3bb38fe20b685df3ce536c9604040c2fdf922fe11c2905e1825370a172370068

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

139bccc0d400fcb867972797c4037de2
SHA1

e0fb1bebb8932126bc602f398d42f53a020fc16d
SHA256

f0b1f8c719ffe97e10ea8614c7b5668ca9a05f2b6fe999187479e500e3558c38
SHA512

988347ff7bbd2c23eaee5713b9828c3f50f0fa11d3b39265aec066dbf56ecdb5fe616436864c9b3b80bf8a1e925c79cf39d1c6152393a85942222afabd5031c6
SSDEEP

3072:Sj+oF3M8E/WyfkMY+BES09JXAnyrZalI+YQ:Sj9KTsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421630462"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A5617C01-0FEA-11EF-94AD-7A58A1FDD547} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1252	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1252	iexplore.exe
1252	iexplore.exe
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2100	1252	iexplore.exe	28
PID 1252 wrote to memory of 2100	1252	iexplore.exe	28
PID 1252 wrote to memory of 2100	1252	iexplore.exe	28
PID 1252 wrote to memory of 2100	1252	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2dbe13c329b02e7240618422ac3384f

SHA1
a72d6f305677371c9cac3c888cfd2af5d1eb3f5b

SHA256
a8a484f1bbb834d310141b1ec9de9307c9067df3c3e5b7e136afed3aea6883b8

SHA512
1d4a1f254af697b53050bf126c9bb84769ce4d3a8fecdf2070c6473b2709c2aeeb46a0dffbb429194ca8b0a6d62ca907ab0ab248104157cc610e111966c6b130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f999b317edae9dae3eadd6d258f9cf04

SHA1
7aee8dc76b9f66365278be404160c747fcc72d98

SHA256
f7cb170685839b28a998414fa2d25a35aac38b69c69448c8d895160ce82e8c3b

SHA512
1c86743aa21a2195846c3f09e3d262a75e6a3051be0073da03f3cc8e05292801ca3dd0730e0e314b513d62ddbc4c969062d32ec5c5af4db3ff48f651f8c53c14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6aca872176f97692c97b621a451e160f

SHA1
0b5a992324ce118c3eba810a33c8c25dcd19c0b9

SHA256
3a65b5ef0d39fce0dfb3701f99c0ef4fdaf8d5ba0c2e4f1c4014db1ece44aeb3

SHA512
daa559e5f1094168248ce54702038f932f7ae20d2fb9febe5f49dde6cb30f08d2be59b31ddc5b44bb3df79125fb5a198e551ade6ca689ab0ddfb32cd8660a4f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0047c0f14bb9f03b2f293b64289700ce

SHA1
4b342eadc1f090aac87d86c1497ee016b2ec578a

SHA256
d5bbe853fd600f976c059cbaf882816423d12a3ed2865d5789d54e00295a46ea

SHA512
1c3cef23711767a9a3d62a881d341a69d01b4050b1391708ea50f7f2cd2dbebae27d03a711e2adc7ccd2a9025c45e111ac92c2cb7c474e831ee2858c022cca7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12710edf05b5d48a12eda75417ac3aac

SHA1
fe09e6c9ff9f9f6eac74415ba9dd0a5ed498b1ec

SHA256
995ab3e981a1053c3e66854f244354e12ab5152e883c581e580eeb508d670da4

SHA512
748687190038b1785dbeb8e268fce930e99d0ede5ba57ad0d7d6741fb940f36748277de6254b6599ca91687c27aa8b5d76d0dec28d83db136ebfbca8c199f190

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49de020d798bf1cb8914d8697c389fb9

SHA1
ac7354c9bf6006948605ba001cda815becb9b411

SHA256
d0949c896d5744e232c3312cc99710124d2535ef3badaf3edc351f2d27f44cc8

SHA512
5cd9d499090e65ae8e802aa34449da2c29a21f802e6ac7ea6066e78c6cfb7bb80e9cc08433168539f3be7e24d66bd55d6fcab7124187fc2f39f9023d2b426fc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b59ede592b789af01f12761d6d9b0426

SHA1
28fc129c8127d1620fec45e080841a8207c3d415

SHA256
32f2969ad4226ff073ff0264defa242435d37dbe14a467445b751276208536c9

SHA512
b3e4a90402374a870abae4ea87bf1bfc1b42ad2b0ccdec7cea547c64f67bfe81b5673eecd1e7487ebdc052a9d537f18a8766f19a160c8fc7ffa9cd6b460b3929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
709ae18699b3aa483d1e86da72c40943

SHA1
0648e7edc48329674744f180af26c6f597daf730

SHA256
f5a63cbd98c2050a067aed7dfd9ab7c6dc883671e4501fd28de4ebf03fd669ac

SHA512
5fb517a6df758924dfdeef3058073e2493bee019d5446a9ff73818dba3a5bfb70be6e03f0e3184a68167b2782f37ec0a3b329a7e71d7ed47a992971de52e58c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b7416e64fcc9a8d31c2091868f88941

SHA1
713f386d28880d409fd4ac8feee086ca8deae8ed

SHA256
36b8f06f0126046d87f3fe71012dca661b74c66c446dbbb12c55fe134b2c1c7d

SHA512
850f86198935f964ff239fbea614e00730aec6eee976d82a8d6aab89ca384ddec6cb77b8920d65d2f680bdd0d54b60a6a71b68970d2ca604c38a6c80a24f0827

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af4baee0198943a5730f3845df52e912

SHA1
446b3c34b6f11e8ee5fcbc7fe3985339f7cfe0b8

SHA256
fb144cd471451ef665a7dc4d6beb76d53f0c544e4adb378eada5dd9ff1fb0df1

SHA512
b9ceb99d65ccb5e6f573e611b04822c713ad9c250e880f6fdb0a609e878e13f66dc931eb7fb0129f583348d29fc15c6ac6af1a08549d528b5ea9f51b7ac20de4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f961b6e8f33bbb39c5d026896aa3d53

SHA1
32cd776594b0771a300f6e2d6b87f2233c6c2f51

SHA256
fcf12fdf4ed345b508366e7e7d2c50eec09c9caedd027ab31e36d779bb2789d1

SHA512
ea38c030e10726859b61b306ec4030c70c583448b188352c9a953fae0536973f809a71ec9181b6bcf025a6f5b792137e24e1eebb1eecbc4a994fe67e3986db17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
562fbf8299414dedd436388759a4ec41

SHA1
e010f4c59795c67474a706573bdb9100f0f8fbf1

SHA256
3e49257decbbebbd7e702a4c4279bdc61933bd4e6e539f15ae72282401b075ba

SHA512
add3b918e527d10c53f2f5f357cf1e525133f4e477ebfbb8e98d7cdf8aa1ea98943e570f33d486a1d09e7e258ceebfae11c33c17f9212b26dd46963de4eea2d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
220a9a13522a07dad1ae2ea6cbb68e3b

SHA1
00376e17172e5925971b0dc499d1a5c95d77af56

SHA256
c0346b0b18a37b8336aa79f7a9696ca97007ca7ce831290e87de0164532d90dc

SHA512
74bb3b7d81433665df06cbaed0d254979a3b4332c673d9d9a299f2140a610dc2fdb0fdc8262d43bad6e2ce3d96a44f509324f8d95ca8e6db08a7aaecbfe12c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
406ea6abff6587b9a77801b2a4481c82

SHA1
e3b8456586a950f280057bdd98951a984a12d802

SHA256
c9ba71bf4feff8774b5f30375c033ef597c8388d31921440769259865c06b394

SHA512
bd6b4e621f116e6ccc29d60a484491e49e797fef6a190a0b9f84b01044da46ca8d075c0f7208fa3fb5c5b005a503f92e5e2ce20ffa0a67959fea20df8cb8e238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3ee5f3763f55152b221cb6505f9ca7f

SHA1
212607d0488fe601fb704611cf553bb85ca57a70

SHA256
8db496f1ee37b0f9266259cc098ffa28249a300448c9424b5a8ae4d7830800f3

SHA512
06a88a987aca061824ac4cbac48a4ae67bae92e37b908ada5ef253b4d1a0da67c0abb340999132fba51b0af55d6b340c8815d7bd3ae7e4e8b1cec09bedbb3113

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f2ffab9eaaa4acc9a20646e675de185

SHA1
8cd501157da867e976873dfcc8979a5486f68032

SHA256
a5f84fcbbbfe358a22ed2101b6200651a11c0f42a3b224ac8539c1529a6a3b50

SHA512
0bad26227837488f1d0797c211fca8bef6dc43e45a5791891b58085fb576fa1444d45506ae27c54440c0bf107ec62375b01f3121d6668251006b3929ea97797b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e461f727cd65b1c6b7303377d6860285

SHA1
b7c4482c15e9a6fc5370186b18ca2289654424c9

SHA256
9829578806395aa93255aa50d4493b011e159b6597c1f6b5f4be34355a855b27

SHA512
12e704582920b070f85474e40995a2f449b665c25388c1e3fd47e2556192c9bdc2ca49138a1b64250b7880cbd2f33ac155f0b2f17ac51333b3b4fd2e89381e9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70ec4cb325fefd84abc94ca5f4c7ea7a

SHA1
687750a3f998afe6a26571966e2473c2b33f2dba

SHA256
848698f8ca39dee87865fcf6e3e80e2545ae8ff5ec07c8e8b0d39eab73561301

SHA512
fd7bdf965312e7797c89021d7839ab14338f0b08a803b301fad5d0bbfe0ef630ab7f59302a1d63ef04504e9be136b31d4c900cb2a7bf49a711dea0a815e375aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2638.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2689.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit