62bce11395032eaa55a0f2a6a0052b543040ca909514e29b491a363fc15ce92f

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

221KB
MD5

8f968038cbe99970d573355ec987e6bf
SHA1

3ceca5b132abec6e4ecd991f3a7cb811b23a71cf
SHA256

f55b7b74948d53aec80ef892008d1ac06b1e4697b5f0a49727cd0395d738e3fe
SHA512

fad6320839f3add91e50f707c0fd1b8020db008ce2b90b7f3ecee7e8e2a17372d6aa1518bc349910fc3a9c649473740bf56911e89fb754fdc3d8b13c3072b1b1
SSDEEP

3072:S0DxO5Hnt8O0IA6yfkMY+BES09JXAnyrZalI+YQ:S08pt8uQsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421424353"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2D6AF31-0E0A-11EF-972F-E61A8C993A67} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1940	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1940	iexplore.exe
1940	iexplore.exe
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2964	1940	iexplore.exe	28
PID 1940 wrote to memory of 2964	1940	iexplore.exe	28
PID 1940 wrote to memory of 2964	1940	iexplore.exe	28
PID 1940 wrote to memory of 2964	1940	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65351ffa38de83304bea1fe752d5765b

SHA1
8c0940b471430ae2b1cd3183c086fe9dea82151e

SHA256
afffb96f6311f0fd54d77375e56a3ce929bbe70e64405b1e7452074a3b4cdb22

SHA512
3b9e55baf60e44471cc07b69832fcd5bb32ac84eae568862812f3411f0f12d97ca5b9f4db56403cccba709457d646ca0ef41d8557abcc66aba7a303857e40fc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab222701d3f3c1647cc84864f7e9fe6d

SHA1
5d9c769c61d7ad36f0c9391ed0ae3053cb952e31

SHA256
90ca74aa24b198571ff1a3dc514a2d833393779083199d6902f734164ebcf11d

SHA512
c07b91b0069c3d40b7eb4cbf550457fd58e480ed2f2488acc9269cb476d84f34e7a354e1d3134df96c051c0e8f246f0b5e6ec834f5d5880c564962d9b3f443ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87f979d29c2183d4a5adbbdf08395460

SHA1
05bc70dd289c5aa8eb2156c3e88035e5808a6639

SHA256
bc004f2c9ec0dda81cbd496ad246d28f2e1c43a12414ae53e5050b5fde2fcdba

SHA512
0d0d4bd990d42e8896574de7d45309f7fac98193d3637743a14699fad9b0c9946cee71b7b9b1024cf0465b548a028b402d5055ef590160d7950aae003487520a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60664ff05220ed36bf423330ec01ec2b

SHA1
c7cacc38d67feeafaa8a88bb9de5ba4d3606181b

SHA256
22bbf8ca3c7057c64d8c6912af2fda0eb3a1777c73ea5774d13fb615aae20b8f

SHA512
7c84450afe078afeaa0ba753f728c33ea187895f87eb04129a1bd09e2b8e1c52896fa9a4e16a8710957b0cb4186d60924ef6c1f9cb7bb7e7b03ca2a1362f765f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db446efb96ac3672c09d5dd787cc511c

SHA1
5434b76e195e0353fde60e21b66fd5a62aad5576

SHA256
abe2c6e4637a4adf65a553df2515245e88b34a21ec664414516b53589107e16e

SHA512
cf79a56a315738d2547b8a920950d3e678b0198bbb2cb4f2ed3a79fb47d94be7b033ef3c427264ca6fa1725ec31a30971ebe1ae7d9b679766f8c6c650371dc13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ba96b8abae40b35e50074c50a9e54d1

SHA1
1cb697c585b70918626f34d6034390b6bfe69ca3

SHA256
272ec2b47838bda8fa426e86337351b1ee06d90332d6528d17bd39d9b40427ad

SHA512
b61579bfe6ad46b4d92edf5926589307dd14dfcedb1ff1db3b531072db63ec596b2339405a189c592f836a067d8412776ba87e4bd13d2dfbf8b81a5fa2e6504e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
368f041a34771287fbe80ae3becdff9e

SHA1
abb9428b0f9d21f536f820734232b71a6ee5e8f6

SHA256
0b72abc1a6962fa1db7bf90672a62cdf409e235d7edb778ce9778cc5813213f8

SHA512
e50812bfff8a5ffa7146a8b620b1e275d2b5bf37caf78314be2081a027d1b998af4aeecd8f1a287d9504186b3abc1a9be88cd34dab7125eba88bc741e40be199

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84ceffe0762d67392f7317a8311cbc4d

SHA1
1401486d4e6021770050498b8e4af8b2660f2b38

SHA256
581af78c06abb27354bfc00411861197802ae67526a15d6765db6fc0ace53aa5

SHA512
ee3348504217f8f0bc53cc0642b470266ca266f955c7893f6eb8d16cf0e5459c77d6fabf3c9823725994cbf30cfd593edb8cf91ffa5556b481b45c1128e8c2f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1aa64d75442fe963f8401c4acb9011a1

SHA1
eb4e37afbe9cddc3165334bee5b290fd4bdbf2a9

SHA256
c46c454c5e68f4b4d3f71a0296e01a5bccad96e16206eec1d8bd244510a9830b

SHA512
f5cd43d185a1d6f1524204b9773d9be97a14ac9d446f0678a68c141f64e740d37120cb7d82822189f867e019a68a3892160eedfa6dfcf2a2e9193e18e0cb2322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
929eecd87d29e304e0aea178317f17b4

SHA1
06d34fedab5d890cf59393f2fa13104a7bfa5752

SHA256
f7a57cf5662089070dc317987c12fbe703303f77bbf885af471e30f13b893b4e

SHA512
5868d1afbd1f80f4966e7875e1bae98ff9e6689e9c64469c5b70149870da1debeb09be7c79b880a6c73f0376b51c993349f3740b7f89b10241caa85e3db4ba07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6173dfca1f8f82459cadcdda4cc9bca6

SHA1
535ea6062bceae3be19b116ff99a334bc12c03c8

SHA256
74bf8d60a44fd77047b7d62d21ff1956886c3322ea601956ed094eeb6c99fa2a

SHA512
78108e2c467bd16bf8326c2e4854923008a0c1aff252eca75788e392f4f5cd6dfc06e45e1d56491fb29a7e48bd2190fd3bf4dfad05b2829b88687ff3c19425d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eca9f7368dd45d14ada4b6155b3abb8e

SHA1
3b1ec20bba91fbeea35bfc05f091efd6180f6431

SHA256
96f31d74e3ececa5ca8c72adcf59c2a70150534790fe0d60f6f780a59dadacea

SHA512
2e2df1c61d8f9a1a553ce2605a2f68a77b848b5ca4484e34aee8d790d2a67ad4f95482580639ae6ff86eb6bd4df4731fbb62a1398c6d50722c025a9548e737d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fc5484d18ce4dcba02eba3e3786b02d

SHA1
09bbe590f9a7db1ca8213df963f793eef25f3dd3

SHA256
cf8941be519075a141b4bfd08b13d363ee48aadfeed4f84b31d1a6c31987c2fd

SHA512
8462baa5b0ef205482fdc74609dd1cc303c9abcbacbf9403e950d3a448fa5081a440c9fe17857d254911b5da945e788fcbc8bba388801ff5b3fb9f297555c478

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
999636f44332775a33d13d746b6b3b55

SHA1
d2ae27d78c88d5b46b78aebd7c2d9b45594def89

SHA256
2bc257bb0cc0ac0b7ebbeaae96fe83f5f1f7b6dc1e3cc1c9c00f791e569810cf

SHA512
a43f24cc4133221b90fc478e8723d28260a225dfc464fff83f00178f52b07cfcf971a84d93ac4228b0414bd11a6e15e3e8b3e9c433c3c106fd5abd797e88adf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fe46ac8dea5edc429442dd73a348ce8

SHA1
7f1ed56333770a68709d168c8d915741fadb64e6

SHA256
ca70aca4a7b5aec9b9833dbb70ba720285f27a280de5620a0a5a12ce4a0d8f71

SHA512
f7968f3e8afbd99f39032306e4e3f441780e633b2d774a2bf7e81404860593b8d6c320353ed505c372c06e1eca70d40a8b067975fedbc7772121e7cbeb78fe39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2564185dcb5e024dd5eec6e13622e938

SHA1
0798fff3f8241b4fb6611e0a58907af8fcbc4e0b

SHA256
e6660841826f866c6f1b59514be04a1e089aa93eb662fdc35d0a90faa5a20c3c

SHA512
47d1642e498ce52a09786b88fd28c6755a8e4b323edda5e4a14f65176f1f214b2173d391bd2a65867cd3ba52d4b71788ce849e6c296a04e5e75c8d5d6e73c5b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a0bfaf259fb59707258124f149107e8

SHA1
8547bf54cf09fa63b907c2da8f6e176feba09c44

SHA256
d05c6dd4480a044b74ae001b3617d0f1e525172602d1481fc60b1c6e7914420f

SHA512
46899f972f8ce9ecea9181630ec4ea4e2cb0065212af33b0434efc37988bb66cd78e54f417ac666e4df7d5919bd6c0ed1aab43a0c613b01b48cbf2802c2084d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6699fd61361c82d1cad437db9e46c66a

SHA1
47d519da437162b4dc6a0d6a192419ae67dcea23

SHA256
f29467dcb1a8fe0c41159039459522d7a1d7d1872affb8c85e4ac2c587374628

SHA512
31ee1c813804024482b8072504427687b663e333b4befcca612c48cef70c9524cffe090b370518c763e664b1aaf08cff7a254e06a9f08453040b0a9d7c266523

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1150.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1242.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit