a9b37fd97676cc71c9755c3e90cd52d79c3dfb627050dc3a4156a2ce02e1a153

Analysis

max time kernel
137s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

c2ea98cc5f4b382604ba1b9565d87732
SHA1

cc8716b1a5d48c2160fe3b05107c5bc60f0cc92f
SHA256

f792b45e740b15be04c7806a6ba43860f61fcb2704684638de23fa7bcff684ad
SHA512

a6bbdff79778a1d1e496ab556b1bb65865139284704eeabe3da18d4bb5658b98186e5852ff2a56399f001e02c7c50c1fc703c8832b4c3090df5db660e37fd637
SSDEEP

3072:SjwsRsdGt0XhS1wAtDpDvQ8xRXPxsWvOcLxfJWawD+DAKrXxDXeejg4cDUMAqwox:SlTXiHsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421044345"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB395491-0A95-11EF-92F7-4AE872E97954} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2868	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2868	iexplore.exe
2868	iexplore.exe
772	IEXPLORE.EXE
772	IEXPLORE.EXE
772	IEXPLORE.EXE
772	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 772	2868	iexplore.exe	28
PID 2868 wrote to memory of 772	2868	iexplore.exe	28
PID 2868 wrote to memory of 772	2868	iexplore.exe	28
PID 2868 wrote to memory of 772	2868	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4201c0b1900d35b19896afd65b098e46

SHA1
2062ef44055716698e34e3a73025d39ad3333a5a

SHA256
c1ab846d09a9e31d21989b169fbed21340f9fb04d42e6f65f6f0452626dbaff1

SHA512
08d83d291bd60b87b203596b1b83a36ac3f04a514022926c6d38dc3718ef4f3fa2ac8b47c218f6e6078da0f11c051effbd74d293a28e4a01cec82a152497b48b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d83fafa93fd8095b9a675af85529bd0

SHA1
cfb952d8c8ae6ccfcccfcf1a60033841db97653f

SHA256
efce03940dcf99b9f7235c5c90e10132ab757eb381124a7212bd28c80bbdf4f7

SHA512
93e67328c23ae332d5e541f7baf0971eca2d1ecec3b538d9e9b1a1a1c35d5f841512b6d0d5445b8a6c8b9bfe06b1e5d333caddba82302b1672566a7612993d0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f4d0926d5ea79ca2ff73eeeb50fe7c9

SHA1
4b9bd58f5b5b3e6773f05f199f48987dbc1be386

SHA256
adc3eb74d3940388c3c37a2490c0acbbde0530a8c436a0073e3ed39ddc65dd65

SHA512
794f20bd87294a7ceb75678c553cefa480629827b0b104df3213f2e2596c6b17967dcf03712704815e41be02f66caf912fa29af911a8d25110ce1f9ce3b253bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e98801721c575d23fe50f5a9ccf04d4

SHA1
243546df2e5450e053449ca139ec5e26b4804b42

SHA256
b7977c80bb4d105e35e7bc831e1dfae9c7741163129816b71089ef4861f38140

SHA512
39e42f59d9ac91323f950e6f83cc7e59b601d741ef23d9bf4c3bfd6a1a1bf87acd37a8eafbdd1ac449863db96e544bb9f1094b1264de044ef0035e66201d20ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87df124c856a802a6ca7d4e4b837b0ca

SHA1
489ba86d3cb942e39a17f5f161a3474022c0b136

SHA256
0f6d13111d8485ba82c5f483377e3568b8adc7732e9728320b11d24044fb6aa3

SHA512
67ae8ed5c589ced13113e573ffa79ebcf37e142e1dad29cfba7e04219991e1777d19535528fb8a08ca126bd5acf9d7b2dba7a95c7fb2205ea9b0bc100dad4cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f13313ce41f1801dd1f3411204f74b0d

SHA1
d2c822462af5bfb585e63638087533990d20c4f5

SHA256
1196de4a6614f1cab158e9257ba1fd5d055c73ffa88a7dff740ac1585498d7c3

SHA512
36ff81941fe96bbe785b5acf73a453886fe71c24f1cd0b4422167cdcd13c342ff6184269fc2ab0da12d502c35f028419d5176761f2d0ea68b76c789a123d5ab4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffec39441f4f7f9d06d05e5b90c48dd8

SHA1
159ac530314039967813ae355dbe466b6d062951

SHA256
7354850d682b9e4d9db7a494e075284ad456f6a3f26041ef2fcf6869c0639c62

SHA512
aaaa71abab736d160b83d8011da3e1a03e9600dfec9a8d670f8d4e5f9fbc34e84b054a17b5b0773dc8ed41e0afe8f78ccf3794831fc055b59bb431ea05c3a91f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19cde80e4cb1c6af589befbc1b656110

SHA1
ac3cad6d7af7a39a435c5b274fdf1312965d2480

SHA256
05a98d5a03cd9b8b53d4bc68dd44e56e0342bc14ed0f64d8bd972a6997ae7e74

SHA512
15b9108262dc0cae32c15725e0d42ae0a8a56a930ee8b3b5153bcf6feda8710d5eb8f749988eaa7c68e32c1dff1c688a4f06a2763c26c6c58202f4ccf64f44d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d24caccf85c51c2cd7948469d3f89691

SHA1
cd9c5a0169d3a63c462e554b289ea0d94e013040

SHA256
85a42749aa75be869a6c18e15d51e1b5f7cb33209988b393e5f5672aaca7dbe1

SHA512
1918169e024689344459b8e4416539c1a11f58101d1fd4b997bf4a7e9cdf24719ef8248f66e518f33580cfd29f4b3a5a38f989f42334ebb6a03bedaa325fa7c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c67f0cb98b26b2d3322ee19eb8b361d

SHA1
e014ec6b59c8e69508d2fffc615875ac7fb71211

SHA256
d90c4e1b02c264e52a37bd8729b6af68e4233e9275231fbfcda1499dd6b20b09

SHA512
b33ac9437c9c44b4fc1512d5cd0cd4415e4ed213e1390f020160de132a87d382fe65ef5045ba736a777602620a5878332656b8406c5dbc4bd4c75873ad92f00a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75355636e02d0e68b419507edd6930c5

SHA1
d8009ded7a0d87f7be492b31ef1bf215621b8336

SHA256
ef5b0c0f95fa7e3db03d64c6a1bbe720c37064ed45330f22d957e80ef1cf8cbc

SHA512
3b38f24a11a4a50a573ba49fc3b00d88b09e2e9efc3f16a994b69a1b7b1a7611d8c4330ec81b42dec5d8a4a50d7816557f45e91da12d6504a194de78614ad32b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ff073968452e3d5814900285a638833

SHA1
07a644b07bbe45a916ac466b3b1697f28c484490

SHA256
1fa497fc0d511fc3cd0d787dad46b2d2ab9c28aebbf11e76820b4500c265081d

SHA512
ceffa07e27a0188143307081c3017d7f65f002b927d85e1237ed8aa47266108e5a959f8e7babf94583df7bedaf9ea9805f4e288e1f18f4b38f55f786715fd82c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5f487284cc5fa5ff35583aa71ca7efa

SHA1
b04b95c08a2b2ad03189127f92d3a939a3ba8728

SHA256
60eaf84ffead04d070b2e71489d4c0d2086432d0704b8afbfe1715f53c68de13

SHA512
07ce8e6adb38479e28bfe89c449111bb2e94977298e442158154ca9cb14864ae82b6db93547c985c70a17232c618900f5a7b9665fc8d668060564bd7df692bcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3b15de59423735008148e58ef1503f2

SHA1
8e59a59489e0fa9f4d6817988b7b364c900aabba

SHA256
fe6fca40b5224f419d89fd1b24643377abfebcc07d6870d78f5cbce9708d313e

SHA512
6edbbfd6d02829cd4f1f0f77c5f386f4056d71f7429a6bfeea4aab77148ab72823c0d84ac0ea8c1577d72685363584705b64801e25c1cd47b48db85ae15a12c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34d6bd0e6221259eb81e0023410d8bac

SHA1
2deaf6cf19ada7a254596ff9f49cbd1cd4d89a06

SHA256
b2d2776b09c8a084af2e03355181a4758eb51d593b037784d0db5aa52b538a6d

SHA512
36ddfdc819bce9cb10bf8873da08d2561695f8f99541188aca200195c7bfef69f4ebbed10f0a0a1e01a2e6d550e3992a40672eb2dc4b41f2e1c87a54e0305ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5DB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB02.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit