df9c77eeb819ed9144a09cb844248d64ea12233713b3f95522c1d2ef9a03c1a2

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 03:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

91e8528ab8c0e16ac8833af36227d364
SHA1

6e5607da9bf09e57f4b4aeccb7ba2dab8282bc3e
SHA256

fdd06688f77c3cd9663f4c5a07c7fe4da09e5d9e97576eed2c9b78bcf56a1b70
SHA512

abdabc8d4eb5360d8de511de95fbfca681a69520421de9b0836b775165668f90c830030450566246c4a45475ab437b41b8d59ad37931b4e1fd266a0d4214f1b3
SSDEEP

3072:SkmJisQmYYevOyfkMY+BES09JXAnyrZalI+YQ:Sk1marsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421385521"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{59270F81-0DB0-11EF-A304-E60682B688C9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1796	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1796	iexplore.exe
1796	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 2252	1796	iexplore.exe	28
PID 1796 wrote to memory of 2252	1796	iexplore.exe	28
PID 1796 wrote to memory of 2252	1796	iexplore.exe	28
PID 1796 wrote to memory of 2252	1796	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1796 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc3004cf685a3c20918193a3804b7f5f

SHA1
2023361c1f69458edda550a361be4a64bbac55e8

SHA256
5b461fddeab1e4bf2df6008c25ca67cb1eb389fafeb62d0c5dda70d5c58e9b12

SHA512
564349130b4967302203667d123e9cfefec788dfb714d7de8a8048a07a468f02af9eb2442195d0d5f51cb4b96619d7b172daa525ff3e2732b5e9f6ecbe2f5d34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab4037a3f76f559ef3b2dbaeec15ca1b

SHA1
d6a36cb18dfbdb87d8cb8c673ec38341cf658146

SHA256
00703f20e8e330fc416594553c0386f859fb63605d45a3ccdfcacdc4b495e46c

SHA512
5911d999b43758fccb688a73a7e191fd371af5f93a042d849b51164ef0ea505a2cc19d44391eec1dcdee099a8b0e86e1694afd0f2413dab2858d0217bdbab9ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e875bfa2cbf26c7457770bc09c31182c

SHA1
9b99eb20f36bba77a2ba776792fd5eca763bbc79

SHA256
d892911390796c23976536ceb6c0eb7dd1c5d03a82c0c2e2d776609af52af062

SHA512
85ff4c3eb9e965c96d5d44bf2f117781ce9c49fb5b4778c039ef1bb251d88bc576133593f78baa65daa1ea70045446d07a6e24e28dffe234a6f472a032beb84c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
843c194b77a3a94d9c1a8705c6137a59

SHA1
864e365b9c0a9b00583f8376f95c79cab7d2a20d

SHA256
03e694d2c770e8a04f247c0a6ac34eb7e4d0232e7d622fb7801c2c34b06fde2c

SHA512
d89f5483f56f3170ce39faf9fe94363f900a6d82971416dfb44b02e367e7a68420682418f0d4f5146eb585e4590772471b7af6644f0b152e31b7b3bbbb86d53e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0075c5cdc8d44520030555bb835776d

SHA1
59bb71cc8675bf03aeda51f5b50c9a5ee695adc8

SHA256
4f7f68c8a8e2af990b0a5eec2e1125d47723ed014fcf1a437996e48dea8c5f6d

SHA512
7e40ce40c6dd0a0874cabea7c5688cca00d5e15c81a8060fa31008b61b1c0828ae4117c130fecebb985e636e05d267393b8350c1b62e078b0a9645e3e4814564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f62235f51816b8c7480c3659bcdb4073

SHA1
cdb2f3f20459d1965f612856bb0d900ecc9cb7d6

SHA256
c4d8f760241d35935a9f52450a35c67734461a10d418fcd00fdd271913b520aa

SHA512
633a82bde08765530b2553b0d0f38e6132fc445a8db198541acd7b4d5c8e90999278b75345c1d3611baa038641299f77cfe4cb4353ac1ebbedbb945f02c8e253

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8decda2ee254b25d3346966b99c02f5

SHA1
710cfdcf8b3cf73703355d97e5978e1d7b2d3611

SHA256
088bd19506937bddd5e4e9c766f5176be1f17dbc145ec1adb304d72d42a8bd13

SHA512
c2067888d29d84adbb4a56b249aaea903a2f4054a0ae85b3cd627ba841ef1f82705fc8a3d2f8b6968f7a15b283c4f301cdd969764d6547cd64eaad2181973a81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d430e30df174db5f1bdc7bb56355b3af

SHA1
082c1e5b1cf1e8ae947a77a93ae50dac2278c482

SHA256
f0333a4d8b764b247c542f42e29190ece9147eed94ab808456451e5cdf9df673

SHA512
12c8a78c9dad2f792a61b89a75be98e4c437a9b119ac9cffa3e2f5c658fb02387861407a78699775405ae48f8c2e2d00df1609cd071ad131991ca5e425751e71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f98da7a4ddbc867642c50e7c2e0098d

SHA1
af8366259ee6a3eb7a81b255d758e71a3e0d2708

SHA256
0f06eab0a8dce918f3c442dade97645df39beb5eb2296174d0321d16de88c71e

SHA512
4696aae761395dc99c8f5fd512606d7e6ab442faf6f8b17c130dcf9f75a04ba591e7fc278e8f205975e163c20f6360ed3f499794cbc749ef5a7bb550f9631a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42808e2ee4910c2f099fc9f689dc29cb

SHA1
a179759f52867f6ebe5de4e47fd9863c81b7141c

SHA256
e8a5e99829c04821e8b69c013c1b45f2a0f8b7086e010e2634d4b99eac92c196

SHA512
245afcb2daae5598afca6b1552f207917d7aca0a33a8426e3326f49e88c0e59de0f155a1f83aa495e8e4ebdc11426da5fd231696d9b7168ddb12dc9ab5623be3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d47c9d5de0e162a363b46aed84400219

SHA1
861f23716891d63b4a843d92b0a18adbdd78ae54

SHA256
b86bc527b92b1ed854bffa4ef3a5f0262c39638f987cf224473fee6544d61c07

SHA512
14c8b9382f94e16344490360b46c02990ec94ef8ca6922020595f64a2f3b7b9333de0fc6040bdc27f752b13ce85c04778bd030553ad10f0813912ad599cec9d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51b19ba3c7f001f0b22265e44073f028

SHA1
65705a8061233ff60695e4229a23cca868cb4c0f

SHA256
c38c619aa222f016415805d393c67a1d23307f2f187b45e4747526945c8ef973

SHA512
91d58e6eeadf42e655a8bdb0fbb137e060cf4ec9e97583c92d11ee0a779afec31578e1cd34d7c7aab3820db2f88a685dad6d53b733ab00f6913c0f86b7274ee7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56af089ecb1189f3bc85b28a2dde7649

SHA1
3be0e371ee5be6164b392a836f713457abccbad5

SHA256
681f67a5ce1e876f55341cd18cebdfc6b9b4423ea0d163d7bbcb53eaa69a2de8

SHA512
9fa38fa3305223c1a30238ee2df3bbda36ed2645eba4f32c2343a5fc46b197c3cb19741e4d13c629f4639e906091754b77134a485f341893b5c3e4efdb86dbcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38dd4d10d1e34cbf5d12a3933a26a1ec

SHA1
b362fe50f4c7589bd4039faad89972aa95d8a28f

SHA256
78eb88b68c970fc272ac4ed0515c7762c6082a6ec006a80ac3003859e1cfd053

SHA512
8a4fe4d508a380159fb578b7f04e3880a380d753cd8f158935298b5452e8151e864ed0694ff577b09ee853ac39ec8a277dc9bde7302faf50de41052a1b0555b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1ce0a87383f8d06af8b3feda595edcf

SHA1
9c5955f5bd32f2f2a19ce089ac6ee690ebe604b8

SHA256
eecf9bba3d9834c73f8e5539cae8bd1a4b2ce3f6ea4028f8d9a2ac9625ef0bce

SHA512
8aa94c1f6e065b2585aef62b2c3cae4a245337b90bb383e76789156916f4f1d2c59f519bf6556e659c3c8a80308556de0aa11767051c8bf3b2c04e615e809ed8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc888bd1943f4326c776c95188e423fb

SHA1
712210102d157f190d073ea5d489a63abba768c8

SHA256
7d5faca02f29422da35306b502ac2ebbb4053b617d73f56668448ba6220cb336

SHA512
ce0fadf7e26a10d18c4e837787c00782dcdef158eebbb2d23e270c0f2348c252dcbb68b51ca8db86b2a3b0fc665a8c0fad60f18f0295ed55ce32a46a579496f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e54ac114b09acaf0050b2744f14881b

SHA1
55f6e54d647843dd9dacef32d6701e0a4a8e38ff

SHA256
d1ebbf2e18b7959d9f766298240efa16aa9a839e1d3a7271994f620755b86ae9

SHA512
e7cd600303047ce03f3d6cb72d253b1e5e497c29f6a82471bee8a67c3ce78352e3e985ee68957d42c9c0209320c711b098949374d315bcc1f5ebcc93e814ca0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bedd0983e9c9bd5d07707e1e56f08da

SHA1
1d021102ba86e4e040faf2acabf46857287b7503

SHA256
1234c387e6e59071ad82434e113956d72ac1ffe80f44b6fe5ba91172c68255a2

SHA512
69c6af81c5c42d3e9edecc3efa18845f033f9b2fa1a68b986f9b25248da9cb7ca60a2ee6f7fe4614ee1a2a36cb6358d8c52fd09f759ceff703710bdd8c8588ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e314a11b6478a395a133645c7bcac83

SHA1
3af05a559c9889837c52ef4931500f38f35af216

SHA256
25c97433439fad211a0c01d4e427f37e0cb898cf738734d9e58e3f28a9fa794c

SHA512
1185f4b8eadb4123cb170ff89ba839fb2494c310179936158c2dacfad1aba368d00e0ec50ec4a1a65510ec141cec9444ea4b76ae4a0e37247d2d4b0431de8c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1400.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab14DC.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar14F1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit