560b7fcc35128decb405d4bdca20fcb9fbb01d6ae2c58e85c939dc9f484b606b

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

8fcaa9d46b5520078b61fb6083238b9c
SHA1

a1a6b9bb992ec1c91446ed694e45ba2c1a65eb52
SHA256

8be33281ad361ae0c40d5103f0bad28a83b179939e7258c8fa03c5356596a153
SHA512

ec056239c27359602b8775ce2ee5edb22f4eabdce639bc3887f4d5af098afd52ce0de1f5dbd0c7567d85912b3451211fc0e352ea1c04fa62b2e7c1b3b17840f7
SSDEEP

3072:SWF2ga+rW2MvwyfkMY+BES09JXAnyrZalI+YQ:SW4xtsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E4606A1-09D1-11EF-93E2-EEF45767FDFF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420959952"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2008	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2008	iexplore.exe
2008	iexplore.exe
1200	IEXPLORE.EXE
1200	IEXPLORE.EXE
1200	IEXPLORE.EXE
1200	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1200	2008	iexplore.exe	28
PID 2008 wrote to memory of 1200	2008	iexplore.exe	28
PID 2008 wrote to memory of 1200	2008	iexplore.exe	28
PID 2008 wrote to memory of 1200	2008	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
174517b86666f5b9f1b008c4c2a6c89e

SHA1
451e3078b9c15ea9ac9f1f21781b24038230a677

SHA256
ba6ca772bb313e60648d9d92a55dfc12c902e676f3c95e39c318a7bc0bf61b86

SHA512
ec39f50e3be2787d5b1c93c7070c06087c1a9f82cf1420215d70d9c5320d8a1d9996a857c02c3f5c6fcb592200e867a4274d12450b5b17ddec6d99ba1a1ad9e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6baf58dea623b451a3db094daf7edb81

SHA1
d4132c53cc44606f4868467652db5efe12eafa2c

SHA256
8c9c3a25e35c42e494a0484e407c64bb3727a3b6c9edbb718487437af8d41eba

SHA512
fa86015883909a9cd2822d7c5e8894c54b08c43fd9cfe7c40db8a6294dc12f5cd8442284cb27e1f88428fad3048d648e5b31b4d12e49d1a43cea5d9083f6a09b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90f68758c3a6397ab3129c4b50b9db83

SHA1
080f980b2d32ac5212640c2e1dae0943a660d29e

SHA256
1ef69fd01c77e2d4b269e5284e844c29b0a5c05f98b17f663002a1ef8396427b

SHA512
e384937151c9eda414a0f7fb3bf40be646e4c02dc9a970d26901bf98e9d66723df21373284fb41d44628bcaf0c82572d514e43505a8c1c79ce49bf6de1c41966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1201b90aea58dc3ddbf2dd7dfa2dbe1

SHA1
fb0d1467b6a186f8993a4c5391896745c3d9f597

SHA256
bceedf1cffabddd2fdb4d656105d963318566e591a97e860916ebe62337bfc65

SHA512
05907640182dbfbd3df8bef47376b55282976d3922d952b12fcc1650c017326cd2e5cc260cca665766c7ef9ebaf3910702a4073aaf694852fc5381e7ca6d392b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85a2f3b4d1df9b6821f737a703c4e2d3

SHA1
fd52ae42540d513a1201f0e35cf97ae8d29b9053

SHA256
2be7d702ad24c980b9fc7f87c670276efc226c8046725d68a60bd702eb4953ee

SHA512
c42653721a105b00f987792744d287997df9219636c660aefc70bc3d60d90f1a412e57f33421dd9e3da189eb8f7743be94a4ea41dbf25c8ff7b60d0f8c4def45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff4b11ada2d3a28ccf5b9aae2e1674f8

SHA1
bee2b7bae651cc842347c25e57d599ae7c4d44e2

SHA256
9a1ae375c69fe8767e7d7a545facd80108f3e1da688d19ba6a3d67ac33ac06de

SHA512
683084dadb20210f115c0ca7049813662a36b6600b84b17631a8f30573a995a70aa39ef4deaa3a0a7b464ac1d01588193971f67ba0f7b796898fc7bd26b77d18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95843e7d9fc905efa09bde08d1308dfd

SHA1
bcf0fd51b5fbc6294e43c71468b1d8014d3cd8d6

SHA256
77645a5e80a23f2153b73ace8f3de1ae444085574998c41d5ceda8b21f6a7e48

SHA512
1213dac90d4ec3717268cd8df3399e3c8d5ece4706005c490ca58fcc3aba9a2939ea640dc0c11b4d9d743f8c8b37f61022a8bdc60fa6094d5813b8b34603e385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10f75c4c70c0ca09a6ee678583b9cf9f

SHA1
614021b4f0308ef3ba1b09ff84b277534a3640bd

SHA256
27e3dd67eca54d578b4cb353d2b4a6f24eec3873bdd25ebb711b1a7b0613ff58

SHA512
07abb2f87c75c655b4f06e9f9fd871e5bf0afabde7456f36997f4ade7ce2c27a3a4957158e45af21e307a52c6fbc3d307b491d4e5c9752f4124cbcb21840ae4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
342e3df29104c3ca3b57205c7bbbf15f

SHA1
0ef81581a57321473715035953e0494a195d3e97

SHA256
706aa2a1d217b0ece2306a4edb488de1ef0507706cbdd88a810d471f15091f69

SHA512
8423c1bda3140a6d9b373aef13d15159737dc2733ae1c82cd342d6d09144f715932aa3a08836913591b1ea0132a28df074a4e3d45cc0ebeb7965e6c83a5288a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af94a625041a2019feae694436f72a93

SHA1
d7e9b00f1751c38a01cb3d5bfda6efa99d9be1f6

SHA256
d4d3e82d161f0b2b0fc51ad7a5401fb88f20a7b925e3d478418dbe4f2a571537

SHA512
b7fc14efe1012d1e78ae9773e8a62d20b8d8e83ca31f012f833e63f2197f9ce858f9cf0f07eec66e9b3493dca657c877f70d7aa4a905b90dc4d4d47f85254499

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
449d1414d6744ca22b3a149ce6667586

SHA1
e4670dda03bb11e33c69a0acdcd361285044b586

SHA256
e1c1928d3fc670cf4d7b182eb20bcae235e78f9fecf721fc65128ad67d8fcb87

SHA512
532f8aff93f481ee1ce6e26faf871aaf96aa44926f39a6305dc8f3ffa2bab3311ca27634709e6e95f967f590434e84eb71db85b2def7d7f1c22719ef88759877

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9b74c22c6fa68085200cf24085e02f1

SHA1
31a4a7cd65d69658562f8b4e7638ac10fd4f0eed

SHA256
acf9715b49281ec6141a6d835a75da5fc175729d45df6467840466122ebf8559

SHA512
e25d026117842b690630523f4bbccb668e4b2b1325e6910ba3042856ca4ad4f79adecab4f75730c1c685b2d7cf857adddae273dccde74ff9122d81f0ddde61a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fa23a4fc3af514c0929a0b808fbec7b

SHA1
91383b3ae3088dd3068c95acf64e17024875c0ca

SHA256
c119ea40777b95581a2387e8ebdc863883fc338424411b503d9ece268cf89d6d

SHA512
6596fde1159bc3ed44c82ebb1ed577650e7201bd2771bf19bb3a02e29816d18c6a7049fdb35d6854b430608d96b437a9da364d802f540e52ffedc2827332eab3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dedd1dc76b8a9a5f11ad34f35ee5da5f

SHA1
ff0fd86875d51537f17ef47c286ae01686891082

SHA256
0bd41a3b0a5b03232a0d57e509b27874481dc10525b7a74338104958f64d10f1

SHA512
e8b63bbd0ff926c2ae7bd1729585bec2d6d75838d245213d7c3c44d938800f02a5fa36a1cf10b8cfc66f44b1026acfbc216cdf78811e7264f93e96f149dde026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c14375f1fdda4c5f8f012e14d922032c

SHA1
26ba89f295ab67ba029611951cc93ca0442b033b

SHA256
a07b73f1d088f48101bcdd5038a53e1802bac6df24c19b11d2c9af2d034f6384

SHA512
757efb2cc433748c1459ab1404f1255560cc9b6a8a423cb3a87b77b01b62341e38513c88ab98320f4743e08a0d859915ccac945c5a98ab0e1fa4c610f5e095f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1585b6302d6ba0c1770be330b65903bd

SHA1
87905bb8f04b3d6646ab1e8d0504f95e36cbac8e

SHA256
5579d7b2dd8550d64bb060a5c7bc719329d1b22b81805179abee338c07f65746

SHA512
b71ada6cfea063830b71f9340ff8d2166fde1b25ec4f6e7def2b8e8bbc2f676940afa84b00bfaa508d9cfab3f8665ce147ab376c68140eaa0eeebf2c6a1b1c1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d284bb35748d40ad09b2dd92f50e1655

SHA1
7fb522383c027890d4ded76d08792c152d056582

SHA256
ff7563ba43f1d2c5f78db1d6ccea2efc30567169b821bee1d50616388592141d

SHA512
3d15d227d5a562cf90e03c255fc23bdc8605febe84c44a8f28677ca16dc6ed479dd78c3c2cf91d3272331da921d68651d429c037a1b068981f6767533379dad7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22bbe6b79d5c64283a990b216fad3f73

SHA1
74c52deb34d1162dabd3407ec5ea46ca9c075aec

SHA256
db471affc5dc526359b7b065b93b81e79135dcdcf2469d5e0cfd7f08aa871035

SHA512
c5ec7238e51325d6eabaf869758e12543a8ecd600b5152595b55f2f17fe80d7ee0c1477bf570189542aeae923fb085fe414af13fa501f049a31ae70f4c958322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e2aac090fc5ac7d579e7e62a310886f

SHA1
145e47c28bbe70cf63acdecbb8cd8a79f19c3ee0

SHA256
c64acf8b459cacf96ce23786ec3ec96b4eb1b88bd4d215e57b1436fd8dce5a8e

SHA512
d7c2c9bb33510d2f1a91f0d57d52457a80e07ef0e93fd45f73424ad3d3eb9287d3fcd9a51014f7e0c120f8f8030e63a59bd7c45869f0c3cb1d543baef1684bd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3065.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3137.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit