e053d95447f1ff857a7e1837075155f56e182d2c179b0bcef44d954c04643988

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

41915264ac302de93d2ea91337d505b9
SHA1

e661f3d0a0ecc53cbd6b909de8d79f182b532807
SHA256

d7e46a74d4e417e2f762c29f4f0814ccbcd98cd652dce74eef2e12d8b7bbc871
SHA512

57d443572553649d2f82367b41e139bdfa8a3fbe6d1f8bad16a7e65c9acc28e78d03c362929bde87af505d0d98f84fe53c0ff119777b94b2121440be28514717
SSDEEP

3072:SFyNOIbbmD+84yfkMY+BES09JXAnyrZalI+YQ:SF6aB1sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{412E4D61-09CA-11EF-AAE3-FED1941498E6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420956843"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2256	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2256	iexplore.exe
2256	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2456	2256	iexplore.exe	28
PID 2256 wrote to memory of 2456	2256	iexplore.exe	28
PID 2256 wrote to memory of 2456	2256	iexplore.exe	28
PID 2256 wrote to memory of 2456	2256	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
126e183c438403fb103dba400abbf9a5

SHA1
3a5e87dff6dd3ec21303baf312daffea0d47265a

SHA256
2de3ed4a94c5ad5a4db7e6f90839b0fa31174699f8c02767b81e2aa847f22c25

SHA512
d8feb2adf81e2bff6a852b56279b030232ca83a66ae44d9dd780840795e4c574e061ee1d199c07687a102dd395ba2d755acbf2468e38d6aad81448c7d42e71f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b36fd3445448d4c2b63ecfe96e46848

SHA1
47a360d32579e045fa241d76862a8674adf37094

SHA256
df788e6cd8e34a07cf1ee765f251c788369c59b18875b5df1fcccb8cc9061cda

SHA512
3224df9551e797a3d61eadc1437eb35af5db6d6b4a0af2b2d1692d50a378727f5aaa340f391913f5124b8372e2b93c6e5983f66caffcf2b0e7b0cf721e7ccef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5e147f0de671dafd667d07b63dd6b11

SHA1
29321bfa9ed96e54ceca67eef3fcc08d0115e7d7

SHA256
b39bcdaa5f474822d7996f7d4aabc5ceae58747778224e23f037f8c56f971069

SHA512
8bfc1c1fad7e4ebae23007c92e1522e44747afa96b40bf69957fde8df3f6faba4f7192243000cf063e2882559a2e30b0e4e6b5af5022b81127635f01167f68b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf661b840ba6b338a35d00ac5bdc4a1a

SHA1
9def2b0881801afec79d0723f4889722c1f16e5a

SHA256
58806eaad05e64187f7fa7f7e2340e63eaffc76d3a72f73b765b6a74873a9455

SHA512
4a187313d5a99b7de3b4622fba24f12e380a3e678cff45fca8e9f3f1a785bd998a1873fb78ee8cb17b9ce434c06804cf90fe8ba5a84441b5b02a3eaafd8a29e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bc4c22241963e4c23a6921238242156

SHA1
2ab50dd69ef58d2d85ea3751c86750d39a46f39e

SHA256
d53b08a98aabde9a2e72417f407373ef30372141121bae78f7b36017de992985

SHA512
bbdcf3dc1a80fdd47ebe94358f1b5a9715e350e261867c51973f78b763b1b7abe5ad988893bba11251bb99e81eae76a305f077d3ea694f32ae964234ffec398d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed19806ba41bef4d15d4db46825334d6

SHA1
e1a4416fd2a8f83b209dbaaaec7630d3587dca2f

SHA256
aea6190fb8e4f54c2a2ebf9221d46ee5543dccc5beafd9d0cc80101597086b47

SHA512
e13f26ec87bd1b7ab4b62855987d2d9ce788c3ee63af04295b4aa5853f57eae6e044bc7a2e4539a90be4959475e3da7f547f38f9cdd6ed69f4899c43c63ec9c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
013bb33a370777ffdd9e0fc53e73365b

SHA1
3c17438ec57a2330bb94729402fc7f0a4bf59713

SHA256
5e3eadb69979a25151e763403b8da8f87c3939a10bd1cd5dd1fc3486cb748980

SHA512
57d933fb92dca9dac80831dc162c58008b72f18154a27789369f5ae9ae418562a98828cef48d50aa763bef19940ac2fbca1f515462d4d4279f671b57e446ac5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a4a98470dd532d8935a421f5cb2136d

SHA1
b8b50e90b6ec61d330c68ce5abacfa9a0f1681ff

SHA256
cf09cb1adb7cc44d007efc03c69fd899d71d64d64eb86f943a27381d190b3a68

SHA512
14f037e4c14eca7145ae863b7e005151413fdd5f14da242e83a8b4651bfab4b14063a305dfbc31e53951323715419e223b05f88db40570d11ed938a45ad1a874

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
369fb8ada5958f39cd2e951b2fe9f3ac

SHA1
d4c599fb5d1e396e657754f5ffe8dde0248c035e

SHA256
747087f034184bd0795bed61cc9d69bd9530d2b1a6e5d68d55cfde9408147a88

SHA512
1cac82e366b67891b7bda9d2315c6078f4e70297a56e5ab54385b73af9606d4ab851f3c8f6759e5303cc9340c717cae27df52738c6af01017c193aa35ec2cda2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f254a480eae5902416b14161287da5b7

SHA1
20b2cd213ba750f9664919489cb8d9a16aa71fe1

SHA256
3ec472a6608453cac63067934a81e6224ccc2154c589863db0dfc97681dfb964

SHA512
5a7143e697242adb572c657784d1db323d5fb7a74802339553fde2ea35d9ad7672e85d4249ad1e31d9abb2b5e2ceb902881197fd148ce28816eef2e74f70d352

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
525c9859e2c3607ba28b756ecfbe02ca

SHA1
02512e87211e6da2067b548eebf432043c7942e2

SHA256
579e752d61845033abcbf6cd3787ae5d187b287d3a4c8ecf162c40a4666ab98d

SHA512
c0d7b858dff9e8b26a3ad932315669b66a7e06cb1fe625e99dfa6e0ed8625980272c8c0a436cf2455ebf032eaa01e27a16cf05f94e4b9129bf3de6969f0464b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d61757a618cf133306aac63cd2c0c2b

SHA1
30dd8f528054ccbd738d222dbcb4b581cd0892e9

SHA256
0826a99fb0eb44d9c5084bce20d12edd1e4c9a86975ffc4f28abe671f0936b75

SHA512
d2866121eb8a9b2f7e7a11800bbde633afb7c7a51479900e6322281b777847f00a235cf7a8c733b01c1b9d83e798b450732941bbdb02f132567e5a64a06944ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3908c22bd6424f0f83c43c81921079b9

SHA1
fa813b7ca8b198ac08d01e92e7f0598251ef6fba

SHA256
3cfd60e690ecb9fae453badbdf70b3315bef36f41d4dc587626686afe99bca0c

SHA512
732133ac861f0acc0482287f1eb85ec31f103a155385b3a7956278ff95074794c3381de064120d75d3c48a4d8bf1315941d7fbc57056d6f78e5d37b75e2c0f6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbbc26894834cac979ff29254f1670e7

SHA1
61a69406b1f389de5e79ed6619cfc095fe785df9

SHA256
f06b28011bc0b55fff45c50ca5e648805527d4e8666a0d3635a86e36923676fe

SHA512
d4bffd95b2c48e2ca509d9ed658ea521564452b4494c8fd0cec48233c3caaf253123f4d8c6bd345a3b22a6b58f68acd21380e4f73f4e85cbbeb70e53a3cc3ab0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a9b35a495490a20e055e3f2d09c3e9b

SHA1
39ccc8e9b4c512100c72d76db24a300df82ea4ca

SHA256
df481ed6f2544cf0e53c94564a7c2a46f4e95b1d4a3edd80388b335e396c2939

SHA512
ad357b8b32ae8e29e788720ab161951f12d374489bf4e4a9c212018c75df56d72c92b3a0946c8df6b87aa8ca8ece9801a9c0089b06206644a8fb5083d6892cd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d885d73b1521f3129484b3830685504

SHA1
63d5f40fec8e5324ec96ecb30345681a81dd3000

SHA256
36128e07cfa038e6baa3d377015d93f9d7794e718201d6d4232a98b579e6774c

SHA512
9bcea4d67185bcc63957dfee10774ab538ae38dfe1f8b16599c544200db6e03a7148d71c58137680e98391fd9094184fd27161206498fa7ba149ebfe63caf55a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f751f786924613ec952222e7d44fd055

SHA1
f156b443e5e2d8f9b2673f23febd8c305d107b35

SHA256
cfb42ccc5a69fb54ae760f88879c7f2da192d4971b1e75b2293798e8b386f8eb

SHA512
5a675ecf15c23a4531b72418d0c3dc45dcf43637a03745b26252511ff6f72735f06a67721e3af464b412cf6c3369534cf0ecf25d55233127a4a1e3f32ac5b600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8104ff7eea7265c1f5059f17c8355b07

SHA1
1d6af446dbbaddded1ae1a88c5751ece491901f5

SHA256
2e682e98d2683225458b227f3be471fdf30f4a208235bd5530fdbcf0c47a6525

SHA512
b13e453368fe0bc05ebde14741f3ee1ddaa7fdb7a6e4b5b1afba57d1e3cdf009b96cc0f3f7a8b66de56eafde3887b612bb6a18ed148e1b4bed57bca77c0249cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1885fcbd731503ca974dd7dfbd5061e5

SHA1
d3259570e33d18c3c2514c9b3e742e18fc4b3332

SHA256
60a4a0f6ebb44cfe3a11770a51a560e098c0324feb3dd3ea5680138d492608dc

SHA512
cef309f92bc090dd80f162aba61a3d3cd6a86aba2f423137bf3726592f9ac6b1e9f33bb6129269c0941e6968dea5d6aae61a8f1cdfc7c85041aa5162f3dd0a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab14CA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1588.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar159C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit