8c2287a82b47f1dcd2f93e0f4a3311d15df5d0f6da8f32fbccc6510e5af359bd

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

75d5a5bc3688e9bc4d46035f19677c54
SHA1

ae6ef071349b38608fe214e5693876bac7fd1da0
SHA256

666eb27e70c76e476336725b705fb6f495eff057fd8374fd505f85170754379e
SHA512

3709ba37156f05e7cc6a86313d9bb6213cd8f692e83869ea403ecc111d77d02878ec0643419b4204efed69e26a7844affa758f2fad9e66d98cfe41560cd3d4b4
SSDEEP

3072:S4yM8UH8TZjyfkMY+BES09JXAnyrZalI+YQ:S4xUGsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421643521"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D2A0B41-1009-11EF-A1DE-66A5A0AB388F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1644	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1644	iexplore.exe
1644	iexplore.exe
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2676	1644	iexplore.exe	28
PID 1644 wrote to memory of 2676	1644	iexplore.exe	28
PID 1644 wrote to memory of 2676	1644	iexplore.exe	28
PID 1644 wrote to memory of 2676	1644	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ab3a83f3fcdd3bb4af666488b610944

SHA1
ce60ccb4f827d8d639aada66a41c524cdd0e2807

SHA256
16910d763e87c5c0cea33b25f38d582245e636ee41ed2fa3cd18145ffcd89633

SHA512
f25b8a2944f204a01ade5af6bdcfc908e98b7563cd122ac519df503512455e9b63c46e02cb861a14e1814400616bfef18a17483c6027baf6bb339d78d98ab442

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61c1692cf91faa067f911a8728b44abe

SHA1
deb416cc555473d7b65e915af25b6c478a506ba4

SHA256
1b6a09a34c164c969303657d6b549c642255d54374f86743ee84859bfbf8cf44

SHA512
06f7dac0d8331f687af3d3a6a3dc6e15da0babb3bb074e7c825e7b0e1a7f36e77ee033821b9308b0cee00ae573e7130c64b1bea6386c9f5baa1aa3157ee271ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84ddb80da9bb8a7225db052dc9c42c17

SHA1
698b8db6487bb1daa4bcf3ebf3da1cdd6b0ce2a9

SHA256
fc8c9c3f66b5856aaf1cf0635be001977757e038956890c87e9054cc729df440

SHA512
51f24a055847da811b5a333a1180637c7943afda110e6dbcb419e3a5b8270084e0a0e7f13c5c7e9fe62a49905ca7e3e6de503686d0dc12e56b7f9bfc4fb4a4cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5724e798795a986b96bdc605416143cb

SHA1
bcb87ddc770ec3047cd1ee952a3efda997f49a3e

SHA256
01a826ce8e55be74ee7eb1321cfe46a3ca101c9c88c19c181491b888ae7e094d

SHA512
5dcd334c09fb5bc786fa18bf4ac0dddaf02ced7a418c96ea15902d8f6331357563f9926e37f4239f77680281ebcfa7a5f9352316628b28a8f3301fd0ff167ff2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3c2024c822a5e8075a109c090cb799c

SHA1
15706e636cfbfc42291b03e41445c24cfd65e351

SHA256
5b6d3113a4e7315dba55a07df6b1880a04172ff5deeb23f78c664d3ec9179479

SHA512
b33b239ad65d7d745c31acee96ddb7605df2f8402532b6a9867ea370838195f5a12473dca435874ea194fb66c0231bcfb44c5ed2e7f9c4fe1fc4e788a4a8a093

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
692360bcbec1e1f1347632db9c39d125

SHA1
0cdfac3bfb287c94cca126612dd4e024cad59ebc

SHA256
c057d3c55ec237d503b601bd2b7c59e7a2f1d27568bd8fbb2b2ad7bc0b94aa9b

SHA512
10764db07e56fd16169aa1cf8001352643f2971e4aab5fdf546864ce022a6ddfc70ddd2f6e93142b10eba06aa60c4cc116d2b761006d4c05e58892ea425fed24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c18bea551bff6ad635a187b7218f96c

SHA1
0ab32c8595c952e8ee86ecdf845320f5ca28de0c

SHA256
ded74bf2e2bc1ddadffce4f58c37a26ad0a949d2efd700ef070ee62aa3a58539

SHA512
06c6c5e8156fb49b1d96ae346430e7ebfbd411e72d063673f1b329813cf0a96ee6eb81e2c7d5bdda31709391507caa9c1722aa3b6c1089e024df77ba2e1d8a0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8182a6de5fcdf248fd2aea8854fd0a9

SHA1
7cf7ad2a68c4c361bf4b404d254f513b6dd1eed3

SHA256
aa5f798cbb7770184b0224af52f967680bb5eb947c230ed780767e282e7b41f2

SHA512
6f52b6c0ed223ea3431ee4ebe4a561c5d3d488e8ebc31114f7a2fe49cf2f04bc9e521156c0c2901f3bce7d6fdc2f64b2e5b86ea809fc876c50d88b60f28fb9ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdb3bff5d7451d37185d11cd2439ca40

SHA1
9836be3e73bc4582b8b5723918638e69f924e37b

SHA256
79f2190c6880c751b11f1e26b24defebb5ba46b7a63369e04d5729e9573310a6

SHA512
0c2c5aaea914840f1b307b4b6e23c71695497f9f97e0a4ebb4e7c9b90f2d657c12c9331d8249394250581600fd9457b02ec61e362258796d8d96109af2bb72b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2678089a53d70443d2effd9c8678725f

SHA1
4e3d8139bf3f354f990af6845a704d2b1ca57b78

SHA256
089951ffec50cf7adabefce78e752d8f370f548f761cc867397fea22b67541c1

SHA512
7b840574de5d69b9d27825018721799d5bc8d052c58cf3798c1c8a946b93f5f6e03d5c7686802d3701e68b0759b1e2a399485a9e071df08a82bb56b805d53672

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95b95bbe6c0acee56e4248021f5e16a7

SHA1
41c6157a3b1b1a7679429b1b00813151c7804f2f

SHA256
d95d77fe12c2209b55e1f3c6483017650a98a7a39f1f92345a23f8e263bf793b

SHA512
b5ab91758fb7638943c3977fb67e11cd81a05930163348e405af1f1d68d5ae9936ed007b5fb45de43aba22c7d6016e5d44de5e019fdb26d64e3122cc65f67107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
267b9998116dd8a2758063bd819d8d4a

SHA1
76e165b77e838f6ccee5899627aff8fc80319d4c

SHA256
8feb4db7a20956209b292c5813e8d03b84ff7529bcecd37779298e53b05bcfc5

SHA512
d8ced497edda5b54e1121984d24707134f2de18338c6d152fd43570aac28cef9adfd3fc84cbbc4b428771a869af9571812c4018f8d303914f4fa4d0226078a08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a64127440a96694b53ebc056bdd843dc

SHA1
59560b2ce7a287ef0b985df9e60c738c9dc380e7

SHA256
3adcd3ca77b9972fe481ff4002b74e4d7c3d20f07e62f47d2f115972cd55cab0

SHA512
0184536bcf8c17b46fecb02c8ecfa4bbed214cdfad5389cea9283384e74c76c14544f88e22a35b92f34bc98dc0521bb437cb480d3cd7f71a4e11631d6cf74119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d29de4d3a6ffa03e75d91e3bf4c362f

SHA1
3f21ed6d93ceae1eef568cbe8305ecefb4906d4c

SHA256
cd83939f78b3fce0562a976aabd0cf568f1f1fdf533542fe8f85cef4d99f351c

SHA512
9e976022b8e5cfb970e15cbbbf11030d32bdb74a612ff888c6926e99076b7a1411f7f31b1434c6e8296e95170791062443ef711e7e16b52427589026f1a4c1fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84242fd0c4bffdc60b765ede15ec0eb5

SHA1
f07a8d978ff1791897285018782b31f415c3bc66

SHA256
e82bcad48cc953722d4a60d1a6ddb1c7300b38d888da02406d7e016970b764eb

SHA512
b1b2fd8149f24afa18b36f3eeb5b52e07d7325aac7a787b46a784268e1e01e766ebac426b01ff89bc57124e5bae0ae5782753fbdbf4e53145fb0815b7081d20d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcfc93f99f7e5b84e742ecbec2d95c0d

SHA1
c2cbc8ef5ba8e5b0dca7bbd14019294f6a838148

SHA256
a4d7081123a9f05f2e62697221dff8d2081320ee9df81764075f6689fbfc5a84

SHA512
41f48fad54fe140e3819e46a107afd16804c38d02d34266f531c34993e2c435eecb0dd8e82fd06211c668554e940b210517eb537967d914242f5f198f9631a13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
988b04ef40ece5c4b78033663368e379

SHA1
b4acc62470c84509acc1e835576e273b79c60407

SHA256
360d7f7e6fde98233999a08a6c66bcb8ae941292dadf2beb5626f2788b7fb8e5

SHA512
948e00e702ada516512731f3ec1a4d90a7a04f74de67ae995ea72f51fc3ac598ae9569cd4254138bab26ae052d7c0571d3ce48cec2a15d768ab6f435f99be98a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
745b87e4b9203d89662b09b38c120291

SHA1
4750d6f414019b6d9435e59e1c41d250ebc5f39c

SHA256
89e196f43a8c767b2fbd2872ae4ba80b32a259f2d98e62bee058f57094735491

SHA512
a9632cc62b043f511f197fa8a4c787fcc4b86907da84deea30efb84f15a233584388a9bf46dafdba01cf396e04958423803c51f1755560a9ffc9403108808ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd408fa18f5b30edb57dd09e6b2da24b

SHA1
f16961b7991498f14fdd57ea27f7ae1cbe5e0b29

SHA256
b84b26561a73f188c0b126548d54065dfcb6a3e530284f96d76cb8502982004e

SHA512
f8ecd22191b437ae5cc2ae1c5ab9ce947a366656e4149ab3c3b0870ab3220861a78259ca98f204ca0b1ad6cd2f33850507ec7871d85718bd9a4cd82c5eb2a8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3278.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar32D8.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit