ea780c4d01cc5358d60a4d42ebe9f7500f806a14d993a7e5920f7c6c262cc568

Analysis

max time kernel
133s
max time network
135s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06/05/2024, 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

3db1a5374cdc9908aeb4a2abca887794
SHA1

9d28ade767753d0b84c933c64dc6b8d8666e7ac2
SHA256

44558a328b73ee54667d89e75543358c5f43639a9c48a41e3a43a85a76e661ae
SHA512

de57e4c42687d02cf57e6b301cc8e524e6f841f495a681c026466ee84d569b3eb71865b37cc60fddece91f706959cb991af5740c563d7c47e9b0452a47c747b9
SSDEEP

3072:SqkCSwtPl9aHFyfkMY+BES09JXAnyrZalI+YQ:SqV4wsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EDECBE31-0C02-11EF-8ECF-42D431E39B11} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421201087"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1660	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1660	iexplore.exe
1660	iexplore.exe
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3004	1660	iexplore.exe	28
PID 1660 wrote to memory of 3004	1660	iexplore.exe	28
PID 1660 wrote to memory of 3004	1660	iexplore.exe	28
PID 1660 wrote to memory of 3004	1660	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28d0fae55ad465989e5432dc8a0549e1

SHA1
ded8c2cc08baf584250e469c786d255e3e04a64a

SHA256
b876f6b7cd665acd8ebdbbcab9e56a7536fcb42d0f8f2ac6d06b1c07f8fa16b2

SHA512
80c9b6802ea1042d028df80d38fbb3781aca544ee7d1f18d52adbd3885e8df9e477faa8a38997444b7203a80491d1ba40494642a28e976dde15a258778fe2e2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6da32ffd03cee58e4d92e9676ed997e

SHA1
261baeff93e5e7da45f5cef3d72c04efe183f217

SHA256
39ec314c8e9f693e7960f1267dce76ed2e47f9581dceae8d0b1de0049f11b5e1

SHA512
d7563a0ae8e04e9252eb0d3bf47c04ecb3912a84f93cdb6dece01ab18deeb967a972d8c20ac5fa1e8e4e871aa5f46e42263768e6e4e163a29e056b725e357037

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6161a9b42b7d3b0b973726d7a26f2c26

SHA1
5e76f8a932fa3bb9639b40db16a97af08f2b2ff9

SHA256
50c7191beb481c72c100a02eaffbeb47e0e3647fd7255ce05fb3b285ba32b888

SHA512
9b1182b9badd52c95b661669510fe304e39d6781d646975c340938a0d15b6e26647822df8b573f2372ccf8525f134ab5a8509e83921de82507a24b4ea0ded189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f06ee505852bf23a93638c7d2fbf0c9

SHA1
228558853f28315de967381a499da6106977f656

SHA256
1dba98942782daecf044194975518b3249250ececc5bdadb8e9cb3f42da87d01

SHA512
0449509ff26c3b501f9c9a91c6e823431ac4005bd1eefad73afb4f1c08b9ea9788b49a0a5fe962797f6ef42543bb9b0a8462690c3a71b89f8b17956cbeca7473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b8589a8e7ca11892fc9f98b56669446

SHA1
c697db042b37016081cb0ac7d8e876f8c0db7bc5

SHA256
5b7599e028a87253d2c24d1e00efe8f05c9051865b835fc6d965c872aaa26d5f

SHA512
24d54d2792c66621f8638b55f18ce7e6dd29cc206b6b181e391bb97347a72b7702577e49bb67d0fed61ce9e52045fe5074c45774969aa23869d8f19417b8acb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83216b03b1f35d5fa9183d8041652bfb

SHA1
8dc76731a7783f959e79734ee929873d960baae8

SHA256
8a8f88bffcfaa6eabbba6c2137dc6e3b57cdec52147ccbfa490d92e332047c35

SHA512
dabbe7cea4827ff114e04c3bd9871464475f59d8f93908e641368be1a7514998b069c16f0922c422c20f74d4939011960c18993b568cf0c3369aad8700495f1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71de35255b4785d8c6abb640a167e846

SHA1
6259502d5be0057feae4b7536f374f17ccbc517a

SHA256
cacc0894b0e3ae963efac283fa8983d3108eee6b4430f94ef8167e9e1dc20510

SHA512
0551df4d10c2c2939310f85058cc7c89109a3c690a109fb1619a9bb3f2bcd92730eee2cdde3b75df8a9751c396ed3861d88367055d845c5356b165fa1479dc1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5867dbd186ab874acacf0af6af83b723

SHA1
c8d4c4885a3bcb6f6fd0f496a1759aed57b8347e

SHA256
2eba17b17607a502d47bb233310c4ac067cb21ebfd5cc0796ddaa5d9f86bff54

SHA512
6da2d219afc913aee380ef1861724008ec0c860bd2b04c1ed26fc40e3ebdf38198574b65cd1431fb1f4f04d96601ff8d48379d4cf1a25610f5c70edebd0eef3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95eadd5d22270aeb96d6a1e2555264af

SHA1
6906b27bb46cf60efa5b26900b78ac88854e3d9d

SHA256
2aa9391af8eedbd6d69653228c1ed0ebd9dc19c42fc2623bdee9a972953f758a

SHA512
b9bf5f61c54d9577f539ca11e55794e70d9f999f53e7d758c927e3c5f69ae018e8020d4aa1d15c61fffcf4bf34249577d0b0652fbe83a8121489daba7b26ed08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc875d882bb5d72a13f650578fb40684

SHA1
bcfd4acb4667fbd666672834fb15ddac3568a685

SHA256
5df37eb68b2c6319a26e5d9118118b902b1063b03bbe81864e86f648edd0e721

SHA512
a5abd3cea5f991b4fab6f1021ec3c6e83442ecf1564b91175f063e6767fae50b38c0ec1b4b1e2f13091721ed48393e145a861b8195c89c34e2448961ae95f918

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
928fec75e8ace168bee89afb1e0697ae

SHA1
dedddcc7d6be7dfae4b4b74786b2c5642a683f4c

SHA256
988de863b7b0220d3e429a20c5ff51c0ab0317d317b9e294e424d0a1e2ba58e1

SHA512
41bd2fff857f2dbed948f3e12c30b2c79f541b9b897ee6ead8437e16751ccc20f32b6620aeefd335ac2b7a3d297a9c46a4f92190ba20b35024aa7e176090cde6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a60a96688a94652957925ef9ea705d21

SHA1
b66bafff1147969083ba641f1e1e5df4ddf0b2aa

SHA256
e9eeca37384c3afbf718be1b786daaabf93a49538814d2c205213251f49a363e

SHA512
5701048f2d65567ea9c1260368c06aa2352142752478e9684d2889387b8db9a424f159b98b275baabe5c52333a083535fc6f5f51185596ff4bd7c0c3bd05a6f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57cf23bd9b904cc0061ee5081e1e5494

SHA1
69b279ac34dc3ad587cb7f1a3061643ec4386ac1

SHA256
4db827b47ff5c2341522fd53560bf082d78893c8b5afeabd896998bd97d90687

SHA512
bfe9b4499cf2b04c5f59b49947ce99f421a1325e10a274ee10de53afb0d0f505a4adec5b9818f6e2df7a45685241638a66c7129cb76b99c7cdcdff8636dcccbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a02111bcc68a285fbe3889d875c2eb5f

SHA1
1745659a9119fa067cb9fe35485a13db280a4528

SHA256
dd5510b3d4164a697afd17f9c897ab27866e6c52fcfc8ebaab55ef77887cc92f

SHA512
48ab81f0f62153e216fafd4d5f5cb9e7a7d4f50b1bc41d2455b5f6a5ba222e1b4f98509acf774f0f535639c9006cb4378b5cb0489d2e4ba0333ba4897ba9ddf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a81cfa5005ffbdc234c6e61e0a7bad6

SHA1
c5b01d22d50f9c09b01b993bda8b7a87e93b60fa

SHA256
7f5b8544b46f887acf5983b968f69d5e415ed36c0de1a4755faa16884cb86ed9

SHA512
49bc5d227a522233965acc4cf7a49bdf67da236ca3d21b13cdf3903d29163e59d40efd6cf5ad1bd6c24692b556c3bf5b012803ccfa79b998dc3bcc443ea78fe7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52465aa3f29948ba2e2e54953ff215c4

SHA1
43727b1eaeef3b4f62b0e83862bc5c353021eb74

SHA256
e487ebfc2cce25e0ca855c54630e6886ab5eefb1df743446897d43f8bd292159

SHA512
2e083c6ca7f014422731745565fd8d20f8ce81835e2507be26e5a0294fe527ed138e90e22a0500a4c1f38dabad3c5de12812c53641187a6d8c26f44acffd88d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
044d9168cd04f545ca22c59099745633

SHA1
0483648799d97944a4e3ddabbc64086882690643

SHA256
5b07f4451d71113c859059b042b9ffd99f8d9fab5ae9c245bddf03840d7377e8

SHA512
1760de7dc3aa68a5a22cc1ef84c56e6275fdf845468885c44d5c174436aa4799f824a491306f9e69b882c09dacc1f9204be9ee29100ee8d66bb86c2a5c424fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29d1c8132b15e5015eddc6829446747c

SHA1
12e20c44dad00576729212e7702feec164cb2306

SHA256
c836dfa5110b60d04520b09c7e38f41db3715c4c770012bdf9b0ff2af7682b27

SHA512
341dcd6923f1175c6beaaa49b4a837b93e6d07e4bceb4623174d3bad6c4fb865e8aa2324556b9d07ea65c22575ce86248f759bbfe10154b40534cda3c7d747ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7527e0d6459878088a3fbcb2cebe498e

SHA1
a1a7a4256e6c02764eed4302521e5fda65bc9cc4

SHA256
f2bc13429af9a16e07b53843bf0ac640247b0847be602919e60df725ad2e1e4b

SHA512
e27fcb99ec17197623857d4854b9fe28b39fd43f0d3c05f7cea8dee10413982fda4ee5a15ee71d9d3dc2be7e1a91ae6829e113fe37912410584d3546d36788bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB58.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC3A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit