e98395bef5188ad3d8b1c736ca69704722e1ccb0bc8abf86015c4f2010a8cfed

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
02-05-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

7b9a5dea9051c59460a26fb613322a94
SHA1

e63caa43a0e6613d974858740698ad53553defe7
SHA256

2f344a01dea1067cc8138f3096b83dcbcc212f49eca45f3bf9b8913b810d6522
SHA512

b40bba8f6e7f7c341f00ad9a648a7c99ff9944bda9fb20377dbdf920f7ac8684b0d3aead8094ae0c91ddae20b0ae68bcadc2399e0177dc12a3345bc9b749ad44
SSDEEP

3072:SV/k0Pc3yfPyBqmyfkMY+BES09JXAnyrZalI+YQ:SV/Kj8jsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F13A0D31-0889-11EF-9FEE-EA42E82B8F01} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420819270"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2860	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2860	iexplore.exe
2860	iexplore.exe
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2484	2860	iexplore.exe	28
PID 2860 wrote to memory of 2484	2860	iexplore.exe	28
PID 2860 wrote to memory of 2484	2860	iexplore.exe	28
PID 2860 wrote to memory of 2484	2860	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dffe129acff5c543e516cfb5d3bb4ac4

SHA1
4a954ff5044274715b1e4cb2ea2bd80a709f8f7c

SHA256
6436cbca674afa259b16e706065108d298b2d8ff20f647f1f6d77df4fdbf48df

SHA512
1800645f00973b875a44a3152bb4f1bcc74554cee9c3e22a4f10f0aed5c2eec5a29e52a63dc887b34d4ce4329c7556bcf8fd9d816e47a29aac0c609a47d7b10f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca8a9fe3b056c3525161876a8a0f0a27

SHA1
aee8256a23e4578d752ee01414a842d4cb2abaff

SHA256
73f46b3cefaeec5ebd9aded36e5eca4550dae525c3f0ae1fd35b1133e9148415

SHA512
25ef3c0c9d49369c73f0f24dedd630507b44e9f411dad4dc76189c3438f61c4a87e253c67c86e9137eaf5256f2a1dbe900224471cd507454d7394ee9353bb6eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f30f7a9ca7ae3093bf9a45588b90d4a

SHA1
2c25bd730a8bd8dd262f2d91939091cd7b95206e

SHA256
d581775965783c938f9c27a473ace52e97b286420014a64b99ab0274d4489b3d

SHA512
8e9f924a88102817276c0b3f81b02aaef24d5e781d2b65b9af9378bfc397a57b15ee1e1e8a7797b57480821f07301a22995eb11bb376b7ceb5e8a543d01d388e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6caf44fbcd94c8b62aad354939bfb32d

SHA1
2d3e90aa62399064e46d9965480262a99a93be2e

SHA256
1fd1e56125e2b9b939038db2ebc4358f7972e4f888a32203e678b6b0c0f7cece

SHA512
bed6e1a9cf26d2db811c02bec8d0943683f52e57a577125ea3157b6b90d9c63a801cd10f38b7df5e16c8033ef08e450999b0be3f6fce87691098e520dba8c5e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
671435591ee6af6515697ef240a59538

SHA1
8d898585dcc2fe88595f4d68ec4e78be36547348

SHA256
0603fd11a3d3e650a1426c359ccc3766195a93056709c738f48d3d8f850f658f

SHA512
31c5ae31d84f25bf9af2107f767e7293afae1e049bef8fcfa1613a4e56357d200b3ea6637f257f263ed26d2d3e29d2891dbde54fb29376f2808ab47707980f7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86703887b51ba0935ae7b3b60f1c1fad

SHA1
f61ec12c3722ce5baef4d11dcf58d98b7b54c1ce

SHA256
7e5fb8a0d577b6e7ff04b34bb9575e2d70009ec1a3d3c054e174f37c00754009

SHA512
3f39b1118cb7cb04403863f2d578b72fede36382032105930974e43ac40f095ed3949c54bfdd033b79663fc7bbdfcd8112205dc701c666664ff51fbf453d2f61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3753e1e29a79ffed760a6e2659395f7c

SHA1
a30cd93d5880298b414e57c28d6b2bd4b8783b7e

SHA256
8fb5d473d61aa6a886c8b182a98e1e10ae362470344ca4d8ed2ec63605670e3f

SHA512
e2854c38cf52fdd236ea90cb45207ae8805db0ec84aa27fb1515c646d0c22d7c08fb7fbed7ccd325622c64ba278c581685fd4cc81933cbd469633c67a5777066

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc5077eb9968b2847d3a049729bdb4fe

SHA1
38510b15425dae8c1e138be3cacfe51491027f4b

SHA256
12bbc16d8bb95b20e111050c576764ad5bbd183aefdb46c2022961f64c70289a

SHA512
606d38524804c03aa9f858d3f121e5bbe4bae77591ba4e285897822ebc970da1e928ac051c11ab668afe26e9066317f3f248feced851009a4c95f8d396ce465d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
636c97806198969edf6f3e97925a40ff

SHA1
2e2a19bca41671eebf705f9ea95affb45a9e1a64

SHA256
86fec7d953dabb68b8a31aa5ad685e377b9b945ddaa1f7b2a4b7827fffed4bd4

SHA512
ce32ab09625ae91960bd28c40ba3da978ac7098550d84d38f10b35283db9b2dbfe83e57638a2a4b4a4eee0ebf923ea11cae82c52e249646a81193d4359565970

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de2edadacdc03e5844e755a410372459

SHA1
8adb681e0a60177aba714bef03288209abf27cfc

SHA256
adba58c1ab24cbac2d66be9643388d2769ec6b568993e00fc2ad42223423c7c4

SHA512
199e743e13f42f49392c38ca98f746835c7b921f2368c54ea2cc4482f13bff106307cf340da332b2e0298706c5c88a5d519c0b8aa1ba236bb4c44fe23944382e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e11e2fe0635f3eed4adaefc04ee1ca9

SHA1
53f06ae317fb0e214c2900f1cf421d9b811387b4

SHA256
c255f8fe66065d609d3a2e4f7d5559cd6d7b6986ec7da3bfff22db529bfc368c

SHA512
87fd483ef67839fb5abc97a9b912769a69af06803d6fc1e3d3d6dd5d5047d66ccf83f0def09d5be138d37ccb88169c5a9caf7ab68c7d94152aa211904e02fb96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60928ba5468e12808850109df3b616ba

SHA1
3d1cae39b1f58bc5dab8df701fd3021b7e2494a3

SHA256
5d8658015274ea31a3fe1351f388e2dc67d241e6e7c4378afa300fdb0bd8a9f3

SHA512
9f20b3f84ca7c05c827616b14dd38759b473a677f5fdfb5101055489a9958e4e2a10469fcfc432609f475375091479f698307d4f91a5ec7e30136a67d2af5e2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b303770b56aaecc65218eca268643bfb

SHA1
0a047a333c0069db5b9ea9bf4bd096fabe37047f

SHA256
6d713a4569443b6de2eb5b64721cefc971696dc3fb70a4664ff8660c1aacd73a

SHA512
b2e30ca7fbd0fb07d5eb8af7b7f7aaa9cf484665990f579c72ee3796659614b041832d70b87459aa42b66f7d47fbb4a14afe7dcc4add86cae90fd653121abed9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7e17097d6f1ddd58bb3c18091cad460

SHA1
f785fccb2f1661786b8dfd98a23c0ba72b17ab7f

SHA256
b2f4304094967739b32070aa65cf92a2a3cfa9b9df223bcbc3bfbe9f8550afc6

SHA512
ee3143c458d3b134036ec2d39928576692071767bf5833f25e922149927dcb4193210be063809236fc8cecdd8ca3d9fe1bcb506857a671b6afaa9823e05242af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38dc166dee35fb6a120d2bf686d69f4f

SHA1
0c1de87233da2b14db127a46e60a90f62b083233

SHA256
541c8240f2ce33d75ca0355437910c77aa63f0cb13eeabe8c432dba34bc9e80e

SHA512
fc2439540f2d0a9dd368f6754d3fc9e706fee2cb1b5de27eba9efaf33c81319510d1fbead73b117dd6cfa75a97d237d4a7084df8384be3ebf117171e9e6d5864

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93e9889a59262d44de6013035647cb41

SHA1
a3a8b4e66ca78e471dd3949f588ab83744d92ad9

SHA256
e2ac950de79e1e626cb928d0ce04351e24b1507122b3e9c5f7f91c1a35ac7c26

SHA512
e9cee8d4576f40001e1f4d0d0229fd2d184e5c36408ee574e5a29ff0f33e17b05b07ac63f61165e8550ba849396e3d5cb30b6b292170758d8738abf7f3142087

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88b2efbf7ed27dbeff26859a2a888aff

SHA1
4633b2695d4ad283495d793d7ebb855c79a8509c

SHA256
1a88bd1c8c6f91fc7ff4d681016c1877466a351928550b6e2b02ec6ffb00e141

SHA512
7c932e8ed5b84b0d63f3f68b28be66c12d74d7147590ad33f4c0425f60be98b82388c6076eb318d51dee492fa84b32688c9fa27d0c6681244a2f07b789c34339

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07416f12877378649f84b16f7c71eb05

SHA1
a80b4adb68556c8f9b1f8cf7de99c5379925f094

SHA256
91399223d9b49f02dcb519a805400c383d091208efa670c78d8f1e9e20b72812

SHA512
79f374a20a27dd919550535c22a126edfaefb6713913acc0277fd754df916e29d4cda219caae5c1170df1f8d7c8800a17a348449fc8aec6fc0eebb4b8cc37c7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0e3cde71abd50bf6606f293ed7e9570

SHA1
cfa385bff9bb8d083e6998db773918c4c4abe24c

SHA256
c8510a76f9c50c9c7049c4cb263402cfbad6d81b776ccd7959a1d4c5aa96e989

SHA512
95170c096570562f4875e24a90e59d79b1f83cb4be0ba1b55ab50e49d9c2b2b6c9bd8f0946bfc400ae7751420e7efc8e120fb2083119469c042589c0319d30c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab12E7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab13B4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar13CA.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit