3932ebde8f7546d30137707f5689f24e1ff0419a30df28d56189a8e87be48ef0

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

b25486e898f5337f5cba05f2bf0a6f12
SHA1

0632b578d755382e722c1fc0d92663762ab04eb2
SHA256

795fd061bf7fe6463e724184a7355771bcdb282a7a872b5ce940c69cf8c844cb
SHA512

b77426b63e5d78e57dfa01b75b68d998dcbc4baee5c947c9393f52bacb1bc5a95d44cac7fe558dcd60cae37733720d3288ea4f41c5ec7fae7c8c506c805042ce
SSDEEP

3072:Svz2fkOzN8EwyfkMY+BES09JXAnyrZalI+YQ:Sb8VtsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421482947"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{30307471-0E93-11EF-8FA5-CE57F181EBEB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1676	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1676	iexplore.exe
1676	iexplore.exe
2308	IEXPLORE.EXE
2308	IEXPLORE.EXE
2308	IEXPLORE.EXE
2308	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2308	1676	iexplore.exe	28
PID 1676 wrote to memory of 2308	1676	iexplore.exe	28
PID 1676 wrote to memory of 2308	1676	iexplore.exe	28
PID 1676 wrote to memory of 2308	1676	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78e4d4627b2f28bbb02a13b8d20bea53

SHA1
04a5f131581d0a1944fc91b174a3b9b2abd34525

SHA256
f590d700a227beb9c91229b82a22a52ed09870c0736891c368166cdb4f17bd64

SHA512
7d03698ec7786492a9bd0b6548ab1ad15a81a079d8b2ad2c96cf005e34b620d2db10e540eab8696518dc9d6e0d1c3587b43921ea2550c1d85310d19d705278c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fb2ba9a68a89e0c12d2032dfbbb179f

SHA1
d58df22bbfcfcc16b0ba988b8ac1656e515e8fed

SHA256
c399fd361a916347088d3409f6a1d0908ad60ba4437419028784bf302a11b917

SHA512
bceac959e13a5f0209fbf1b7163b1bff1f0d6337adda99cdd33d1e9e3eadabc3e25652251c8fda6e0b9106044bdcc117769f14d516f8413228307c1114007818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94ae045f23ea426c95d883acf891df4f

SHA1
f4ae5afd6e8d5bfe6067b1d48109b31f9fec98e0

SHA256
13de5b87fb521a98e5ffa01a1e3d1431e0f4f3e255cf9c4eae5f9ba6016b9a44

SHA512
89803d58ddc8792d505e0b31725113144487caa50a079f152b77f24e2d8e9a42ab9e5ca2771a85eb12b348e7a20904b75dae1566a99ed61eef6a8480671406e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b26f893a6db4d451b22318e2b8e42884

SHA1
3dee6ff650dd26fcb93b70a8be44c9a4f2f4eb10

SHA256
613f1fff1a616737861402e110b94b70234978a5c286f50b8fbb3883a87b3cdf

SHA512
a9c4b63646aa143c79cd1cf1a5f0d718dd0eb04477318d277a791811e8c5de45882c53a3ae0ecd20ceae0a0e01006dd01814b2633d6ec3e5e5d0b2b3d7f2a1d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46b77bc305640273caa0cd24e29e77dd

SHA1
044b7bb70d0638279a1be34234f749cadb9de6ef

SHA256
4b4430134e8d135fa7b5a44307b002eb219620b26a4405a23c6c3d1c9c802a2a

SHA512
e3946312bbb156809aa78d7a04819bd38db995b78bd47fccd108ed909409377cab1ea08a60eb899cf86bf00496f3599ea80338f66125c6e2fc828acd1529f886

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e375316f478062683af6127281d5258d

SHA1
1e39cc8672eacc5a5a1af66cf3ff0a1c1fea5c85

SHA256
71251e5a5b4759f4f7fc3203a12a5eda9cda1d587a2c952e940afef4d82e42a0

SHA512
79c1e1c5c691ae39ef78e9f9b869d774bae45764fee08506785312e6b7d74151fa3fbbba9c8d9d60cb8349f69e18b3d9c3ee3eb4de7861fd4b06c7026f31ced5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2b421080c2c6d6b344ae92840101ac5

SHA1
08ff6b2d7560bdf480afac869ac8341f1c768bf0

SHA256
7986f9e7fe2ee846daf64c443ad283ce72a6af4640abc1a07d1f025e6a7050d8

SHA512
1ab3cd5900ba80602c4ab05bc21f593708ea38ffa94f3771540f62639a7968547ab6f06e6ad5a90ccd32a0e03d183c2a56cd06cafe06f795ca100c721fcf0b83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f858e02140fc5678b5dda8077235f6cc

SHA1
6e4c61620021031c8d8efbb893f415d03840e475

SHA256
76eb2e4f7fc5f6d08e7eb0bb6bf5f581ffbff03aa3e9a665b0d8dd433954f3ea

SHA512
59f1d596d5526d003a762e2384e0c85167c8810f224d066dde10c9d43c1cce83c7211dc1e1475e1a5e72752f8cccd8a29a2d77373e81b40dedfcdf52de5287d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
436bd377a5f1404e8cfb00441f2ca57f

SHA1
9181b31aa2893cfaf6b7cf22ece461e2caacb36c

SHA256
70f8556d709b8d40b2ad135738898688dd5655702916d3065393c2785e229895

SHA512
12d494f30bb99cae97ead586cf357201edcaf8ecee61bdde90cb378957136aca42b9954f16ba6c86d0d150927440fb6f2157473cd8987757380980b294924342

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd162a16ad1ef91926c5796873f7fdcc

SHA1
08aa860361a5fc0f857ac87b25442e3932862e9a

SHA256
001eb524556c3f0286a4729658a9e06ab4400d865ac15bb0cc165807f3ea4d9b

SHA512
bb42e9f8ac52654df27bf1db4f41fe311fe1eeaa468ff9f119b4bc386fbc8d55cc752e1de7fb9d51549bed59250738c5fe4960f9b3e50d5bf8489e8875a4bc39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9528977682016bb378f13bd24abc4660

SHA1
8e345b52faa49654b0784eb2a03cdbda4f8b51ed

SHA256
fc5168cb4debacd7912fb6dac2c96eed8ddd77ca73d07e761053e64a6fd03a3c

SHA512
6b3477a8e5fa28d1a19462e56c89375e5f5a32be660554ad62402abe80a8ec5ca7797c562373a44fc1030e3021388fcc035a0994bdaff5759f0c427ba424ef49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca0d02a940f47dbc26441e9508c76695

SHA1
cc02f32afc997456d72042aa845c4aa146f883c8

SHA256
6e41459db744a711963c71117aa754fd3ec5b495d83df5ebcfebe5bc467d888f

SHA512
752b8c9f0acf5fe37a817d1f853feed2b59c8417abcdf7e3d228a55d0dbebcf5383171684fa10f8ab6fdc6cfde62b84064d0a2bf5b9f04a3c88736d552e99cde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad90ad572f1bf9b5bc806cc37d6a63fb

SHA1
69003850e82a167ab1aa24d01b0a6486ef649ddb

SHA256
0316ba92c2dcd6fb0262d42544f7cdc4a93412eb6697ad8d3671af9349abe989

SHA512
25ddea37e6c10a8bffb57e1a75b78757ce317f912baceb724f500903989879d2ea62476432d71a5715a472c689492957a3895aea4d94c6d183fb3692f1a393a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78f537c371abe4f4fce8abae53c6b52b

SHA1
14113e931931d6ae01bcee85a69111a6eb56b1ca

SHA256
f263eba89427ae66d0866b722138767d80d018ce98d4cab0cf2e3a5764661c29

SHA512
afbd2326f3313a33fff316f8355a1a5170b0732d0512ba17f31ee1c150e97c5f2e659fc48157a45d314b521f248a2420103e4da154ab9096d3e1a87f0f7b5fcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d772dfe3aa9b56e763293da853a64a91

SHA1
23bcc9d9029b93a00e22150e43e53ad6a48d57d2

SHA256
2d6571cc617a135250624813d6100311e7c52f93d9eb42397cc258bb0fc396a6

SHA512
81d9614ea85e4201d9390829876d71242fe0a0d82045222f7627cfc6f14e22f21a928bfb1755d779aec2040e39ce4e5910449bc379fed2152180cf1db3d64dbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c8243b5225c3c079b6511989a411af7

SHA1
dd8e08fd96e0a2b632748b99ae74353d6ccb916c

SHA256
3db0711c147759f6c4d5e3f5ea5d461afa774be7382242a7f5818a53ca8084b9

SHA512
73a1cdb0ac8f0d1351d130225853dca96bb3333c14fd74082297114a48538a367173afa95753e0c87e6aaad16a72f35c20aaed7ceabeeff1bfb0ea246dc0ae04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2417061f883e1a005e9b8d1418e8261

SHA1
2c7cf8d609c6bf21aae2dd1db878f22338550555

SHA256
8ac85196505f37b2a764247728a09210ac36d6f7f1c1b8e7cde0a53e5c30dc86

SHA512
f4e317375925d369015c00844f76df7f784f0d1ae81bef72af9270b333f6b0246c95588b03e5d196862f0daf33edd4d4abfb2672f4cb06597ccc5c12fada9f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1AF2.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1B43.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit