eb529d0397d6a5af9fd85fb25f53dd961925370c47eac2607ab0b91ce028fd56

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

a96d8b14278040ec34de4f12e3c78603
SHA1

c0d7690f5264cb6bdd90391157ec6e87fab28c02
SHA256

d84210b496eb01e21ca5cab6087708d203ee22c19e2fe2eb9ffced6c271efe32
SHA512

6fe0784d309e428ca4bbb192b123a9662d226b7e6785941c6cdd92d55d429da973f171fe60e3aebf99d745d18cc5696eb242f2edc7bdceb33f0861283db3fdaf
SSDEEP

3072:SnJRQxgh27Vs1yfkMY+BES09JXAnyrZalI+YQ:SnbvgsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00A78261-068D-11EF-972F-E61A8C993A67} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420600681"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2384	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2384	iexplore.exe
2384	iexplore.exe
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2368	2384	iexplore.exe	28
PID 2384 wrote to memory of 2368	2384	iexplore.exe	28
PID 2384 wrote to memory of 2368	2384	iexplore.exe	28
PID 2384 wrote to memory of 2368	2384	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a1cf774aab00b70a300b3d36b7ea6f8

SHA1
b1d99b3b7368ed671177d319b355ae696141bb28

SHA256
e2c1873957163f97cacfd4e19ee21e3f68218f59a02e0bfbb6f190a942bc28db

SHA512
df9abbdb3e284eacaa49cae097330e62584826bd9b7336a710bac2cbc2cec81ab354ad90da19e62abc8f952aff3081d3a7a9a7bf220faafed00e93ea0a918e8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8362cd845d419c80b452710174a8bfd

SHA1
94d5b9925c5b07c1cacd1a41925872f86b8e1ee4

SHA256
2c7e3e963e439dd37558d41fa5fdf2c613e0d07852e1cc9a0cebe780bea482d2

SHA512
615ef7b115d85c2b22bbac1266f6e6f557742d373953716ee34eb9dfb64eced30cea2268d9628478ab779e7e22edec02afdaae53280f6a574a39f76fd67a6cd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f795445e792576edd06441b8f2b82772

SHA1
38c355e8d546a2d215c2e593df5c78c53af4d792

SHA256
62f923abde2e38ba9ac15202d4400855ff6bf91d63d45681a0ea6df885b27d00

SHA512
6f2a5c80ef2de8d157e174e96dd546df327f3ff53c269934e754d95335e8feddc9097192bc987bd7fb2f59b457cdfb5ba2a0ecbe5682e4f872dd4c8400768a22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5ff84a48fb4dafa657a0a3690efb2dd

SHA1
341fd118476470a0c58fc50973d183c2aece1754

SHA256
9dbb5b0e56f96f3664943d35a28dc087b365813b753d93a69dd0eadc47ffc0f3

SHA512
88ff7dee339435d68d268d46ceae803132baa0e4e0b6acd559051a8a606887df38ed4a4b1feae8b73be013a1a50ebaffbb8a257b1b7ac96f0df53308027c4f3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8805202d33979d7763969130acd98d6b

SHA1
1fade5008daba95ac9e5c6ef6a6877bffe60cbf8

SHA256
54d377468f0c81763acf144ee2c1d484fa61584d4cb8c9e9805538bbc7ff35d4

SHA512
ee786e4e252057d8a0c411eddd22666ca8425721f981198a6fead49a01e67cac5676f35f4d5adc94d7db733020a852d81335f68e5466454fe493ed4606d507e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edabe6de7f18a4e6a8665f7d89aa9162

SHA1
cc952a26b18acc4fdf19adfe7792b595e865e60b

SHA256
f71ceafb9e9aaf1fec8b37ec6cb97e3ec3e65f3f57d087be31c17378243082aa

SHA512
9eae43bf8c2b6855039a22d465affb2b8e8fbe208f4de4a7e95d5f0ea2e457d203cb930aa086c58b85bb14378e317851732f3b2bad1f9bc2878ecac928e0bd54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c199b79aa494694a509110386987579

SHA1
8cf70dd7a8bd2a49661bc1babd540b13b3a3a5fd

SHA256
89d684e24fe3142977663086fb72536a0867f7ccc28fb907ac2e59bf0e07da76

SHA512
f61ec86ac4c3596d5850bd6f7b577a323943c5257adc1764b3c52d472df19af9510cf0a6bcef7dd8f6baa9b7e3c446d8f48338888d675ef620ac9058f898a251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
904cc01c41db897c7b7fc696fc558b64

SHA1
e41fde5694eb2008adfbc96a7a4679aaf07902fa

SHA256
f673630d7cac06a24ebf9ebc409418dbb3d7c93bd5c412b337c7d226002d87d9

SHA512
bcb706d7e2a1ba9c3a2285547854ce35ee91a4243f35bad85b1205a59a480e96f31a7f42aaa53426494a145babb990a996d109395cc39c1ca302dbfda0773c67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
832b32bac69c861c0fa9073285c12a09

SHA1
8e145299ad58e850ea6d296855cdd031817d2f59

SHA256
887203b73b6714bf70cea25e9b3bdd431dbc957418d9b4cea2adeb3fcaeb073b

SHA512
a88ea3386d4c5dc8c70256835fa3f1d28747e412501fcb40ad3a99094b168a1232bbed1c97f354f3074bbb2bc06c6686b7747a142b58fb96fe3c4bd6379307af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b229a515581cba7ffce052de4f8665f

SHA1
82f0276f8fcd3cfa1ed2d19cbb7206b84ec856ed

SHA256
7f91410fd5bf0c96b2f3b39dcce9a11185cd396c99e86b974a9261df3921509d

SHA512
f533cf5fdb82f782455e21dd9c93dcdf175708d8a38ffe2073c9bf1bece39150ff5f968afa5759d8b61698f27b916cd68d1e2a4155bdaefb9136e2787fe2be78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
caa905eb468d51170074250f50a3ff2b

SHA1
7492ff05074c52cdf20572a87ab40175e286db05

SHA256
f767180248f9c28896b9b373151f1dab661f568856b5746d624d28a99eeefd00

SHA512
fb1ac8d39fbc51feb1fdc61129a5f307aa73466fec46b60743c2ed71fe4a4dfd400482353b1719ac3392e058263b92ec4a72bc30735ba7da6f320b416d982252

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1d14ac6b43a42fa63dc2753c529582d

SHA1
300c8125983bd68e96f296cf9a9e28da43fbadac

SHA256
83c1a4117875e3923ac7da972a3c4fe705beae6f681bae5841f160ab6349f59b

SHA512
f6c010777af5ccb547ebd8389774d8ecad68834a492bcebad48706c302a5c3d4a65d68eac8a91cfa8368bc4da63e2ea9cc431fa66c7293206397a3d76fc91f34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48ebf6c0db509f1e3077e59b23b83105

SHA1
3c38317788ac69778250bd8c08870e7a3c5444b5

SHA256
9c5a8230f2e35355915cef33b5b4fa412ea3596be4b29cddd9f90ed1a419dd9a

SHA512
40790c061891877827fbfa71ba37db1be2d827e21cb8546f340baa6619986b61623404b0d65c94e9229def7ca5f3c09bb0f19119a5966f10eea7077b445d6b11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2f895e203a31ae4d6b870e8c2c3c78b

SHA1
9facbd0216d1735c997da30a714083aec96b317e

SHA256
e9cf5579ae0d3fcd6a8018f72898ff2b01f069bc090aaa8cedf0b24158fe2089

SHA512
2e50d94beef2ea58213f49aa9e24987f3c585a7692cd6aad42d79bc811bd0e4146d7d8e20a6bf1eeea54405af6c5c9240e33303fd04234c2074acd31a0a62f9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
839af37e91da0b09ec18bf761e158a4d

SHA1
2c5788e7c4f09436b63938da949986a49cd26b57

SHA256
b703fa1697d1aa21de1adbb6f02199ac40705b52f0a7e3bea192249738014cef

SHA512
2ce728bc1e2b5996c7b8309571d9079f66372e8ffb258587a55eb277f70ee9fdde0d53a9dabf761b3fa444746ac6c4650a4b03c18534082b40a497d548362238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93566634c02127d76b239215ef4dc3f7

SHA1
55180584f3e8f191da88efff2245290acadf5192

SHA256
fcf5ec21070af8a6e2af5fb004c1442a3b312ecb049656e557d30dc4e968ee06

SHA512
f467a5ada6b4448ece0f8f04e878b1f15ed6365f8ff95faba3f6caa0a934e73da28fb97685ffe86d4fceb4cf1c043ec9e45f6213a95875c208d4593d1d23eba2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcd57b5b3665bcfca364a19c8e0e8616

SHA1
b78724a237a331f1b428c2cb9f2e7680cd590b14

SHA256
201ac75ad7280c87982aac8d6999423b57318c04821e209a81fc81abce219dcd

SHA512
f5bd3f34c4159c25f2b442b26e653ea594474613d4ae95716982a3a4dc7c57e89ba881044c111753c747828a3d29c3aded6decfe53322b28390356756c372b88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cdaca2428babe098b24994aaec9f2c6

SHA1
81e205bc7ff10894b49a5002b0c1c2385e5351fc

SHA256
c551f4f5554355651ded42561d1524436f38fd403ff21aafafdcc815d4ad2f6e

SHA512
13309eb27bc90ca666bc6cce1790dc094ef7d5d0cc5a1124622a535f4e0c6aadb3e2657b7a78c04fb90782832bb8c3cdbc7f86f278367e373d89c2faab0a4810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1161.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1233.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit