d3675e66296d6e539c1b7d8949a3fe7c29f9886d6a9888ce042c4e28844a18b4

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

727c8452591130a862e0c249693da588
SHA1

e7bca7d9437395d46fbd2cebafe9bd025d4abac8
SHA256

456f864ed6e4c94bba853e6a644d2fc3cb1ac234bb072981c55748d4ff7906cc
SHA512

f6e11c3c59cc8d4323b6a9cdc263a02222dd9d4f25cb700f91f506684abd587b34256e2c3192f5140db16a404828ee6c4eedb07010de178e03afc5322e586488
SSDEEP

3072:SYySZ5tyFHryfkMY+BES09JXAnyrZalI+YQ:SYxeOsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421424969"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{32027911-0E0C-11EF-92B8-52226696DE45} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2208	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2208	iexplore.exe
2208	iexplore.exe
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2936	2208	iexplore.exe	28
PID 2208 wrote to memory of 2936	2208	iexplore.exe	28
PID 2208 wrote to memory of 2936	2208	iexplore.exe	28
PID 2208 wrote to memory of 2936	2208	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c6b6c3c87b4c2c0388d6e97ad7ab203

SHA1
faa363fc43840f94873650deb524e8e9a455517f

SHA256
6df93689b23851e90033febfe5d928809a675306a5a9084844275d754287f023

SHA512
944b98c039165628a40e1516dda76067c1272f914b50bfafcade486e0a5ee972c29f9422415ec1cc304761d4f84ef39a77719aece89b4b8f9c3085451ebb14c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
093b67b1cc3d62e49e3f58072551b313

SHA1
89184cff142d99d288ed212498313a439f2cc224

SHA256
25f3cfb7eb3941204e7a1ec8c73f2666cf91b91dc86591d3b0216fd90f3ac161

SHA512
e424387b02c866fa064fcacf63bea1f397d6b2065389f876e3189a85251468469a023c3abec8a4fe8a21450d3ba75342ed08d4484fdeff68dc43cbbe945df123

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5391aa62dc3897019fb3362288d298b

SHA1
8baf2674b05cbd4edcd977a45691d8eee896000e

SHA256
ff4b6497f56db219e2eceecb62de27b5967e203eda472f273fadef7354c9b57b

SHA512
a680dac6a56b2f3400585f19c0595245f5d92555715bb19a0c6f1ec49ef83ea0e61f482d9f375db7f0afa77dc62654bd589bb73f4e116190c1e5f20fbfd6bcf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da8240d86ec48b6e68eb6f1025bfc587

SHA1
826583c255d79679dff462b6922335f118f757b5

SHA256
a67a89995270d428f5d0ce31b8a865a31de2a45438219ce49844bd635eb6719d

SHA512
3984c10c4a3f6a3ebc013d474cca657f28cf72bb4331eecf2bc1b4bbea98f5de93aae320edf14879a34069992accddbaf6af5e836691e697757a619640e216e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
564fe97b1f6dac9ad2e26288dfa9de7d

SHA1
b1376b71c754f628af39b96fe0bbcfd0c55f0bb4

SHA256
89aebf43fc7669d39b1026893e1490f810243b43fb1c70cfd4567aded4f12bff

SHA512
e48a59cef22dbec9bfddbc0c37f5d12bb2f96fa6719b5851493f35e15bdce55050c62b7e111ef9dbf7a0e0084fc5b50dab268888aa6cb6d9bab655be676c48b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b24489a55c8b32dec468414ca899edb

SHA1
fa4524a46fb48faac6c0b6d09fcb432b483e55ee

SHA256
7dbda354d265494ede9a4e18e1b738f77464cf28e6c6b82441d089c0298ab601

SHA512
01811db59c7075e3420e00ee2d5286cba76e39e8832b0246c813495d6cd1986164aabf0e45d93b7598f07ea52b430900239f0212a0401e3ec56adbc577f20192

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f76effc12546764638c76f99bd5de2c

SHA1
4d448e5d90d1d86c7893f2118ad9793cd737d446

SHA256
64d77950fa34f3abbcb09e92a7c260aead7eef7eb569d054c13934033c7b8d29

SHA512
6e534e38522df44f7df0276d0ee048768461411885d7ff67dfe5dd4bcdacac35690d2465f8e5a6bcbf64939660f3e660393d6545181f396aa37f3a7ec038eb3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc3940f8fd07e9a65e958a27b21e1493

SHA1
bbfd3dd374e5e55901df8ffced1cfd0740f983b6

SHA256
13bcde4215558a867f9759f43bea2281247705b2320580e28a2efdb47d471ffd

SHA512
54fc962b044d392aadbe59fe522723231b19e9c0daf71b1ff69eaa2576b15afea65615d3f1646c78d78a63f9f39777722f8bcb3d742f0a2285074687757b3d7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e91360104ac0185785173ca88fb806fc

SHA1
89f2c82c6833bed03e227f6f23eea3b025e2c42e

SHA256
50b5a4954371705c8e9c376d23c20720f278bd0474ab33354e46ee0c573f432d

SHA512
3e0677f5eba21827cf26167e73146bb9f620dda8b3f411be5806a7820b898e247fbe37153fab6aaced341aab59bc8dbae4d278fca650e510b4ddd4749ef91dc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d6484b6e66e275e0f7fdad72f895d10

SHA1
3482fa6a41f5e569d77054205c7276627673347e

SHA256
c6d3525bf2025fa2049f72b8a86226facd28499340588add862467c4d829b876

SHA512
d668501814be84f63e5814ca670bf61b74fa89323585d553c6c2c7bbb3558f4c719b31001ef7f922c4a596cb341e2645d26494c4185428a5d8c1a7070daa1a5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1114b81123badc601ad933e4d74e3059

SHA1
ff3693e366624298d138a90d30b7637f392ac8b6

SHA256
679e544171733981dfa61d2fa94179c16983e9406af8a4ed4e195bf7cbd04c77

SHA512
b08a2dd5c951692a861f7f5d0e9d49297d1c79a6e1eb27a40024130adb0a9c4c0d2dedcb1b17a8183dbe691c5ab4aa78de63f743bd1ff775b7429f1c4ae4fcc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e360f88421be406549505f9ceec4dd7f

SHA1
6e1678728656acd779faf6b499d15a25f4649c51

SHA256
f3b7993ff15b7a57c5161c01becfd32ea74c990f30332a90aa5b7047b4aae36b

SHA512
3283fee2e97c10f5cbe5b89bacb14a5eb2b314ed13747112bdbc9f39360ec0f05c872f82a2bf31f7d11e19eb49362cc8cd8bf5390934bff8f29551d9dbee3d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58cb0a5d68a9588c05f5ff7d95216524

SHA1
ac20fbaab190d8f4f5d5eba2fe0e8a083223816f

SHA256
8ba624e3725c360539cb94de4a7aa20ed0f50aa3eb70d9c6d4a61a22f8d43748

SHA512
83ec7627eb252a72c85ef96277268bb173261c357cf5b3f35f76f8be18bf14809e13d3d2857eb03e56a0cdb6803328743297d9e1b4308e258330beb1a102db46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5c3285f25c5f8517f31f9b6aed2c6d5

SHA1
3797e0aa4aed19ba37c794e3f0ad28ab4520a759

SHA256
b997b1546c5f9b9ba4118a113ff12bcc65c1ff63cd1835032f4ae94fb3c040c4

SHA512
37f6680476002bf0f56e179fe7e3a45602cf3dcd22ed81081e414625c93cc7ac5be9b0e9c0d9ce061620050ad03c5386a3b75babaf2cbf72fbfa021fab97f9ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97f09b61b1d22e2bfd2c43bd5f7863d0

SHA1
3b002056b205eda65980de2a12e358847a0746d5

SHA256
a9fe89fa105b3719270b40eea0fc2ccde6543d3cc4826c32513084d4b80f3d21

SHA512
5d103a990af34eaaf057256bddcd6b46ba1c536ea32ffe51cfbca33cb634a2120e1af09d55776e695e00459655f90448902885e1dc26833919005038d0609d8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61d8faa761955b28331399cb23169327

SHA1
3f2db50199b46583469c31629160428e7edfda86

SHA256
b30cd4c32f55768d45037242287f5717154743bf72b118784f614369e24b9fe5

SHA512
6c2aaa27c217730a28de3065e7a1ee81747ff5c81e4e37113d7ca903bf3f15118e7266ca48e5d2002c1a758aa1b7a1f46e93322ddfc6ef9d4403a22dda430caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efc87d3209a34f0d4d4d27ec2c544d1d

SHA1
6abc200d06b4bdfd93de842c2c704ce02408da2a

SHA256
56c1a177946fbf17b2768ed96d41a4824c8ac34d44cf4bbb2af69a3a1b3aca95

SHA512
6ad36ae590fb3a3c4efeddf81794d22f158ad5750415d63f10c61b493836b1f4ab63202d6232057fccf95e215597ccbe43b0cda247c4169d8acc13b5766f154b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be04b49d782dba22ef7f824cff417113

SHA1
b06458c7cfc8d8f2d31eb6fcd8ca0cad23639d51

SHA256
78466bd439a3aafe6ffcee11a6795b1f6a90e59b834a6e64f077aaf7a4a8c517

SHA512
90d47b8522151971b3d080f3b1705cb8dce9bac01f514a59c7195893a8b65080eac14d8c7750a68e7d0d0dce81dcb745f70adb72f971622c104763a60d7eb93a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea3bf5f82adc7bfe80769706a5493bc3

SHA1
44a956babc9a8b8d4e9dfba8d33014c4b7b34447

SHA256
f89d95581ff561914efbe4870273dd9b22a34cb2084b0711dc5e3ce8ff6893d9

SHA512
fd875b1dd7f3c6c0c77174711e87c656ce984b3ba77fe38390a7c0f4e3da6cd06bf1e8ea2495dd60f926820fd82d1636ea2ac5deca7f3267fc3e82b33c2977a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B11.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1BCE.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1BE3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit