4e2eb399b97414299747542c17851e3586533c44b564c22d24f0828dd9aa2b9f

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

b6ff24e96a1afff6f574051e348f3ee4
SHA1

2b2a1d6e21dcd331cee9e5babafef2c6302826b1
SHA256

3a0959d75746cd474580af4ceac6bd74091d0faf81547da2accec566f9ebe1c1
SHA512

9718ed2189f44d0df5f7f41f0f40750ef90215412a2d647c9019a82e69ccfcbc2105d4ec0f646740c6688d0b57b6f4d40b69496d0984214385286840f7702d54
SSDEEP

3072:Su+G9l6kL9EJyfkMY+BES09JXAnyrZalI+YQ:SuYhssMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421372720"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8BBB7801-0D92-11EF-A293-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2172	iexplore.exe
2172	iexplore.exe
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2072	2172	iexplore.exe	28
PID 2172 wrote to memory of 2072	2172	iexplore.exe	28
PID 2172 wrote to memory of 2072	2172	iexplore.exe	28
PID 2172 wrote to memory of 2072	2172	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d357dfccdc3275d8e72e471c1f629cf

SHA1
fead4579f2ee0e1d4d3b1fbb06d921ea78ae4246

SHA256
2e56abb1e51c88d5702027d09e3d9e51c45374708223d31754eb2ee5da1fb9a0

SHA512
3472cac513658ffbd94bc31cc11791bd88709935da39d96b6d510850155a292d57e4789cee23aa2854608b76a900b917623393038aa8b5a5ad5758c5a88dd00d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
742a854bf0c3f8edfe2609cbb660a48f

SHA1
f99d3aa94268ebbe6b3ccdc33d85ec0c663ca1cc

SHA256
16a1abf42782bc2fc076286810f4e6152bd4e92a2062d8de1113a91042c94cc3

SHA512
af181d68d95a479c16e7523dbcd9643376aafbbc11e258caf67c0d099d7e24e32de6472565c7326d304da371e3ce8f4ec3847a52239d6f656ebd4bebc902d98d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e7f416697ba5a293defc736c39fc24b

SHA1
1eb019bcf2f3adcf74bbfcb5bb048c249b05a359

SHA256
558b2b13c43c89b973d904f3ec1fcb68dfeab1fc8f73ee53bab18677374efff3

SHA512
fd1b0caea54aa61305441564ee6da3a9d1c58bdbadba5903457892cb39bee8db7284e7abc567a133248496fb1ca899512df5a430f88cbbd30c8a5357254ee110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d37f1445ebf0700b49e80bdbf18e390c

SHA1
e90228370e53996f57f77ce1bca8559bfd7e8923

SHA256
8ef087775d2491749fdaa86f126a9dc36f60456422fda29596af345e2360c533

SHA512
5805e2a8312256fb930cea32513aba1188eafa4d75586610c02a0187ed9e1712dd3d552f09fa8508a5c32ab659905bec9f224b3d1bf7facacc4d9036532b245d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1897443d507c0af872da1d6f14bf06c3

SHA1
b01b8a1ee330bc0d5a0c37f2ea34d719f23525c0

SHA256
10000b86ced1a17b96789d77914eed2cef11302b21f6ca2c4e07c7b9b4cf4a9f

SHA512
7a3121ef427d6795128ff2c28466c1fa01bfcfe102600ffc1d47056af862e1837cb499fffccf6514e714a9a194d9dcef7c96d806829a8a0d140a4e75b39c44a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a5d6633219be7378194a8904895dd9b

SHA1
04192dd7c23942ef68ac62e4ed6bfdc6f42b3273

SHA256
a9ade0e079fda2e726e8d55d3be18d95e680888164651eac3436f9c2a80fc08a

SHA512
b5ef099a0907a5a83145080046cba95d95ed78d0e57301aa9e2e9d4170383ad6760c0839aa4b26d03327d7a9af46f685791eb9a9a7a84821b2ad92bdc909b3b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eff8622965d3f118452cf5c798d49975

SHA1
f244aa07c3893a187c7199a9a7ede571e57e2b3f

SHA256
52f54615286f51e77c0dc18d6c9ec237a1059858dae498f6b17ecd487ffb6c38

SHA512
d04670523b615bd45322f9041847a7112b3883f4b8409abc19acc42a87224a73e9f6bb8a8300a058dc40f21c139bda72749d435ed5478105b568d052eaf4775e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1861386a2b3d9e952aa5ea60598b66f

SHA1
26cb80a26d51bd3c05d18553d66e367f185a6077

SHA256
889b3a20ce600db6595bc903abd074930a6a3e58e951e5541f362084859e9a30

SHA512
7976c704cf511bd84e27b0e1c7553bd74180f4bc2e2a5a5995a1ce7fad3aa04673aab5edaa95d9045a5ecebd04ae0847bb714b233ff97f67989a0062689c717a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
074efe5e2aebe4d827089b53a634cb99

SHA1
c129000f16b7078e781b12898a1d3cc472a0d6e6

SHA256
5414be8313240338e955787596629182d40799de452b5ee14e2ce33b2a320a6a

SHA512
b29decdcf1b7e9ec7ec0f696b117c93ebe265166ef147568beee1508b1da88608bf51f16843735ac64eedaf4bb9f678cf5e440b859024745a7ad1fffa5ab39c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc3efe889cd4087dfb5825ed31f80131

SHA1
f1222a0819da76fd6beaed1a493a484103c7e743

SHA256
5e81799ae9afff50dcfd34a6400af65f9a28bd03a7ed22ff4a9698782d165b22

SHA512
41a88161fa8220eeb8253c307f7eadfe47a0b0c804ad698e8dbcbbace1bd1c9861549dd3ff0e55539552265b673753f8600367b6b0c5b0775a600da7d11069e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4fc37665a1faab6f5a1ec69ea89dd13

SHA1
95e471e447c58ee5b3d42d1c810bffcd7d636a75

SHA256
93fde213428ee3230756bf088c4ef45b830787adece29fc07a545e7ce9c366f7

SHA512
630d03b9e4e844d54435b844e8014a65bc4399e21345e6762a18b2dc4cce014e90aae21474475ba01b15deaf452b70a4b9dc19dc04c03e94ec2e1e604c2319c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76d4c56ddb6572c6d48bb05905fcedf6

SHA1
9fc2de37a94cf57881fd4e82e77e116c001d2dae

SHA256
963ee6247e3658efbbcd6791f14807e169177cac41e800d1608dd84c5db056c5

SHA512
67f710a6f07b2848406d1ff89c4581e99c05f47738ed8e7132255834d6553992c675931871a334c039ad612f1e84316a897f7fcd716a5e68a0161236fecd7f95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad53dc84696e6789a171ba9b14648e3c

SHA1
d972f871fbf8f6a8b766d9017389ef120693ef7d

SHA256
fd9ca84b8bccef6efe698ef615d657f55d034b20f815a4a002409f033dc1bd49

SHA512
5e974f7a7d1aeec00db45daa7b2005f6b0f2944d11b720be88fd026fc0303e01f80208a08c0bfc639448852fc373f09fd1f804b6a88be4b9b8559f1700dd4373

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1df31c9002641352db2cd619227459de

SHA1
28ca729aee61f625a6ee8d564d5d3abefd6852b0

SHA256
62701ed781212ff3abc8b1cf2fba575bb9722ffb225fc4f4245e57114a17bc91

SHA512
2205b3f4fff731dcf3a90a599e5e992af56de965925ba3fe26c2fcd3a66426a5d6eb7c17690c14eb85ac37418e98171b3942ca52ce52da1c554289d62300e506

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
051c88edf0a49b5d69191dae29d83844

SHA1
9686a8f8ace9a57aa13096ca3b50f061ef94568a

SHA256
b7b9ad2a3fedd53e11050d1fe65d9297895dac67986b8e49e60786d95a6ad640

SHA512
b3c2776a86a3f4ad3d7ff697498cbe68fb447648217fa909301a1b030733b5df697b42db6fea3e31fe1cd4e0299c6e1b41cc5d20ccd1462de5d8208909662059

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa932b04d9f4eba4d4cc1f32ce0b35ba

SHA1
29b9cf9cb8f2c5605d0f334871ebb86c71b17401

SHA256
095e0db6b92064da6178acdf33c9ff1bcdf113701c6d4a4565cd3b3cb8c11a2c

SHA512
e28d9e3e24567ba4af31d5a53c1e9214a130c4a60dbc157a8f02e19b3026fb428c25cfe4f519fde0139cd69c5591fe8f8c991fd8bada04fcc0b74587b3501587

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca90bd2175d875b41c56fc621daca046

SHA1
e46e1714f7a4ab32aa98c73d81f338e0f7024be5

SHA256
45a880e03f5ae5356f788535eb523419aea75da0b1f6dc34fdf057f74e4b10d8

SHA512
3c0838a9bb8d934a9642abd8e5b96521ac854537526b76cff6ee184efc7c122e5b568e27c982aa8eaf19a4bdfa00d48d45c7b719b664ed83b7c7e182c8ba79b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98015d8fef4fdae3dff2ccee647cf268

SHA1
f6a069d4d99b3d332c355d0b81bc8a8011b176e0

SHA256
27470db94cb06c4309258d3d1d1853582690874dc4b150e26149fa3b0108ef3b

SHA512
44fc19da0a606ac80ec3023c8a5ab0e2e18ce77192ec1fca86557e66778a52a2f5554051e5386bddbfbe608d3ea53223f24ddaba2e7660c5b1a832ff5fdd9e27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35749f25d1b3f2f1e69b0e2f13cbb00b

SHA1
fe9ed007981a65857e7a9b3970c8ee7681c470ab

SHA256
f8a1f4061c756b3e88b928d55edd0fd185ae9fc400da8bac0bfe20c52b54d0b1

SHA512
085a7eff8ee6fbda3a2b27dd6cf0ce46b388072e30902baec55bdc9d97c0ab93d43bfd157cd1f279634e06b352ce859a44387f26efeb1a4827fd010d32891f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab12E5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar13A9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit