9ae83803efc85ff1842cf4102598b944c4ff88e9ed54716d5ec9b311b7c75abd

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

221KB
MD5

f792a3951ab644caf6066ce1c219f3b3
SHA1

b2b8d8cbd4c7e268188912a7b74ecff0984da192
SHA256

8af473f1037e0c0f626959181076ac7619d8a0ea504642889d2118cfd1488be4
SHA512

47f684a2c9e1c36ff0d15666c030b44aab34c70c497cf8092e12fe6608db6951734302c333b1ba5af36323469b027ed917cb4005934f0e79b1e6123e1d26d074
SSDEEP

3072:SMDiI8RqkREI7yfkMY+BES09JXAnyrZalI+YQ:SM+HMZsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421436502"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C32EC41-0E27-11EF-A57D-4637C9E50E53} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1196	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1196	iexplore.exe
1196	iexplore.exe
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 2208	1196	iexplore.exe	28
PID 1196 wrote to memory of 2208	1196	iexplore.exe	28
PID 1196 wrote to memory of 2208	1196	iexplore.exe	28
PID 1196 wrote to memory of 2208	1196	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83200e8b34e5b63c9296b3340f17e4eb

SHA1
2ebe0a0fac7504387acd098a94cf99955ddde571

SHA256
3542ddecc9cbc62e8b45d6f8268e320b928092840fd1fa1587f58abfe27e14b1

SHA512
2b98e9b3f3bca3f08feb906a4230ce846ccdde541a376864cc988ce57e20df359607e6088b57541fcc28a2d1b15d7450d8cccc6723d5c4ba22c8d9f4474b3ad4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30356c6f660e32fa94b495ec24ef160d

SHA1
3e7fc453e0a0ef4bb1783cdc16956985a962dbaa

SHA256
71a688ec6cab6643fef39bf76ca33f2fb521c0d4e005f010fe4e200381c0ec90

SHA512
f56d0c970b19d8c4d91e269b0dfbd3f808877712463b67320decf1cb71d344b7e583dc65e413db988e40b5a27ab3345688059edaba9717a443072acee1cf4904

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f7ad1d77ca4bd347c6c74e90cd2335d

SHA1
d95230a3d11cea6bc3db5126a293b84d4e6f2e30

SHA256
aee19339068bdf5695c4351713a13319ff3e609bb16075eeb9842b59dadcdfff

SHA512
193fe678adcb680b3e9c26d60c08852fbdb8f6f21239a370519395b0731758ea002fa5f3fa3ae10d44178209ff7ac67a4a5b97db4992e64bc0b741b4682f0a54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95acde9b27344de30e9546d08bcbd60b

SHA1
243baa31524efe63d646889dc6ee2eb9ca25dbd1

SHA256
0c87bf1eb148a0e26f45b6689a6708f1270ac5063f01f1329c6bb12bd844c0d9

SHA512
45314de3101276735470acdff2d7ef5b281f545ab5b134d6d09edbdf3c6f545304107b5bc10a090f07e4623e3b42901fb23a63578c8553a7c4c3ce3398cebe3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5aba33bf5f5d18053a7045e377c2888f

SHA1
2b7c8bfd226cb683f434e93be44ff3a09684bcc0

SHA256
23f49567b5d80e4715d6aaf4e05085a547cbe809661753f4c032d4060da7b0a6

SHA512
b4ac97841758da44aa311e90b09b29a420ad49dd612ba60b5779eddeb5c183cd74bda53f1ac37796bf48858d59bba323656cdf76738f67531097b78f72bc0d31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fee8650ba6ca9203806b619e5c6cb2f

SHA1
767bcb52a72677cc8c868fb2f63586bb32000b2b

SHA256
0e038e76c46288b3a751a566ad88404c4dc024117b97370dd4953ed40e05da82

SHA512
6c4712ccbb738cfa11a68c17aa2f985dcdb8602d32f58638a67430f93b9ccc5957583ae86896d27c4bb56ec91c6cbfbedfae3de25e4e20bda525b61cba62dbb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6d76cdf0f4abbdbeacda0a5756f96d1

SHA1
9232e27176d30aac3def49eebcf9026eff53d1a8

SHA256
4f661f2116a6385a91e234ac014adbd6aae56cf1061c41a71f1b2488556dcd9c

SHA512
afbe0ddf4da58b48f69c6bfc423c4a4e603d585af81311a05d6540b84be44969008e72aef1d7ea488fed1f446a4466435540d4531f4b518071b5c614ff40d8c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7db8731a8bcf0f884afb415528c50793

SHA1
bf874d3c25d22ead912b468693972b552ade4c46

SHA256
4151b2e5eb43b32041d3a633f94196fad13cf8d18fa05f4d6eb872351b3901e4

SHA512
ea34bf8b21aeaa9ead59b0dc4aba155d962ed69883539609631cef96e6166e06fa0efab8b06fec9e508bd6ddb13db3dd078b5484ba302c2434a6507f28ad2cd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04e8c94d045754d04cf114822c87983b

SHA1
0e90c1a800c7a51ab2611b449dc516e1743f46aa

SHA256
2d4ca2a58af47c3548c5a1aa75862afdab5436d3b81562429b1f2d970f227479

SHA512
5a3d42096aee7691a4da4c9a333a9a138e7b960063f291db5262433c0a576368f47aa48e3ca3133a15916da36564e91a8f0e46024dd52aca5b27019d10ea5400

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11fadbe03f75c3251aff9fcc64894491

SHA1
c1bfd7775b51315b89f75f6982f2f7a6698ace54

SHA256
35c0bbbd4a8df52a6c9d7f752ec59184f049c5f5ee36dbb7eb4293bb2a8ecce2

SHA512
aa7d9c7754e8ca375ae0f797621ceec67e1577c38ae4cd413240ca860e1e540d53b0b56e3c99827d3666615b2b953d0101cf3611e3daa87380d9df19869ee050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5858e5226df8b6c2cfca2b4c9df31bb3

SHA1
e1d1c215400cf6e31d77529ed76433789e099ddc

SHA256
c8578959d8d430be9217ddfd5dfab751948998b6f3eeafffda85adfe36998648

SHA512
a4b3fa5f2b00925da8e2accf09b1e75935281f8edd2bcd440be9211f45ab6ed3af463d86a69053fac83fddce2f7662f6537c4b034b9bccc8e2320c68e12125a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a9385a40f95478914894b3bc9cefde4

SHA1
94adc505d9de6db26ae526cf7ef7d9a94b16109c

SHA256
93f0d45c4dfbdb88c2ce6cec7af2d78526bebe42a15d08998d01104674d5ee3b

SHA512
6a4ce8e9016bb1495c513c83b18958a5105171f5e3b6e303e18f881cd4d687fe57b4bea3330dea837bbbd89026edb1647e4eb7b4134f1cfb6f08323bc8fb9abb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e303374914c95c44abf4eb49740a545c

SHA1
9aa2884552d7cdea5cd6c65a6696d6f68806339b

SHA256
86332294f795d7a933088221b2b55608e03b91a20718badefaed97bb5f021c71

SHA512
a7b123346fc2faba54c28531cc7c5d784823a92ae395b23fc186b475007ecebde72fa0b3a15dc89bef2e3676a059fd9725759c3de67277a64b9455dd68f20d01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5fd601cf5a50e3dd3897c3416a3127a

SHA1
dc0a76fc3271354b41eff8693e98433fa52d8dea

SHA256
c4c92970eb09f69fef08a5ca5ef93feb7c6bdfcca346ffe824325d572782b806

SHA512
daa2324ddb7e27cf8146b67c2c3005cc169c26725b5c7cae8626027d0519d413d87bc34f2bc0498aefdadfd41da6001e7dde1b0c88ec20f06dd9e0fe4c9f47fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f92e336f6c206d69b3532ae12f7cadaa

SHA1
b9f39107ecf08af0f2b464f4c815148678933bfb

SHA256
cd37236999b3dfdb555f0116b57c3c820cb4c2eef50e08bb46a5e1f663b10f37

SHA512
32a3027bf05602b9b1a6df6dd9152f8ffa1109b4d5a45b4b3a11fdbf6a95f9b62fb6b7e39383c8fddcbc097df19f800242847a9a25338ad98278f818d0a7a32c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7f39a8216b50509c9e52deffa572824

SHA1
fb118265fb45006ca45f6dac72d1061820f7a727

SHA256
9455b90951d3dc119817640ba9fbfcf5f7d65888a765877a2e7ebedcea448266

SHA512
ab43dc8da46fd918716fe5dbf65cca7676f878dbc78f93cdbe9052e1fbb013ce447e92887fd5ae763b6a3e0f743e511ab54ebd19bcb753b02d34826b76534490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03c70c0ecd5c855f343ce6e5f3c2d8dc

SHA1
acfcdb9dae79b6202a56ae3cb679f9b14fa70125

SHA256
ed51a2b2054da84703a5a4d020979fb7176c7606935b29a3a94c9533367b440c

SHA512
2ff7cbfa469ceab06fdeaa732ce06e696e7878bdf82ecd76cd1a7ed2d925600ad7c73f7b365c935c4c5804107e75b11898a4aafa98ca0f84898a746f4854d839

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6620b8b04ffd7b5854156d5511c5b24e

SHA1
de41df1821d35a21647685ff2333ad99e3ef778e

SHA256
29cbcca4cc94c970884c261049eebecaa4b590c187620b3d55751c22fafa41f8

SHA512
deeef55b3c567c093be82b6da8cd862514b55644368f7359ce182abccff04b796613277a900cd70e69cb2dc1495f145542fbaa5639912acae5e765a872fd7aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17E4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1847.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit