d70bdfcb64bd0e33f1a741fd8e2b09f54b8facd0bad3f58bb6fb06ff8e783963

Analysis

max time kernel
136s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

2ec3d0fe37724618808607721c59c859
SHA1

b3e167af314938c5d46042182a4fb76da584beb3
SHA256

60fc4f8e3e583f9a06bfee6b921b9c69bda0a168d0c47e4e7c22400b81e241a8
SHA512

44332398faf7fb0b0db8b7b8296f3e8597907dd1d764c061b20fc99a1fb135b2d07700a59ed53e932b455a6aa9c936667f786db7dd6ef707e25058dd2baef3e0
SSDEEP

3072:SO0WD5WSSKOY4TwQiUEt3dbwen9bI6BmzI0MmrkSkRaUwjryfkMY+BES09JXAny+:SeC3OsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4AF81A01-0C19-11EF-989B-729E5AF85804} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421210693"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2876	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2876	iexplore.exe
2876	iexplore.exe
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2812	2876	iexplore.exe	28
PID 2876 wrote to memory of 2812	2876	iexplore.exe	28
PID 2876 wrote to memory of 2812	2876	iexplore.exe	28
PID 2876 wrote to memory of 2812	2876	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50e65492042ff6e400c979a653f96be3

SHA1
4ca1239c14d1cd73b5801db7da4197694df9a75b

SHA256
3976d4072a9f56860b1047164a751cdafe22e1508f1f7beff9f04a6489f30b53

SHA512
b5713b433a1610ced0aea75f6f3eae3e68234c116d64c33c98afe314b478df70df7b7845fa2d2ca2fc2aae9a2a0b0cce5a090505d9d141badf0192eae58e513d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8d6a345beb2509a916b2762aa3bb478

SHA1
a2329a2baa7b8fd77535d577e89165d580d9a368

SHA256
6050305701c743e2b991c95379cd99edcc24214e9d02dadf80b1529d47d9ebb5

SHA512
27babb939195e74d338c8b420ed26a8780c692fbfd7af7bffa8d31121f66c587ef8cb251bca37c9af25f6ea169e239f654b99c43f33892064894920b02942d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b45816b9098ee66089bbb3c43aeae3d

SHA1
94457a84c9f69249f3ee0796eacfba4d74328778

SHA256
2681ba75225de280a174015b16eea8c9803f97b4b8c907a00dba4dd25f8aee7e

SHA512
70f11002b87cb6206a6a8123c2e2d0156804685fc66f319435f71c2694b1703081c7630631ae12883c7728c5bc59f8beb1baf95285e38d798e0132438c4469d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be6e818388363f48aa0dcba57023fe87

SHA1
e423c9aa8ecca71f819fa2c239c623b0a9f23ef7

SHA256
3a33ce31d046e8f89556707313cbd98867e7b2b287119446221d8a1f733188a6

SHA512
8b84636fce4a0d3a3791d5b92cf6524b589eb225319000f930e50b2dc274a47a2a041c242563e2e3b142b137900cbabc3b6b1535bb78caa4eff5218c37885cd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7438d4af1a761872a294234e75da352a

SHA1
1a8972ca721fda7d564e2a76e3ef0b0551a5a553

SHA256
6da9c7246588a506e99ff579bac3d67da5c97dafcbfb2ed12a2c5893e9e8847d

SHA512
244fac3d1923d6bdb197731a9cb569715f20f3c04acf346988638d8130f4b39475cc1dd8d9140bfb557fdaae8f646a203b4999a50ba894b635b5e1d48847532f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fc84e34434df0c581f2524f195c98b5

SHA1
1d8d245357dcaa53f55524f4325c3850cb7a1a63

SHA256
fcd8d08ea2814835fd33b918c3e7f7afba424c5c2001cdfabbf834c6cf84495a

SHA512
96a7d68063ea83793a7e8dec2d25ccf79cda5a13d9cb63a256284a502332f80476f16f15cc81c558b17a60881497f74f50ad9df5791a4e92d4d7fc94700bfbfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f09f30949dd77f7cc93f1a1442d5f19

SHA1
bf6d120ca25f4262486104002576cc91cd5fd00d

SHA256
20fffadb5b016bb420861fa14d5d7e51a82092883cf9940185bc2ce909c39cb2

SHA512
7d44893018aecab960cc5420402e640150f3123e8fd60a8fe7a86f2040bc935c66e2b0c11bcf6b53a83cd2405d71ecf71d2ee97ea574f02a06cf3107955c1ead

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0b23a76c621228cabfbd4c5aa4d1414

SHA1
1e128232585f15669243b173102e639546de9aa2

SHA256
54585e8ee396e6ef3a3a4feb1e54042396d493f9697999d8da814a6cb2623d85

SHA512
a44fd9bc259bf2a0c2acdb4d1139cf9d5d250bf10fd42079cd5503c33f6accd7b0c94f9bfd02dac9bdb523680cdbd17caba553e6a2d6835dd2c5a9240fa45bad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7398db8963e95af4bc0344dd031d146

SHA1
38d758498e1db838f84f122b46e23b09efe87a25

SHA256
c04082844e3db02c523d321a21e66a004dd5bada4e52d0bafd102100ca9e92f8

SHA512
97ba89ad84ebad6a3c474430982ce3f751aeab1c8a881bbb7d915acf298583db6ace8e5722b0ad0ebce15e139ce42d3f2bf15fb392d69f054ec38fd3c4ad6c01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
520ba697090c2c5dad4ca43c140a0315

SHA1
07e3cbf74245d19e8b632b4ceef35d1ca472f498

SHA256
9c5abb933e7aeb42b57ba48add79f229d97f0b437fd601967e9225909649182a

SHA512
2b3214aef0b1cd90864d8d3f38d81aba1cee99fd6bdadfe8dca9141e37c4076636874fe0ce7b24efef82832ad64ab08f854ef5f31fc2390462bb3caf19439d4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
772b0df1f291d64a85fa5e0df9a6a2bd

SHA1
e3f0a5a3933cacc0b637451003d7220e3492e5fb

SHA256
7d93f1062ae5c4a342a55a1c4fcc3ce66568c6e2ceff5e5fc8e238a981f960b2

SHA512
8b6fdeb7ad07fd4ae36b49627d659c2a1f6af4d602eb9acd5fce588249c193f9ff5e46c5911c2bca9797531f900d0ef03f6334e7377b3ca1c39c1f3a5878dc66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cab9fb281cdc5f39cb0e44c9e8a37a72

SHA1
80b25802e139e4abf7766c21a3514e181d6e1430

SHA256
81f97b18b32a508d61bffffda426a11fe422bac48c3fcec677607fe17d14a979

SHA512
7cc608a25a4b874f7b13b985ad8251c8f7dbddc7bf76e152cd905b561f5b3eca999b27f24b1133b5b77fdbcfcdc57684d1fd3a4843f28088b0ccd17e6c27414c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8DAF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8EB2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit