407392c85039bbf713443006ed82741abc1981a66509a9cf274e6f60cdacda34

Analysis

max time kernel
139s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

ab8a2855dfe04721e9c7f79e68d74ec5
SHA1

f324f43582f41267fcd4caa00c7c9c9bf3c9483d
SHA256

2b63530fd30a1627b1876c3892b01b4448b73fee0b1b2be61ba8069bd2e15da6
SHA512

6de5162a1fadacbc180b69cdfa2360ea99625794b2e99ba595ba612be30cd6ed5208ede205e383e31d14a2df5c98cee8e571e4e8b3e33505e6489ab03a41d5c2
SSDEEP

3072:Sb5DPJVcci4cUYvyfkMY+BES09JXAnyrZalI+YQ:Sbm87sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420860684"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5DF622A1-08EA-11EF-9966-EA483E0BCDAF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2528	2156	iexplore.exe	28
PID 2156 wrote to memory of 2528	2156	iexplore.exe	28
PID 2156 wrote to memory of 2528	2156	iexplore.exe	28
PID 2156 wrote to memory of 2528	2156	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07c3d60028d6f5ffc4133bbb0f8c45ae

SHA1
bc35b15c9e9310737a34fa32cf9d05d83c7b6306

SHA256
aa306d208fa96a9fff730dc10b385aeebbc6fe78db6359112683473543100a2c

SHA512
544293b10ddccf8c89c686443b80a7e1308aef202845fbde425d4fc0b7571a748aa916e1b5f9e2fd645cdcaa4cc1476611324d6f49d08f5622ca383423cfaa98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
886fc31828948fcff9ac2f98853ed307

SHA1
6243d9cee36b062775ad1f28c76a02db01775ce4

SHA256
192dcd66ad13ae9e54922725124dcb084438ce4cb3ee5b59b959ea6f6aa6ec87

SHA512
f8a57aa6fe6810ea278ee69166da9da4f919d2c02ba7f43f799dff1cbe7c237df49277422dc5e140ffd668023adcf8c41a10379cff46599edb65d71ad595e0e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d34a8aaccae7d41e9f2c0e2527bfca84

SHA1
b6506c45d2bec57a20a7ed4d6b978e7c0324f1ea

SHA256
444ec7405220af153b333c5fa37636ebe7b1d61fbeffb2e8601b05faf910e885

SHA512
4585ce034058fc07b75a483bf4aca519c3847f9d223bfe56a6217d7d2bde6d83cabef2b2cb760ab4c5529dee5acfce0ead7bdfd7f854948090808437757fc763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8c58f4fe0c5a438033fe40088b6d827

SHA1
6d69172f0201ae9fa5314704375ba1141f782655

SHA256
18529bb9d962b2d7b72604029df0ec4ae73be794e51e548227b85f2af7ea48e8

SHA512
e4f617854272a8055e8494c7bbe79ede8076d802430eb59342e1cb1bfac7a07301964733ab45cdf15a8b816ac34a5772899f7c2ae9e73b9176be321b2292eb25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c904a66c26061145b0142d602a1f6a2b

SHA1
b00c62ca2b15c99a63d0f12226e8116c305ae820

SHA256
4c5df077344e2094276f8291676f7fcf75978f0661eb4f2d6a822ea82a41ea04

SHA512
4a197a858fca41077f74badcbf2afe8b47c5b864bf912e9ff43c232bb7ca6f2c2e65904e81fdc1a1d261548aed787c593f56ac0b8e70665d437a0673f6b47f24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b24c3cebf39ffc146eda5882215ddea

SHA1
1fbf44a784903f1c8ed179fdfcdbad5fe02c88b0

SHA256
634fcaed723d8dd1916aaba8da75b7a3bd07e7400157efe5dca3a8ad04443aa0

SHA512
5bd9a0cdaa2f7ee1e82b572672aab9d8341f7c7aa06f23b141337ffb6b57fcf7c815a8c531933673afd63e6c43459e9b7172a19f069a60bd095a1061dbb652ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33ceeb7f9924b5e907b7e5df85dea2ce

SHA1
d358c41bd65c7294a07cc16ef361b9108f99832d

SHA256
09cb56eedf39221cdfbc7cc5bda6544ae41d82ed149d038d7ba2aa879f31add5

SHA512
b07369542565e4f7e77e180cd00d35a028e2879caf66532cb78510fe83cb61c4568ac1ddc6d3ca4b4ef248492265d287b492c1b6f7db2eaba7f57181d7cbfd70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d332fe98ee91f26b9b577c9d16b72a4

SHA1
3a0c57b2270686861d8f6f69b70ec72a88eccc1f

SHA256
1cd5051f94b15329b59a21be8ee240ffefaf13aa5c01605881a9049d93cba688

SHA512
b1dbc24a8f781391e5442349f238b1485f08af47b5c0633042d0ebea9d3b559d7b8f45d07675238b6a1e944f677e39eb0f385015905362e561a0a2081d612719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3026e16813eae49fa7cb9ed7bee61a25

SHA1
bc07b5480b6b08e01685898ea40bcc099c21355b

SHA256
d5804e03874491fe426e0a56e000c5b975e418d8e210633fd572d592e59e43ef

SHA512
b28d76e9a58a55698e3ba97e15db0995940fe3df6355a1ff04c58d0b4486f28fa136f4924b7e0e99958275d6d41476c431134e42fb266878bf3efed79ac30919

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c04a796b41fbe2e1be4102a283d1c2b

SHA1
43328b0ba7fb1a63505f4a0064213b21d9ca9bf5

SHA256
5ac5266687c7683daab91815e980b9b619219012c62c3fd18196ee83f8d85d8c

SHA512
03acebe65c67db807f2e226ceb85a3ba23b98a6845794c516414e4a9e89459e9879909c378db4d3dcb5fe5c3a0c9e08f876dd3c4b2ac6c7617124d33deef697a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b815a95ce3ce432e86a4e5bf4c23281

SHA1
cfcf3fa498e7f625c18c3b1b143586ea238fa04a

SHA256
fe74a9a53376535ee5cc6f99fc889acc18f10343e4a29aba95c50ab46006b602

SHA512
b5597b19050eaaf25132351ade330a514736a57d845cbb29518b4b30e50ea212d761ef260f31291b61966594c1a2684713fc820156fcc12fc6382fe77677eb84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ccc01ee95d1f776b291780f0c1e1010

SHA1
8856cd6280d60895a679e0f39d891b186ffeef18

SHA256
20c561b4b984fa52ead74cd441937ce42e799da3417490e0fc70fe1815a6e723

SHA512
ad67a521dc7091d7be7a12480ac8517a8bc22bd3a100dcb745a1f0c2c0185093263a8f16d87e253dda9e8f498f3a6d48bf5766ccf7cab385a53c850b85e31ffe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
095e28610c81e4145ad9cc68eb54eb64

SHA1
0357a5bb415d435d5ab2c51a25d8456c9f3680d6

SHA256
76fd57c630ab458f0a428535733d6ede929cf7efa1a6bfab696205f666f17d08

SHA512
fd2145f2f09ace6efba9c26396e637a66cbb5ffacb86e3e7c003f676e84f5b0bf0d47b58fad92932c53c9c4b068ee10871482addec3ed3fd3d07ef7348d5958f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60b90c5d903169a4763908063a25b8a1

SHA1
33a2e65dc0a73f416cd33539090b8a3a355b1743

SHA256
29914312ed8255cc70b36431b33598871846050a920bbd40da922246c09dde82

SHA512
87d0b444da25e05100b8ecf8e15e568f8bcc30c476898cc9bf7b140d5333091fe8d5bbcd9efaeba314ddea92c45130cd5b0497aad081d0bfb2eb17b2f9f2ba74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2a0dc3b148f6d08af2846cd1d50ebcf

SHA1
7e03d51ef10955e5d05565177ba8e5860b18af8b

SHA256
1734aa0f8eb0408627699597bc1eb3ca6ee4e7c9482e5603583768dd3284806a

SHA512
a21ae7094dff0a51f41f7207d17a06dfe22ef2952f284e22d299b671f4ee809c3dcb6a35c1de014a929e744fce94e9b7c012e1622277d9eb3db1eee9cc26972b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfd7d4f9c7294f200209f966d217b5a3

SHA1
4dd60fb74dbcdadd405250570c85074902aed738

SHA256
738947dcfc6b9ded45858750121787b54199f911281868198d1fdf0e427e9758

SHA512
de8a7ec0fa1e0b395e7cd2d6aa61a8b555bce701a6448a3612463bd2ba09dc53e2970e61664928f5aa53623d3da16daf99d58c665b8f7627bf0e8bd28565aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab234B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2418.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar242D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit