6c10296302180149ebcfa8589c4c3827ec5507d08b2b77cbc6f1326747a8b0f3

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

c160afeed6214395a83709835544304b
SHA1

6914b6f7dfd30695a940b92aa8ecfd50fdaad707
SHA256

1a14654d7680802b9a3604f4e694b4e155e7d89ba936dab423627b7774b055d6
SHA512

1e54df3061811fef8d9a8abba503da392efa33a7929363b1581d3f2749720c1a4d14f09e67a7e573eb3ff26cf648ad4db4e0862ef51cb209ef5e9182e3e40e57
SSDEEP

3072:SMGxypT8lNq3HyfkMY+BES09JXAnyrZalI+YQ:SMHuoSsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420631742"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{51DC0871-06D5-11EF-A4DC-6EC9990C2B7A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1924	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1924	iexplore.exe
1924	iexplore.exe
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 3036	1924	iexplore.exe	28
PID 1924 wrote to memory of 3036	1924	iexplore.exe	28
PID 1924 wrote to memory of 3036	1924	iexplore.exe	28
PID 1924 wrote to memory of 3036	1924	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
061d1c28b885d8885e5788dcabe9367c

SHA1
49fb8d31dbb346d82c53ea69a913d86a48b035c7

SHA256
39076621ca717893881e36d695a9ba739a4b5f0f52f465db964f528746e995d6

SHA512
3303c204751e1c074d8c1bc02267312bbccb0eef9da78ca86e44012a1c6ace3eefc767f159685507300da8c73b56f29f2f05eccaf27dc5ab678eb946982c886a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecf3d0177c59524bfa3e757ba6ec6b2c

SHA1
2e1b2d7cd41bedb2f578e402b62d2ebba122e8ef

SHA256
e6558335f0daa71cb1a97107c0bd70c27062726c8c6aa2bd873d0aa615c0f621

SHA512
67794c9e5e0a9099e94c5a42948ad95bbf366743c18a6d006cd0af97870fd82d1003f37b54aa97261dac651aa1aa048b00bd62972d4c64ad94da77ad731306bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70719a41bfbdabb0b67aded0d0f1b2c8

SHA1
227bb55aa3cda0e5efe080f78f81e23c3f2bce7d

SHA256
182755b9af8893064e257467fd722e496cc0642cfa0f39f65d26c7f7ff63e107

SHA512
05ac28d08608f52ca5edafc3e314110719bdc4a1acc1427abdf4c45ffe3c5f046d731a1c2d8ab31681ffdec8a100f40cef3b57b804ac2b2f28881fdd34d6d72c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f96744ee4632a314b4d4bbdccaf8157

SHA1
9dd33f77503794fdb949e636b74fcc8799a4d874

SHA256
1dc220385a3b931010dfd3a8b5a62057d1b641c715593686c10e8283be8c1677

SHA512
04a5911093f2eb81120bb813b77cf457f84c6f8f13c5f4beb570097efacddab443ba91d80388061fd6f87039770ac0d9177993fc756e0862168a06532a29fac0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78838cec66a9cb9e75d8a644eafb48ef

SHA1
20657c422003f81d948bebddda9b9236c6e70756

SHA256
1a1c59ca25efca4699a3d282aa63b78cc5f07361e7e6473db4b0ea78e71673e7

SHA512
7ba6b9e7703aae3de5d13ecf65b2c80b73f6686fff36ba3257f4ca37176c020c905a71d6fa38e2c410119e24ac4d75d5a21b0dc76e8912f9abd2962213b033dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bd41396809ade7811a6c67662faa7c5

SHA1
65fc518900d73ccd19f8e8b0d28aef0490ed7729

SHA256
130a5a2b010cf418e6fdf8114082eb24877fcdd168ecb8d468cb4ee0c3ca1183

SHA512
77f4976fbc27ccbb5ead13e1fc63588b0ef0c4ade83e6ddcd30f3649abadd214d3d3e4853b383f345e2984c9a090f2e4f01021fbaf5512276a2dca4397bf91fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2b4fab188c2ff333a2a4a3e9d43e482

SHA1
e13389a0e0b2bd55045b9c65d4b1a410f6d9cc19

SHA256
0a3125f0f40a25dbe5cdfdd804b891c46ca66473a4251a58be9b23397875f6fb

SHA512
39ae1b305a362c50991ad5a3685f7271ed87eeb1064c6343f61d4cf5861c5397a97faed6b865460595b04ff682873baabab127e019cffa73cfafd634ac55b4a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0dbed21660e1f27043ee2fdeb17e5577

SHA1
63758fda108b92a11a79af6202ac1dd2d402e83e

SHA256
8835e22c4233ccbd0876ad062bb4e346facfb854f2b94bf1639336f0f4eeae35

SHA512
9811b21265aa3570e0c32d1f3832a5ded04ecb0311892872156d6f4ebc66065dd9c165bb5d9baf9f00bdcf6f17cea1c938415b57bbd8837d7dded661d15ba4b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a78e41f63a7ac7df3f4a5624dbea654

SHA1
7271abcbcb2e83d5477c89f3dd68073fb2bfe5cf

SHA256
0f12fde354e11a041f39e7a94b4be435938354c6e4a565486fc68a85de610a5e

SHA512
6be86f41be6963bee7164e17838973bd0aff19b2573ed5d05d929cae4bdfbfe4c4e3c5736e239bdeb5805c6e9859beab286d12bd9f855fb7ff9149934f8c8329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a47d7ba8b7d2384a3b18d9881090e5c

SHA1
835f9d71bd88389405ba5fbc8b0b527058ed056a

SHA256
923e2044eb914c4ca0baf120558121eef48eda1b3cc93cb996593d08412087ee

SHA512
565c9a83e7b4b2919345756524e608ed6a070223be5bba456625743257b9be7eb8c154871349a29a1d882ac6bdd3fbde83c766563331b6d006616bd35bb37d9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afb8c18cc067dee0c276dd2d17169d4d

SHA1
e6433132ed125020efb0e0039944392af39fba0b

SHA256
34f50a42afff164905c454558dc3c15d72c438b4489cfcd928aa37ab0d69cef5

SHA512
01113b824d0173dc69b7ecdbf3966e903e14c3f7e7e7b54837855b36d7591959491bad5a1b1bf79a9bf872b179130bd7d0e6670630809c3f3f0859f95652cdae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02f0374a1c2724006733a2424e0fa84a

SHA1
6423ef7a0232e44fad8178839736a5855d3a56f7

SHA256
c91a16be41315c72a1c6f9b70c864bd7cac8eb227b6f58fe2b7b8c2002b07e8a

SHA512
860242eb5c14a127d296dc29d4e2d638377def4326551a5e7d420f2695bc4be68975e2972f998e1b2eea8c7e2c66bad695ebbf792bd9d37f012b628a2ca14dcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
504eaa9f26e1e05e27939064e3a30f39

SHA1
389a36ca8331ba4abe70d6acf61050d98f4944ba

SHA256
cb47330ddeeff61ce130f596f2392461b947242532f1b2d27880db609b9d9cd8

SHA512
82e81ec6c8bd536a1ff8e873be853c138a3f38ec542212fee4d852acc3eaaa02a9c427f07bccd8c18c51c992b1333babc0cc6ee51b2ec2f607061e0c3fdf3808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c24c4ebec9cbfb66108a0f3417cb8ee7

SHA1
27b8e23fed28d432fdab747ba4b2fcb1a72a6bf1

SHA256
5f340a691e18966ec894a6afa6f387cb333304ebe70bd4847a6d240cc52cd45c

SHA512
fac270cf5778398f7d3568df80fcd88237c01fe98208deb56d9b2baa2b369cb6cb484167e0cdecb3d6fa765f3e5175b46b55c85edb4e6c0378b9e85272f36ee1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c78aaf4969bcf7ada530fc01b5165906

SHA1
dbf666a977ade99baac91167709226199dffa747

SHA256
fdf13e5d1cecaff954d8cabaad88dec3329ed0fe4bc4d820287df0ff6c536a23

SHA512
7bf7a3c48dbdecd74fe26b34c4ede9261612de2fef8b9d2bbac4ba93d6930abfa27a679835fc74c97fbdd710121b9a1f0d61bdd17bbb2d86f3f66d84c87c3e0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22c100e11933923ff5481b7ffbf2c4e1

SHA1
d17a63a278310d816be81748dbc6534bd22c3111

SHA256
3ea73a9c13339cc31ef32f9beedd0e7875534050995cb65bd89ac0770a0f073a

SHA512
bebea5e1e7c04758f9664c566612d911382604bdc878a4c65baf2c954be864650207fac00dc36b19bda9f8792eaee7eca5ac6e4c246a04835d5bcd40c7173635

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87a4cd689ce86cd49a5764ba21403164

SHA1
74ad8ad1398c36bd14e5790e1571c021f8708783

SHA256
e7733dc8dffe1f7178a00f76b90673b52cd5f203dddf228eaa557f621434ae33

SHA512
b009df1f7b64cbf5bb87ad8676059a65cd029e05393cdf85cd038eac1c37449bb02fc05a210aa605418c54893d1db956cdbb86219829913490e06c0a336a6bef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
211e1650adc1fadbca797220c93888fa

SHA1
5321bfe2f7a955c15656d85dab546b3ab2c9632a

SHA256
8c134c8560f7dadd02e90ccb7e67d4511ed63bf520dfe1b14ef1fece9a82d50e

SHA512
d1288da206a5838eb88874d319ea58ae1ccc0287dc8e2f21007b00c26ca803416f631370289d184d84831dbb6b077e4d8e39769ec51ff6056afc31b4430408d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d332ad09d7dd4b11cf073a95b912b54

SHA1
4be162b4dbc4622e03d665980b9438a137971971

SHA256
01ee67f0b74caeecf666298af9544fc9a7e0b107a5b33584b4b0ba8359f1fee6

SHA512
a3deb4edba15f179a789dc043dde4d725306cc19f183541101c4bb92a9bd30cab41b4f6fd15f3e6f20647d86e7472fb708b5717cd9d0791bf046e2adcd2452eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab10D4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar11C6.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit