266c766d3d9968f640d195cae5c3db396d998b488af4d388167c9edf9ca452fc

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

4990174599c354cdc62ac570cd25086b
SHA1

3fb87c388a063c28ece7ad2024c470779bba7cd0
SHA256

dee381c640cd7b780983c4fbd08708f18a40c4fafc359c7dcc8409632edf4480
SHA512

e3ab78e89d2ec0cf4382dd7c8e502a6bd3245860268e813135b9569a4bbcd2e57670fe8ccabf37a3a7c558f3727166a2ec01e29e729800147e67963785ae6161
SSDEEP

3072:Smut7rlbSbDEa7dXyfkMY+BES09JXAnyrZalI+YQ:SmK2sa7IsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420957388"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85FA09B1-09CB-11EF-80DF-F60046394256} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2896	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2896	iexplore.exe
2896	iexplore.exe
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 1564	2896	iexplore.exe	28
PID 2896 wrote to memory of 1564	2896	iexplore.exe	28
PID 2896 wrote to memory of 1564	2896	iexplore.exe	28
PID 2896 wrote to memory of 1564	2896	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f70f8ee347d3ec364bbcbff7132790c

SHA1
3dbf8cef38e6573943ebe7dc5a768e883eb9db8c

SHA256
3ec171ecab757e1a6d022afa217628dfe95b62ed3e9f3ec8b892a8fceaa2234c

SHA512
6f9a6f606ff07a5fbff254f224208804d85d1a42a4740cbccaafe5020de61759f0e4b78e5db8dec957f242e5d7257865933422c6144f9ba4646380e75c02423e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
758a2fb3f453a78b7b211bb2888b65bb

SHA1
f3ac64966e539f907529edb19a23ba55c8464ab9

SHA256
61146bdaec9caf7b51cdc0e714d5cc24a2a0e8db6e387775e9ab1e8b2cb0de4c

SHA512
fc87e372f2db75e20f2088cca39f6ce0a7040092d348cbc2a5da9655014f40a19c5135ce15a442245b1559b087f02090789d4bf824859e780b4aa2b3f192987d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fbcf523b3a85a8c8ddca1155c4b0be4

SHA1
849d61266412f8b27840978e0c0912d73578efdf

SHA256
d945cba41dd1236d9582f6336d4865ee6bc18bd99431198e786390165490119f

SHA512
8668378a4f16669a2b80093856428d0fe7372f02a998659c0df7a6bf2ab42a2997a2e30269c13d69973b709bce68f0c3f37b39089a0ee9bc2f10b91c01d38cbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e9bc827a54d49a53f4ed57b7ce9dffc

SHA1
e591ec8bcd208731653d9411a767334cf4f6dd57

SHA256
f2a923c73671c009c92da48982fc735a7d72da1e9d0d7becefb1fdf53c40da00

SHA512
f85df2bccbaeaf8859ea1bb8b5b3d3d6c2f190183ec4d58fcf68ef41831aed973344ee5a966d71c6600d07bd11fc9efa8c5b631b8d6af90ddddf1b1361e2da1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62b4e1bb87aac65b5f39fb3a06304ef6

SHA1
39b80f283455b56cfcd2f1c2006d2101638db401

SHA256
f20574b748986db1fd72de939facee5c7dd17b0934140a283823bf0be3b33b70

SHA512
0d01c8af4e8ca61cf0b86ae085515814e88f776c7b9d79e6e90c48537e52481bfeb62c5daa8df113cadc217ebdeceec84ef0905a0ac35d2eccdad95ef4ba6cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6fc7444b077f8cb80e002a1366b2c9a

SHA1
3dfb57b74adb9648307b9718873d34486838ab68

SHA256
97647659924e6e52637f72d4d4bf6fb69954dfeb408acb181af17a735b1c681a

SHA512
d963fe0a2e24e4ac036096fa6229fa315c74d7b35da2688c4ee341f7d524e44b567c06052e72a482788afede8bc06fb4717cb18cdb566cefc1486a927277877b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
918fd98fdcb1c2a41f1f1385a9deb33d

SHA1
2666e36f8f1d26ccb91a61762ab5ef493498a058

SHA256
973bda5ae0bf377ed2b41afb695751f3a3e865efb25d1e6cab3f00620f3d988b

SHA512
f8824cb18560f9134018b40b4e1b28718db4f82f428031cd84120d42134b17fe2da700c0a9f515e0ec772b92f116c520cf9fdb1cd964c391421d7f84db0d6f2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a644474ff606753c89e7631c4c4a646e

SHA1
1017e1159fede95b5632d5da50c2c7d8b7a9dd88

SHA256
e194473a2ef2f624a633050a6c4ee0ed4e9634dedd946b40d97ce04c6459916b

SHA512
83b68a082ed6cb03b2747a52a28253df09db93fc77fce93dcaf636d2ad3a8b39cd5855ca1e5ccbcc13320a012001736d128ad6f2a8c4d277f588cab90c13a10f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b14b35b24840d218af9c7b716885ec41

SHA1
adf40e275e42f3e06506f8fe27781327b911581f

SHA256
9bb136c3b1e5e5a4ddc6606570724a2fb01ae0c960297f4f09d2cba364810047

SHA512
908b4d3ee9e5fb91fd8fe89f0ca6aec72007389e095ddbbff38e839930400192cb759ccc7c35529a1117559cc26b6c241abfcbf05825a7c271d9729404292620

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6430af7f7a047260941a36c0b51befd9

SHA1
285dd57aba7ec14bbbb38c703f3b65dcdeab1360

SHA256
d0c2ae3b07e565bbeac6e62f5f56e71e355920b0b76ba1bb06dd2305b0e6b239

SHA512
2d8b5f126308ce7a55f810a6e5a01652bd4f10ab88c85d9b8817eb76d4f83cfb780f20b4fdbf39a2d5f9cb5d71dfc634bb1ca659ea66cf54ea0c876d93e389bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
353941095aea0fec6c1fbf61ecf7e3b2

SHA1
83a17e59d4339c69c69a7bba433c8db990fcbf82

SHA256
534a74b3edac9eb871b6974208ccbac81e7492aa1ac3a5310307d57f06a550e1

SHA512
759ab0cf674a44cc937b56b0afefc406e72e8515ba438def42e062b525ce1f19f5f47c374bca6c1d1d1fb2e45237272dcaa5dad2ccc712597cd5781c9fafbc16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9650e60afd7933320e91498628d9073f

SHA1
00f5ef611171d211e558e2afc110f73876a8cf15

SHA256
ee8b503ae18d539e629cf62f400b16837aaa777c8726c81cbe67760abff50fee

SHA512
8079f2b278865c4cc5eb445868f36558010253acb68d2d669f196fcf27b89bd0d94c065b806cd7305ce5f616a9966a5f62afe47fa7ac91fefe0ce174660b02fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eecdda9f35f1af3b0d0d6e1d8566365b

SHA1
4dd677e610f9fad04f7ee97988f2068ccfe892b9

SHA256
0b031cfc882ee98395738eaefb046651e1a85c0fe9fcd841e4ecadd8dac93a42

SHA512
90c6933bb6605514e4c94411879feb478c35b8a50fc935ab4331a3ca1582a2643bf726e3587bb1917724774e86492d35e3a2695c62748180872d1f89a1f6e2bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c9123eaafbfec75d59306d02150ba9f

SHA1
f121fbdb2b806d650585d59ce381308bec5e8484

SHA256
58d6c79ebbb060760c7069e47d9d964a54a499db03a695580dea6c97c0f6185b

SHA512
3e8fd8207136c442e588aa59b9f406962066b6a3063556b9549d917b8eefb8ac21b6047f38bfc155ec9d65f6700b463e49674ee2dd0db71d031de35f78e04322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
805b5b336cfd88487ec63c75464fb191

SHA1
75f6dbdd89cca6bcf70a176dfb0d2aea9342b2f5

SHA256
40796a726b0be9abb517d056429416258c3d3bbe5147aa94bb1c8cee487f8565

SHA512
e81d1af1d9f6268cbcc74299a084adb0bb18879e9b0e8330403faca13d714ab5ed07771e5c6b9b7c50ff92278ef0e5b8dd2edbae6d62b1d84229752d499064ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3dc3f19d7d68641d12eb760a9ee8f9b

SHA1
b4cd34bc322b2980e1661e55db944838b3314814

SHA256
264b4b6efa52ffe957e3bd2636dcf5401c69fef058744a9a0bddf805a7adad4b

SHA512
721d5885177d06796c493c4477abb01181b61551c6d7bee46074971606e5b23d6a91bfe3c02960a4f832bce7299b038b5ae718a7653c45145b1935a606a5dfe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8274a547480bab30f416014d009bb735

SHA1
5d89e9996f83e9b7a20f992e272db4a911d9dbf5

SHA256
023ce6e20ae1d56f12ce9bd623c5b496a3cdca116ec65b46fd05de5581bde9b4

SHA512
acc1b9974847165ce7e1e1b0a2b846e5dcb53f9a1670865b9e5c75b16b73f5fe345aa32ee4f8524a8c2afbef5db0a583f374ec270571b1759bd732d6135ff54f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdca0a98c40f24cf2580e2fc8e3a5341

SHA1
bf500786cf57d1bb28d088709aadeb12d5a9552a

SHA256
955cec7bbdf0b8379e4bb038f360a67103f7ec2d2a091be856a94dc9f80a6c6a

SHA512
ee5d5bdcdb37403aea6bdd9ee6adf51b4bc44c5738de79a9c9f2209f11ec3d115a0b3e424110ed5327d93f7b83501eb890b745981c818ea7dec5021c154b34ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7a580339de4b0558896b7b255a89927

SHA1
a9a02fae8243a1dc671601435a6e3c6de55e2159

SHA256
fcc96cc1af85d643cae71ba04471d3aa7a318b9e259f25b0bbe1d2e8b1330204

SHA512
06cf7e4a27b4d330eb5026089eab6f065cb2fb81f3f2e0a8f13fdd8658312531c5e3e422a7cc35daf19194641c451b8edbdf0cfb79c736fdb0e45396d4dafcf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1880.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1944.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit