183f0297890114e900590d4267d7e879ae8f8c2249ab6f4c44525586bff1ecf6

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/05/2024, 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

27733dc85066bff220928281374092b5
SHA1

dc7ea83c8b5fff5f044ef49d36f5b5644d5edba8
SHA256

4e40a3eeb3add545c2a40627dd5f67c40bc6935284d0f07f5597083a68d7cb99
SHA512

99a4c9a520a92435ffe388f91841ee1c62e5278254bc3b4e9dfce7f1cd8edfa74683c886746649fdf611b5a55370cdada4b0e8a59480e918382a074766186c8e
SSDEEP

3072:Smkqs2wdmOnGvyfkMY+BES09JXAnyrZalI+YQ:SmkRpZsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420720294"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7EFC0521-07A3-11EF-B804-569FD5A164C1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2844	iexplore.exe
2844	iexplore.exe
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 1652	2844	iexplore.exe	28
PID 2844 wrote to memory of 1652	2844	iexplore.exe	28
PID 2844 wrote to memory of 1652	2844	iexplore.exe	28
PID 2844 wrote to memory of 1652	2844	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
333bb4b9f3e09fcc030a7e4d110892e1

SHA1
a080006a0813647ba6878aa09bb22f5067666ae9

SHA256
c946bb1bf7ab7162e99c38ea245748aa885012f59032c94b377247553407f2b2

SHA512
321b911c26b82ce9f8bbbec08232beb7364d0271025609a845eada1c74ee5b5fa2e6c0b5c96e83b0c0da6a6934e9809e31105ed38487183196c0258016bb6374

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65555b56d220feff62f180f62a8c87db

SHA1
0ff4295d64a80117897562c4d931330d2eb680f5

SHA256
7e1b2b9883c32d90518cc1b7969829bf1d3bf6c2ccc277994fee9155037f2be6

SHA512
c72ae9545eec4149a1f113cdd1ec1c5a4d4e8b8edc62aca19b0b3f743c48b00569cf4c70145adcb16dfb13884ee8a848d5af5019458620f41cd5558d31906e66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30b7978d5293b020cedeab2f45d33958

SHA1
aff9118ad8f11c547c929387257be8f0359575e7

SHA256
81d1226b781e8f456d34b7df2f06b8f4421b17a888f8d3371a35eab6f4e3d9bb

SHA512
0e14ac3895f722414ddc09be8e4994819285ae6316341e0b5dc9d935b60b6c6252a17543d125e1b77f3c454e260983309925e4fdc7dc4504fbcf427bb2368069

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85a7633e7594e0d12d1156ba24ddfad0

SHA1
061b9183c9262055eaf8eda04e25e476177771cb

SHA256
f2c3ff531871ec223b4b0db401356b7866be8e40589cdde89562c41c5f995fb7

SHA512
1a07de5ca47d1ade6a86e53c14a8cba0f29c9245d97b1c7a6354a8b5c66542e8931f730378bee2594e9a33a38b57212cf36777d8f5cd77ba51b4e59e7554ce29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb01ed74a193c031676fb54bff4760a9

SHA1
c3ea3d9663910fba4f27174077a38bd467ee9531

SHA256
bc4de1da04e788c9b6122ae7c727a23e54f13a8755de73d8f68f5ffbc7aeaeca

SHA512
2c49378e9f31e851dcbfc2ae9ee419411bacb6e838e3955040d3dcb2de4b74fb4507452f8afa05c849be6b9f1b6ac0e7772058db10285ce5940307ad27914cac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b8d371494ad2c02bc655ceb710f9245

SHA1
38871c79ea5a4d2281977e34c787705454679865

SHA256
e4a357cc280ea49de4de54908e430f042e63ef5bbb5181466477e75a56317c77

SHA512
f36c44f39167ee08b7f7ef30e25dd7b7f5ee93ff1151f47946876945eed736884c5821f9f65c6ab43fcdef832baf62cd7a89ef9936395a2d2d528f79d625dced

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f26b56fca566a00e65087f6ae8091a2

SHA1
cf7fbec2dc6f2a00f359b2a10fcd0d5dc4ec0e18

SHA256
0676e948e9151112ba61244df453448aef3633551515e3670f215f4e6864d6d4

SHA512
2ee6878c3e0d95f5d9da163671d783069b4423e89e3f515b8023b4a4249a6ff3988535a6da7a135dc5f45f41919d353bcfcef59115c215c325cac8a0dd54c877

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a48c975b3539c988e76bfe09233c187

SHA1
c1aa910b85018988e99bc6f48e1629614cc0bd91

SHA256
4bf64a76a06cbf51d8ecedc9cd8c65f6a798099da3ba7fd0cb1babdcab82c2e3

SHA512
d97338f5f3998cf75cd515695063275b736f5c5ae3aebc015cc1fff86c0bd7d95db5d351eff59edb475bea9596b0d8c49c94823e2386b8c57ee7ddaea1444115

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c62f9920e2d26260342d03774243995e

SHA1
94210560dffbd74be89631fb3a83a9ffbd234eb2

SHA256
701a01f2e21835e15fe10255d0eba51a3c89d326a0e0ffec2f7e8f4fb82c45d7

SHA512
1e961e5268ddbd4843f25f11e84bf7b3ea7c4693445b24c67971193a308c38cd2ff4048040a57801bbab4e6d1efb5b2bc2a10eaa3b304d21cd21c526a99f162d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
395bfe752a31651f7520fae718a9ae43

SHA1
2ca26d5566e60783e4c7791642d5fdfde40e6aa1

SHA256
2571f4cf3408db6d9b0fdf548750a670b1cf946576bcf6fc84bef6150edd3913

SHA512
1256a0d1fed7cc62cbbed5c12bd3a6ac0aac094d00090eb446b3141befabb244e3fdcf1ca14adf808b99051bdd5828d002df86a6f42c727c11b5e2058f343fb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b29caa1e698006aa50ae08740aa2d65

SHA1
914d0fcb54a1200b0917afa32d2ccd9a9e0c010f

SHA256
988d7c15dc58c1f46a8f681339d2899d5eaac081588584c22a46776bd5c4003d

SHA512
d5c9237693ce1989c85c0d947366b187579001143ccd394de867df926df5243d078460dac293d6b04e2a35a943698fbf8dcba28325f7624a99f734b2e0d0c2e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04a5a45eb48a6576fbe9f9e1b98cf2b0

SHA1
ea6faf1d8bdec528201265f90fa647f2e584354d

SHA256
9ffc01d7a70c9837eb6d8ba0f42ae8fa429561fe5dab602b0b98cee72cb369b5

SHA512
6202828c12a520f61c2fb0c04092a1a1b6908805d2c38fccf08ef1317a704a2dc5e37dbead4d1e2e6c668509915c5dd44e9ebd7dbc58d264397a8d5d92cf2f71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5aa94652a4607214ecb94e3f7be84f9d

SHA1
46b2812adb6acfb90bc87855ebf73ec5efd68a35

SHA256
343f0077ceb5e41e1a0b6f993d018b1419f1453076c3448a58dae5d2193995c8

SHA512
7c42819ac967c3dd9cdc6245fc3f14e66351c33535721f9763c513fe76231aff832890ac1d9cd7ad5152b824a76a636aab89ed9594074e83e6ec37583d80d213

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8dfe7e6d7e9955981eca42cc387439e

SHA1
9488fffbb703bd2a5b21a7cf0f3497a2c69544f9

SHA256
ef82e9b371f4c3ec6592ce9661b92d2d97fd5a99e88af17410c45b1599e93676

SHA512
5db21f18efd1515953c3d727ef4808114d31e6e082f2bff69418611b8c5c71659e362f552ac945d51de3e1193e83ef075f291eb27971ffa9142df3599238f511

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d49b2c90ddec710637f74e598fa33c0

SHA1
3f38c8bab067fccd9e09a6a867b429a4e14e1b48

SHA256
3825398850c34d5f7d21c12ebb9bad91af7655e6a6029bf82200a1ff97374499

SHA512
80f54476e5c4bd5be28b30b36d32482b900f63ee075da15ddf3d91257cf60e1400159fd30f4aed9f1d49586df14e771fc4a6e7b53cab7370bcaed23d4ad094fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a92d7dd7b1ca01866977141b82e78bd

SHA1
0f38a8dbfa77d8a0ec9ee55d890ad5c0adc40abe

SHA256
8982e7bc84773e130c38a2cecec73ff39c26958c368f7eddb04f703462bcf518

SHA512
b5875c2fe4f19a6bd78fce926e7ce6670a0f7af098bfbd570d746fad4093fc7c1584ce82970f2db05944a1f3e77a263fa6da8dfa3ae24d044b12c557a3680e8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80b420744eded0881ea862f4f4936980

SHA1
d479da99c7ef5ae53f9e3d9d74d1d06d7527329d

SHA256
0f1629ca3dc48b76d1ebcd953289ae2945f1caacac0c36ea6f981a7cd620e6c6

SHA512
44561795d3df40c495bed930f3812a9fb1863f98ffa2a5e47230955ce2f9680750cc5a2eef60f14f4589c67ff7901340d7ffea96ea83aebc32470337bc22eb4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1CF5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1DF5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit