c29d7c522a3a9459c3a5bb88e31cf5470aecca0696d01f315af3affa6ce11bd3

Analysis

max time kernel
136s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

cefa38d8da600160aff84ead674b74e0
SHA1

cc2cc9581bcd66f56f63b7dc8014c6229c76a98f
SHA256

d76ba8451ad6c619e0c2c9a3c44485b35c8ca4aa30cf3a7c972ee145c59a4c19
SHA512

40b133800a60f4df843596b93056adb4847e40d93eaccf959aa988334d751fc686cec2bb73430e9e702caaf6068e5a2e14cab35ca823d56489b4a5ae86eebcd9
SSDEEP

3072:SjI6Rp9aqmNWyfkMY+BES09JXAnyrZalI+YQ:SjHkNTsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{23AE7A41-0FF5-11EF-BCB4-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421634970"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1936	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1936	iexplore.exe
1936	iexplore.exe
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2552	1936	iexplore.exe	28
PID 1936 wrote to memory of 2552	1936	iexplore.exe	28
PID 1936 wrote to memory of 2552	1936	iexplore.exe	28
PID 1936 wrote to memory of 2552	1936	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4361455a43775400011b09262f5ff85a

SHA1
ac6a8278b195a29e3bb2c3ceda41f3fd0a676013

SHA256
440268ddf74faa7f371667352be0184189dab45bbf0f1dd14ed8e930c57fac1f

SHA512
c029e130d9e62c672b132d01e737915090146dd7b8334f266127e1398bceba879276f8889ad150ef44eeda4d5f0a780560e36a57bc2a5b886a661b05f3efcaea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d10ce0a059c87211a57d675fe1bbbcd6

SHA1
2f48ebb91040687ace542dccda5178619fc2464b

SHA256
662259c5f9624e5da9d98eeb870c14de4556fbc3085b182131702adeb0c2ae4c

SHA512
cae22f7c777d7ac72cede5d6e7f7965666b70309e7dfce0ae5f146d2fbe905f11e5b89d4a8da818eaad5be815b314e10217cf5ab0cea9eef34e18279506c7ee0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eba654f65a26c0446a9598f71a23b2d8

SHA1
8de4c1d56d9011a0cc8cedff055134304bd3c292

SHA256
569e1557df13b97fad08ae64bc5b33318f778b5499c2413f92e5fbfde8037c9b

SHA512
a8bce670797fb88f69af7b37fe16197d0494837b4b0f2a455e5ba9e71530701b374aef01a215ab99f1cf4dbb52be2031c1ddd1832f0195b92cad073291d8ceb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1092436efb5a6f64bb9942d2d558691

SHA1
1302ecb2efa46b53e4d05b9062a6dc251287ff2f

SHA256
d594a948328b01152ad806af08574c2f502ee989b68e4624652c35c279deb7c7

SHA512
5ca253df53d0fc840568a522467d6de2ebf95a54e128d88441517d54ef44989c4c16e2570e331987942748d3ca67341a9bb4dcfd2b75144bdd571612cd9619af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
428781e088302e7e96e27dff2c7ec197

SHA1
f8199eba241afb834a368bb0b263f48009ee3a30

SHA256
1b566f26d5bc999731638b2798e171c7d4e9cb3edad7e6a336ad0acce7d8e55c

SHA512
d5ec8ffe0becd4a94e30ed7181161c7d2ecc177d288878b672ac6f210fce02c8e5c042b83e721186482e24dec4859f66e72ac0faf9448bdf8880ec2473288e6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
027d1e744a99aa5fc2309427babf474c

SHA1
59b5bbfcd43cd6aecd7cc2cb522076a0444e92ac

SHA256
b776b6d36807ffab81e920c09e692bdbb51deefa6236d6396d4b637615efb58e

SHA512
cac19a8a4a1312b950e4026c3a315ff28a16c85962d8943b7aa49bb5b7ab356cdb1c19ed03396acfbcc50e6efcecd115da73ad93e679a05431090852eb0be5a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa0b6992a1452477f72e5e1ae10672d2

SHA1
1d534d7a801266ea1b351ba4fe1b61e23ca9ba2e

SHA256
255bd13df5d72e3b770cf4c3429891817ab9ef9b409c1c68012d2bc547508fce

SHA512
eccabb11e4632b4b29bcaf28e5b2bc2490095a28f85a8037afa4800c7b4bef0a594ae9864cef2753d8ee0f3e33d5be2401ec59676c8684201c0e5a21cbe3894c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
167efa51262b5f94619e1937216e8749

SHA1
ac878848a4b0722a289da7afda43c05799ed2545

SHA256
51800b7e8347a9544e2650fe62342b545ac7836c9d346ed609cb79b2777488b7

SHA512
944ee7ac43eb5075734911a2b684d1e6fe7c66fc33fba8a3a2ead8f0106b0599a584e63c91709d610b80187c1130aa8a3503d735dc78ea3ca948cb7e058d274c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a256c4a0a57f79916e50ed7294afaff

SHA1
2fa6f3b2b6cb132e04fb24fc483d14981658932c

SHA256
f7c56e15cc1a6f91cbd215601869e17f5551b4e707a565b0189f0ad075e4b18c

SHA512
9a47a6388edaf9961fa7786d1ab63f6c2f46b14ecde54938d02a109578274edc3bd73dc50da922d1ad9890f9c809aed55a8e649b327f877486c74cb2d2880fcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5334ac98115136e1f95cfeae51100e17

SHA1
0ef6251fbc306ace8043ef943462549422b2f90c

SHA256
8f4d831b0c5580e71b4635b5d9733d4c4cc517217087e08c645b425187e2fe46

SHA512
797c7cfbd3c37f9339abe98203f6b8b699665d48e84c8d77ac7a851547c63f03ba5c0515af21a87ab1e92f8852d5bb1af502ede59c1e1604223eabcc6845bb6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
633c2c90548e5f4bae38015e5e1d86b6

SHA1
e1c0c3303058ea0207418df123cd178d40238ad7

SHA256
808e84895a052685598f39888722ce7dbfe0714b0cd84c3ba1ecd9ebb60c9d43

SHA512
53731690a26523157409b1453ffbfd9cbcb7fc10322b41763c556fcf95c3055c036ea4bda251b6b555eee6bda9d14d26d30dac1d50510110daaea1fd496d04c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8ca55a5816b7b5305022a77c7fcc3fc

SHA1
8b7869a63058efe158ad81c2e91632bcece7a843

SHA256
6168f526522332c77b675a64e33f6301ccd90c606c58eb9b9869c4122635d001

SHA512
47d2f2291b0e0658f6e8ce0fbe779d6a8ab5124a1ff86dc6ed49c8c6a68388b672fd74767d64d7f624637065a9e33406da035d068a75cecf32b2b794e1af6a38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f48faa214d118b5dbc71f99599dd732

SHA1
3ff8a086521fab2452e7c844da1c46540f01df51

SHA256
00bf1a547500cd36de3efd60beca7943b5dd34e356e27eb05563725d178f0584

SHA512
b4dd288e8c50f961b5927d83379c431c1d1b055c06c6dbd9d6ff958a40787425748de64edb0d8a74a77b79f5c4eb4d03c0864b3cd7dd0cd129adca4f71016290

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4d4b13dfcac7ef46dcaaa34779a5c91

SHA1
5714f2e0b8ad702cc5c381d72db5b28c9a9d415d

SHA256
f91d2ba7212564aad2a342a2645ba018151df7f2ca415d271dd0f55a381d5cec

SHA512
e953df276bc146da7b3a47d52c923d4b4303c74a33c1f225b6f1e1f414631a93cce306d6e50286cf6eb2fba1c0b297faa646cf6cf0e73d47e92f5d309887add6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0037e242b580a6278f502e9d8966ff12

SHA1
a8f913f24b7b96fe50ac0d4ffb17ed4b236f21fd

SHA256
f84d6b19859ae34e3bc607ae23ca75fff3fd92cf35697dec16dda238a266b84e

SHA512
1ff0561d2e046d8d4a88d809d1e9c00fa7fc60233526853dbcab7fc7dd344e0a7df2fd462e141bfeba42b6f8394398c8e78b7ff9079d0b7849cf8717a1b6dbb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
061ed2fd6f3d9e6e634ff046710d7ebc

SHA1
7e34d7d37fe606d9ce40f40fef004617c88ff776

SHA256
58c62e5249d2adc184be8fb014e97e04123f9251a9b6accd89d67d598f26f2a8

SHA512
b5337b1c16f20427a0598c16aeb57a0cfa814f5395444c493ae4c24a76050becb9ca6dce1a4d281e6c966775a6f27697ca8fb064bee1bb5249f06ae26b6eee07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58b51281c557f0627d3c60135e28468c

SHA1
39950752c204bcfbbf400884a6593b2e776b3ad0

SHA256
5c972d4d44260f6612baea1501edec6672e79c80f8734e2eac265ded89b85ade

SHA512
6a2f751f54a116de3576e832d41fc79169b33c514b1d3ca1d703dd43e28fa9d582972c7501620896f688d45c15ccd1daf9a2ae8ed4e962990665f73f1422ca37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
caa33ea795e7f98eea5340a46a11bdee

SHA1
0124a0cf48c6f773904d4b931400330c8fb7af66

SHA256
3b2b464fd2fc95ad6a21994383c71c7887bd79cacf72cac7db1a2e3574665012

SHA512
39f6113b27f39790422c5a601d40f4379ee59ffe06ff6edb816cf54d0cae3f052bf59e7b5ec365373ae2b97a636306fbe3ede40f8dee6a15876798be5d715e0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab93B8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9496.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar94D9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit