d2f5d2e227222bf8a74ee545c6b48fa4863fc823243f2bbae94ecf67b6fd0a55

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

373aa1678e1e8ebf96e012a00ab67c9c
SHA1

55b3a8eb9eed06d8ee0435ba85df1b5f920ee82a
SHA256

df97479aae13c1e3adb1da84b219815aabcf0fac4c53190a778db045339833fc
SHA512

9be87cf14c29dd312e1d052dd7716a22444b9d4d849e3e5c69d406d6d02b7f895ede832c410e31e8a4527bfc3a9f2b5188dfbc6a876f5d4740fcce36c996b4e2
SSDEEP

3072:Sl/j1rfi3Ml17pyfkMY+BES09JXAnyrZalI+YQ:Slx6OIsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420460789"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{49E9BA71-0547-11EF-B012-52ADCDCA366E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2512	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2512	iexplore.exe
2512	iexplore.exe
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2224	2512	iexplore.exe	28
PID 2512 wrote to memory of 2224	2512	iexplore.exe	28
PID 2512 wrote to memory of 2224	2512	iexplore.exe	28
PID 2512 wrote to memory of 2224	2512	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c81c4b73b8b02a84bdee86e867419623

SHA1
58df53378311f2f64b93e581401ca203997ebc40

SHA256
9069c61c330d72bc2c9c49923e374a1fa9776eb8db6540179a925a4a57745e1f

SHA512
e333ff84973ae8607a7155460e3e1b9f7d9b6e362356d76e59846bd448be9da22f871de9c300a5eb8a7d50b5605da0aa3a6b8f46976e7b6255feeaeb3469fd10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf456385c580968884758d8f041103e2

SHA1
aaf72fd933beefd267e572e0711533e3eacf256b

SHA256
3251953a40771639f0455083d38cb90dc6da43022a5d47d916c705d211efcd36

SHA512
680f2071708a0a8bffb263af3cdd784ad611809e0fc083ac84b234a954df30e632d8b90a38ae66908498920a545fa36f48599bcfaec1ea6744a0b836982f909a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58ac0d1718e9ee177adc051972e1737b

SHA1
4bced382daeca5175a449903d067dc7b5cd74d2d

SHA256
d47109d807c6757195e836862ef7f00850402bdfd9b75cfe8b2a47469b92a55d

SHA512
cf47a0235db118a62a61e294ec0ba9701703afdd27bbc86788e7154d0e769a29c2dc6d42f9938910f474d7823fd9f75cfbfd9c4d57f25b21ba3e5aa5118fd273

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
716beeff4bf5656c55da0c4be35a93da

SHA1
399226c0f92cd8af5ccfe783e6413f76baf82bf8

SHA256
c212215bce27a90fdcadac9cae8ebe637d39a5d81b1c937b5920a3aa392d717f

SHA512
e619a2823b2605ea32ad5d9a34039db92f0cfe63960ddbffbc00d2830d44227907c4493311806c79a6352be0eaeb79e12cfd2b9ba1791a97e0f3a08a97fc8281

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d491c36193a9d89489abfbf343b7ca9d

SHA1
461130033f7ced0e6d4d889f8df36c7067cb5103

SHA256
5a91081ace852c0c469b1885a42e89cc88f4026c81f7877699b98b51694f9ccd

SHA512
2e0d44166628b796ece985ffcfeb7f23fd7ab0c9931724455e22648b6fb0ebbb566a1d40d1e395c15e7e81f608ddc989c6435fcfb0e20a8c5501648c18e024eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b8dc815ac2a77d9b6fbd453b91a0dee

SHA1
d5b67c53d05d00419dfec8bdc0b01f9d59939667

SHA256
966cccb6ea73cb7f282ab1bfb65b4856bdc0bee7a4c49df27a17b5d1e87f3e9c

SHA512
63cb44ad643f4444b90a47244e18babc392f6c19ef108d9993231fa4651236e2780242148db5161134cdf140748c1e6f6abc6a7ef62cbe52efae944ff607c60d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6609133c1a9eae454471c691249a6137

SHA1
aa6c33a902d291ca4c687c23640c47e5c08fc2a7

SHA256
dee1d885b487872abadacd13cced142a2951cb7410e526d3e15e118d59f49ff0

SHA512
580b742a1e56f774c2874fadb6ae16e5cf66b8dd9bb5da26b32e1378441a2b883425ad2307fdf622f2adefca998e47e9c82e4ba0a4e77ca1384e8c87abeb5bbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a0daccadc075aa0856b91d8c5ae46fd

SHA1
50ece0fafa9f56c58d41c6356a65a907e0ee22c3

SHA256
667549c1aad8140a8dfa2d3b4f5d81a55747ed3069f46d6d1700a857fdf4c906

SHA512
dd5fbd443a18a000a5cdcb55e1bfb6d840acc784eb0b4c0e1f526d014187cb7ec8af7b4a84fde4afe3b378c0800fd560c875c9eb19d645589755961c73ddff25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
361e439e1ff12945d16200b012093f35

SHA1
9543d46465404d451bf2426fc876531ffcdfc39a

SHA256
114e5ee049833f40229b6e9775e6ab3e093a463aea766b2e775e6c8d25c05b53

SHA512
45a41df22b5df36df5e760e4a365f0c1bdecc5f39b435238ed6daa19d76b72deaaf054592e57bbe4c01e4bf48a4ea9a8dcdb9c48b90293676e0881c0e42f4e64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b0a2afdddb3caa5e0e2b9142250790b

SHA1
40d05ea43d35f12bdc441631ebda30489c1f4f29

SHA256
1ee1916716e79a9b5f7f1dc962b099821969a1d8c259cdd5a2a485c360e9c1a3

SHA512
930f5ef8f0a320232aa14429a20491e4c972d3ad66378d0829dcc1fff7e353600ce93019a775d726f32e7215a42189d95e011cc7914a9127910797623d9e1ba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
903576e416564e6c0b867e3d82e8e5be

SHA1
c273083373bb38db10e3eaacc2b06c04ef3ece37

SHA256
f43f819f9c95594d1b4eeae077f9a245687ba8da86d1b450ed91cfd774c41d3c

SHA512
058c6c75f1cb730f21b251101187ed5e65a924e5d281b9b26c95dd70101544661190125844d5a501b5962a3465355ebbb6ce871e54c60d7ae3a308375657a675

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7054f725a69fd6eec6498bf02b95591e

SHA1
c82f9d45c4a34c118b416852f3b2ef37a590db86

SHA256
795103f6fdb23675c3fae6d53bf98e091cfdbbc09bb3bc397095de2b84df2741

SHA512
482c63a2f9dc34828c37afe2fa80e412367cebe461c06b3e9b1318a1f6b74ad20def473ba2244aca057a7786071f8dfa058d276c4d6a100698b3fdbf8fb9518b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c49e5a98c6bd83a4414517bb9d6a5fe

SHA1
70ada526152fc0cbf8b293e5d76ad7fdc3f7258f

SHA256
a22187aab6a5d25969654e819d67080dc2b2280e80be0b4ba499ba402e9e27d5

SHA512
a1a849c509d0bc385c0a8c7145b5dc4911a2b10072c3df36dd8339b24f76bcde7d4582169169df4708a89f0c1572d7fe8f81ce98a8dd540dd3d09877e44636db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1e0df2cffc5027f310907ecd077a051

SHA1
feace9ee5227d10184058e73e4cf06fbc52eee49

SHA256
391bdfd5775d8b36d5581771a0c949ea9320fc7cfadfc352cd86609bed5e6854

SHA512
db60103cfbf4179b2fc8c8182d7251bc8a5de5508f0bb08a6b407201ab710ec7483f6509b0cba385fc2ff70ec3259d973f1d311b85d67dff9834fb478d9959ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4608ee686e7f68494ae02bcd007bfcff

SHA1
61f95642b4c30c65d31f3573fb4388388946e9bc

SHA256
dd770e39359d6cd9750d38ad54ef096b58f46ec1f9a3d5358aea703d9d6f131f

SHA512
b6a8339af9535c27e54194d9c1e34a34d99cd3f5d9361805d41e6be571a4274638a033e9e032f20636fc37cad86e8f63ebd1ce2c6736b3354a662a2825f38cb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55425be603245a78b67a90a8438affed

SHA1
0f186ce5d974584aa94963cea6352370500fc8a8

SHA256
9aabfbd7c97e32a74d726d621a1134dc4dfe51b44003048bf087d2709b87e3a8

SHA512
1e5222be6a7f7a2780899e4fb35f70bba8ccd5fc768364dad5f2df8beb51ba4ecb98d53a32a3de1c87185af165487575672171f34aea9c2b86060c3be11d269c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
978d95956bdc5c41de6f6e0e527d9cfb

SHA1
7cec1886ade3f6b845bff570eed4fc17641efc3f

SHA256
9f49bcbdb7440c5677c3a531d0f56ec56ae1a2351d64d9f85fa1fc008e110045

SHA512
e41911b973bbac54754dd6d74ea3e4dd4f5c4761d7fc72ae7be8bb1a877bd1a6a4823e18da99692c019ac56cbfce59bd0e458b747e67ea0c614b8307e2945655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a46bc3074f1c96644daabc07c7c4f5b7

SHA1
1f11afe06ce098fa3c2d221271fb493e3170281d

SHA256
4fd67318adbc57033bc5a03df8bbe31e627bd642aa7bd1ba37beb4b6aceb1107

SHA512
e4fb54642b0274283b95a7dd1dbbabdcc2d337a4994f2351f88f1a42ad592ddad8f94cd89924dbd8cfb8f75e3e39b1bf140d4d36a500706b9831f4df455e7959

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d55cfab5f09e01c8b8729cdea42fdd1

SHA1
2f28cb84ba8c042c9d2e7f689aa088d21f9b593a

SHA256
e4174a0bc1d97150c781c09e037e0dc1cf5311957a182f22c69e607df9d18956

SHA512
4f4cbff5628a6aa1fb5308946f46307b7ddf180a9c7ffdcdb7fc54cda1d001d7af6e60712eaef597889d76b631a30a61fe6a9d6cd85e15d2be580fb10e8b536c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB68.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC3A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit