0ea381d35e61b4ec986fe6025cf6561ae825cef6d65dfbd61197b5fd8e4e8d20

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

69e44b34668ffb809c3989ccd6dd3df5
SHA1

5e64e16eae2046c78dcc0ee2f19cc10ec36270f0
SHA256

8247e551eaba08bbf863702c7890575a4312fc9d43f926480f6aa4ea3c29b03d
SHA512

cb47e5e8c09f81229497b279955b045de2e80c26a3321debb998dccbd1eb1be5a7ed61e03dfc763ce21de46cdede544f74c858ae76c55196bbd6eaccd5da6a8d
SSDEEP

3072:S3DlwkKgBB4yfkMY+BES09JXAnyrZalI+YQ:S3vx1sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421448220"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{54BCCB01-0E42-11EF-AF55-CE46FB5C4681} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1772	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1772	iexplore.exe
1772	iexplore.exe
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2660	1772	iexplore.exe	28
PID 1772 wrote to memory of 2660	1772	iexplore.exe	28
PID 1772 wrote to memory of 2660	1772	iexplore.exe	28
PID 1772 wrote to memory of 2660	1772	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c72cc06632c01c394f5f58deddadfa36

SHA1
649fcbb26e4f21fdd3138bc2a5ab6b30eb7de929

SHA256
0325fc2055cab4193ae38a6ff7e53d63fff908444e3c3c8410d56bd82acd1d78

SHA512
a4afcc4e9046be9edd8544f4c16ed6bd783732609a7fff9d36d7de6f8241328851942320eb7671ff181aa97819ccfd4bf9db17125cdcda765a1a2fe7bdf2b282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dbcd323ca282f29df761c0d13770eef

SHA1
8d4d05ce583904dd56350c12729953b9b0059e8c

SHA256
f39cee8b1b8f589ae15fe8b0fab7960b937b20a5d972399b64c3d63bedc71508

SHA512
8dddd92872895b667f3504fdcbea63823401ea41f76a02a731a8f5c0239118ee4e28eb6f269977927e831b05f23c989b55027801b2eaa2dde70b064c9064021e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a24333e8e66dcc934c6edc49de8fe03

SHA1
2ad6980c14b50e3f1ffe255cb7c84555a004da04

SHA256
4ea4e0160e2311fbe4351da19b1bd2ed2dda352deec60078fe7228c8754407c6

SHA512
85479fe49e63ebc855452efbce8c06a2199a4e8d2791d7bfefd88f1cca6b3f6188cfbff711608de3039bcd160bdd1fbc8c417f1be5510d5cdef1caf57b7b8dbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69bda84f60bf791cce88631a602ef3af

SHA1
c7dc839ac94cf023d58df0b957bc805f3f5bb7d4

SHA256
cf0f5bed4de6ef006c00b639339b83ecd1cb5ad229d3cfa93735f016007c8b92

SHA512
b84b8b2d4004cb93bc031584248f6b1002865659b842e7777bf838a632c36fd4f5720e7a87902b5e7aaab615e41720f4458d6a077b990f21557fc453367c8a9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e4a612263ef1108a374b41ea41a2ca6

SHA1
2d2205235f8c4955f73540d07e23b8fb86a6a74a

SHA256
772214c67998235b39ed5d28aaffafbe4661fd662c1f87f21b625a397f67bc89

SHA512
60593d9aa1156c071551895990e090a1b409ee3a7d6baabd55b6273696d290efecb300d036f9ac2a32e3ed8b1399aadc4685666228be040f1634fdcd704af8f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0484f30a7200a9febf1436bb95ee6826

SHA1
1c3815f96d46dd8a7647a6a7d3cb14047d4242de

SHA256
de540d1be0cdb2decf8e6b84723c5d32aebd69e43fa0f4ccfbecac97b6c3905c

SHA512
214fcc726363a777e19c400bc3fa9d8f200f55cf28c113ced6c5206a6d08a0f5bc93c462f457ed951e941e0b614d471c513d05387439783089cd7c6b5e11d925

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e99272268f0e78554bdb3f44aeee2f1e

SHA1
a767a41679136f107bf7562bcd54fd9009513e43

SHA256
2c8ae58de6231bfe7d9ed3ad846f2af4b3017b86f36623a7b44d9c56719ecb36

SHA512
bc7b4c97ef6b223e906cf20dc518fd8ee7793d3dae5198f56cf8edb877adc518b4293cfd37f87eaa3cc6fb03d839c6ef2e94461b04f9207d0b082b046428b8f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f69281571c44a9f540abc31139b047d

SHA1
1b20688b56d3fbe09ca9b124b998920ebee62b5e

SHA256
29bd18ac949c049eaa0caa79efa0e415c08f81bc68652eb552c4f65ecbb2c873

SHA512
10bd582f3c7e0b4b4ecb82df8e39eefe71e423e7af14522d932d4c28aae4e8b7df1b3dd2ec17ec2dcb37c73c2a94737a92d90fdf7259769fb8c8104b35e78daa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76d315cc73cd99a92b59b7f9e33ad65c

SHA1
c2bfc674d995b98f920d5d5768958e7fd4bed3c8

SHA256
e52b015918b2353d2272bb9cba1c56676afbf753e7638d1e6b32c9388a2e0f53

SHA512
e4e6d74bce0daee2093d0afe0c805612b91e3fdd94ed71bd594f523f0c7eaaa38d0693059d35365ae89bf3dde7c8a1dd702f503b3f335a4046fc0749c0c1a289

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2449664cc723f18958af1bc4748e62d3

SHA1
dbfaea30f89259421083f3b191c930fc69202b22

SHA256
af1ec6ad4f6d5c7f7329752b2a5f27f03b1b4179ac7a9aaf0373c0b84bb95049

SHA512
00badfcba59ec22b8732a5de2258e317618665f0a6aaf4326bccd8d0c85481045f6df85d96e1f3b3d63d7206bd2350f955af0dd502dbaf27b7dcb3074a006a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c73344567450bd7a781466cb4ea2a001

SHA1
6fd90896672cd704c60f4bd3a51f36d9d76832df

SHA256
96acb0501b81eca79e39b0f276a5278e722e18ab2d5dd96a4c95dfc8d1abd598

SHA512
35aaba74d5f2555dbe5889276620ad4b795b0eba6cb8fcad7d4375dde09643c4be18c3e597c2455f4b88586b47124daad9c15752beae4f3428d361ded6e608fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce30e36facd4bc8349ece2870fb51b3e

SHA1
d28c9aa690c887f23d64da86f59fd917ecaed417

SHA256
e51d180a6787507aac4ead75c99c149c2b0c472d0834207f41762fc9561989ca

SHA512
9a037cd244041a928f2903941cabaea19be9656bd276818586aec3c137562ee0e7b10fc66b86bcdf1006515b34ca186aa9c789fede7a382a89efbae6cd5a1cc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f7631dbb4240f82362b5b3cda5e3fb3

SHA1
6e5d32c231a85cb12ea04fb2639f366a5ee51e60

SHA256
e6e3b9f3b98c03f49414b8071f60bbff75dbdb8fcb37c01ce28c2a0f64d03b6a

SHA512
763f10f1b1466d56d800e54c824ff2643f1513a83329ccab7272f8e6a78a9f39785a8a74d98425473db36318243a5626265f78c67971cd17efd9e114ce912ef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
793fb17ac8bdb4816eaf65a7532f7594

SHA1
9f1bc4cd27d0688a77877a6edad842a20db11c57

SHA256
dc2429aa4c3e4f5fdb37c12288dab90102afb779ad7f0816a63219249c2d4281

SHA512
f50a8dc3abcb8d10c09536d4378b23fc1e0aac6b9a72c2df991f72d5035fbc1dc42d37ac39288eb23c0bcbde1e4e2e039cb57a7432aed2e2d45b4c32cea2c77e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5d5ea7c3aba1a0560e22ab9dfdb3054

SHA1
661e40045cfe5320f27ea4442f6ebd9d7499d367

SHA256
60980aeb3b13e21c57a3911d45098c92aabd657ccedcaf87675c5c8ecba40e59

SHA512
5629f747017760a67203bfc045bc9b2c34b88aa4a54fe170836a84099cf3e2fc2fe876888880e11bebd0365cd33067dfdaac9309eddf354b50af045ad1cbb9d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8369e5e557b389e83b4a840926caae1d

SHA1
68d4d0d331fca9cd36437dfc2df3c1754e1e3ffd

SHA256
03368814b1b12f1f2270b88519eb0d9a9db3cfe243e44524a196635d1e1ea1df

SHA512
870bc622bc3af1c657b6a6815fe804814e1554a7c99b5625909a6af677c145cf9170f63dbcf3074c675f84108b6df25cc73121c96887352976d0f582036a1a5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6182e5b7410f5902dcac269b0e9c0cc7

SHA1
990c1260f95904f20c2c31d5b165d3fe6900eba5

SHA256
bb3b0b2ca8c29f5fc968a3f83f97d3920c045be27451c7693eaf5a559b1d5f25

SHA512
acb82e3f4889097440976961ec8a8b6db2a65e746df93012947721e2fb60b7f7e4055ef9914e3fe2588bab4cd4c28f8dbd4da5dbb0e22cf3386a037bcc808a70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8aa96af444fa0b1e6105e9795184212

SHA1
51d389eba73e763113850ac2e5a2dc1e294586a3

SHA256
a65ea6086fdd5d05ba8ec6b19f967a7028d1faf511f5026de81246e03f92ca48

SHA512
a43ffaeb710d7f017a46123103ed192c32990bd153b10899e5d8d1b08c31419a79b9fb20c95a5b8023e2355e00e48ea9e712dc709b825bc0182508ef752b1691

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46ef308c91c1148db3c5111c01f68db2

SHA1
971a864956dde365422cf7126073c98b4e8cfeec

SHA256
9ed3d3e9689672409f3cd4fff78df0a7a0ced4b90e07fa206cedb579d3b383fc

SHA512
20aaa7a19ffb8b41976d1895fc8e159d9f21e9954b4f09d6a5dcad8f30e3dbfc0494dea68fe792bea20b7d689f064279fc4b2d0654bd6d83232a3274fa780713

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabADC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBAD.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit