c21bc8b305237bf70fd23a49b98108be4aa605e41f0616e2e2e919ea4b3ba79c6901b8391e38041e60d213ebe22247919d6e48753

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e91b4fb2bde9c13294ee7cbd75b9f898

SHA1
473f3c937a61bf5548c6f4812a6c457131ba650b

SHA256
99c74b25327ce33ccd589b7fd7b23b799587c60e30ac41e45694791d8de4b18c

SHA512
df3a67b0ce1cb3eb6bb50f2096402a4d37e3d76b80a9dd3f88d540648e5a5d6a380d65c516b120c5a2d2c5c2faf663d61134ba8304b8d663d1c1641e67ce6d41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7437b3f0dac56013762e91921509c75

SHA1
c581a9845984a53d82c01cf45a900df2574c47c6

SHA256
d4e9163cee5ad07c544287ae3b3c7a7b896bb1c5204b9a0c1ee4b5c556876454

SHA512
4f3016c0de526fa15d18a4908f30cda2d21027d099328e4d50c62844258344b6659ac3459dce665059cd96706bdc8a85831364713a1116744589268538411814

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
306a2a077b6a2fab8a27a1bab12e7a1c

SHA1
522d45b569d9ab1e43fc3d79e955a26e55cdef0f

SHA256
eb966ce2953417fba67eb6ff3bbf0418eabedee2021d29d09ee6d4f8c819b748

SHA512
43ea04d51a53d4b5f75cda493ab2fe6ae1879fabba46c5a49f4f021174b58324952b29912921867dee3f2fd5f3149dd76f799d8226ed71be4660ed3d12050eec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e1402d30dff87d25a16c8e413ce07bd

SHA1
68e64a8d0e70ccf7a106faac3f6b50e031183124

SHA256
b243fa8ee09f8a321675dda3bd9da46f89af17dc8ab584031c446037485ce2f1

SHA512
b5c74157add888439f396d43730459426f2ed18724482df488157b0857f7e8934fe5359436664891ffd3b140a0910cc351c41dae4caf3ce3a95caea9a73c7581

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df73c7eb902705d85ccb8f73b3caca5f

SHA1
42d38a6144aa3969cbb7fb30f93a998ec1a5353b

SHA256
bb88a35d829b02df8fc3d5e861dbe2f83981324668f246c40697ee684cf2c8d0

SHA512
d5b9cfade8ef35d806ee8e7b9e76947576546c819ae385d753e8b3b5b4cea92454e450593f8c3f11db5dacaea7c63ef61a126e99d077d67f45c1043665976e9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6638b4edf7b57fcf3f2cfa7e8bf5366a

SHA1
2139d6869ad5e1eb2549eb7fe5d57bcacf16c963

SHA256
d8c84ba15c7d1284235a00cefbbaa751ffc38f9343894741065280c5bc897381

SHA512
0c0bebaf8ad0ddeda28a6dd969eddc9d950d4dc05ef307e677271ff143379d2b9791f21bc749ce86dd8e766efa1b045cd7303e7b58b58cfccb76d33ac20b62c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e4ff622b1d4f7f7a94e9e9b4789e62d

SHA1
c21ec43a11c62aa08ddc6c8920baabda31bda03e

SHA256
1d6ee9feb518469a968ba3279e3fd4aa503514dce5e2e7ce7732439777f2c43f

SHA512
f716f8b69299899797671da1d22d249f6e59bc65bb05440ecac36edfc93c5790dbaf2d36ef5118270ed4d246ea4e68eb75386a76a5892714532318db63147d7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fa1775f99367b470a5d889ae571fcb1

SHA1
2f37845806df5cb3f963f531dbc096d462d90e44

SHA256
e871463b87f1a5dd837734343ef2ea7b0b12ec0b6b0e086dfc2d225ac2e03efb

SHA512
cf6c6d862ff52f6c0aeea2871460478f3284808d3ba6411c9c88380d8729f6a7db3078107b336f5fec41f28809a9500ffa6ed5e4bffe7e59be46953e3b043ba7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba0adb46e29cefae195242c4a0d35f63

SHA1
7f00db70fe27b1e202ad2faf5342e9257ceeb75d

SHA256
dc3874bd76ac0b43b187979116f1d2c43af75dd217175c854d56b0ac46f81498

SHA512
35fadafbd42809f99ec403641cab769a58c09d9705067d01cc91b56625624c71bc8477a75374de00480409e9d2cb2a0cd19b4dd296c2c7ecbaa8d05bf6e8d0f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fdd69c7374e56bb27c0a8bd46a49a7c

SHA1
0843198c677cba823103edb288990e6db6d5bf3e

SHA256
10fb58aff46bb928f83631d3a9d9c377269df0533438b5c8c196de986cd196fd

SHA512
5644b7fd6a029c99f2c34dc06342f5ce7eb97513d9928f5a32d1a053983662b9bd2fa52e4b6d42b53be1b54b02a2dc0cb93c12872a1bb44fbc390ccefe4004d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ad11d195088d33c63fce12b5f56faf2

SHA1
7b749bc5756b9b23f5440aa3fd89dcd0578c6a9b

SHA256
b30c7bdf6f4d1322d3ddfd27525a99722886c4fbd357d436d5902e8751b35a62

SHA512
7be10351c9cb808967ed72637d0aae77d7bee1a6f030b0cf8b37978b89f4f95e523c2d6f6e5449281ce835deed1a2cfc0362459934ed3ab94cd49bc3f6ab2249

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f75aabbef82f96667cc84d3dcd0be96f

SHA1
264cf917068a6d3780685c16acbbb223c0766a1d

SHA256
4e10dd4065318d5e57115777391346ef45035a9b20b2441aaef622ef887a00f0

SHA512
d7fa99dda02fc486c91b432811e58b58dc12c2b483b5f9f8cf5271c25202c0ed587e33d5310aa0b8f2750c69b9a0b092f64e5b63f5c8cbae00f7b3703686f098

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dec185cb294ab0022076b434750ba0fc

SHA1
9aead3569800662e592d98bb465b6ab523c419dd

SHA256
d8fa1f980020135554d61c8d5f58cb32596a8f27218965b503f131aa68444d12

SHA512
a055d4bafbd8d5fe896e2fbc2d95df3096f2a3d2f2295db4e1d89a3fa4d2e6eaeae34132ce59ed50eafa67669ca52c5f3c285323cbb395d9e6a7179d59987cb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce2879c91580a8676cbc099d27141713

SHA1
617b4e91248acb26b6547fb35577fdfb6a6be237

SHA256
3906d938fdbd6e34ec7770e0aa31d4082873be842665929b87689f39bb6a7d3c

SHA512
71030bf38b278f51a406e66756bc787232e183d5fe7357ff0878199b743b56cd628819a1f43ba2a017bdabf22c8c9356f5808278143f6aeba224a16e7d446d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5DC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6BE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit