31dd27d43eac92d72eb87399cb86f4e7df1d5831c673be7e480fcb50002601e0

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

7595440f56b138bf114c6314f4dd8b21
SHA1

6b1ff6642a07d62e1ff5024c695af9d562d6c099
SHA256

1eda6c6ae042fcda893f571017b79dd2117957f66c92485ab9994d89ec9d5204
SHA512

201806cb03d8c8652587406aeb2271000b3cb31434561098eb4c3e6862e45185b369bfbdf74b35a8960f6eb4a45a3f2db900cf87e63b36ff86ead997079af8fb
SSDEEP

3072:SqXKgK7epZZMd+yfkMY+BES09JXAnyrZalI+YQ:Sq8lhsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421640863"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DCDDF741-1002-11EF-BADF-D62CE60191A1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2320	2056	iexplore.exe	28
PID 2056 wrote to memory of 2320	2056	iexplore.exe	28
PID 2056 wrote to memory of 2320	2056	iexplore.exe	28
PID 2056 wrote to memory of 2320	2056	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff88ef052e4c8aa68c31cd25d2c55d4b

SHA1
16ed66fb162dc7e1b2e7107118b0f26323d4d17e

SHA256
198a74ea455db9e98d5437539564e09d07bfca6d4a78af3ac1f5d087244a5f86

SHA512
59f3954eac805945d2400022c4912b5f86123c0da007faaa508786a6d0d7eadc2e8e8bf37dbe511991fae7483b3f1a109d24201631870e28eb6b5eab3608fb7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea5f99713792ee45c62df690c42237f1

SHA1
fa4ec51d41b40d61eab53352224a1c6741ef9842

SHA256
997f1f23cdf3647ddda82473d2f2fb842312e5958de7d281b0f8fd7fe93d1501

SHA512
41f63c2c6e3eaae4f0b4660f7d4f86ffba25d8285f647bc7fc9821cb6f7b0ddb8bf3f0c4c9257f967e00864e4c45b5e64886c090a9bb129443ecab188a286bb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a641d72061a118d698875f8e8ed43176

SHA1
3ee4b5fa1395ab9673da0ea12ebfbe86fbcaaea6

SHA256
ea1d861d7ecb35a4b26fcb0417cf02dcb658a113a951f90ca82d70b5845dd5c5

SHA512
080378ada74f1195b82163aa55d6f66761646f03d8e70db8562488059fbe6ad09027f2ea99c408ced47328afdf3ec8c626189946d8fe40af40d028d9c704c5ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f92d3aaa791601e30454c0c53ae407f6

SHA1
8679d29f8330b559c643cb225e8601ccddd01b05

SHA256
6b39ffd171e252e3d04d1effdafb278fe0aed8ee1e0e6e9bedfb7adf1007c754

SHA512
b4454c2711c1380a1d3df6143bbd8422ebd5b9913032b56a83f6b5fe4b071c1e93074aa8ef4e918c6dd4f03698878d7baf24c496f0d9eadfcd78ebce7db34ad1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e25238ab7eb12152c80239dea15bb5b

SHA1
bef5ee03db351c93b994278768b2db88281c926e

SHA256
4834862b6dd78c46ed9003a2039c14e69b23f0874e973a71e512ca125dcf2608

SHA512
5ebe576701e2c5e523be014db861bfa8f1120d6d702bbf59b586cb907f5fd38339c71b23be93b56435a5123ef5836d17b97775f1ae787abe43bc06bf08b9976f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
783bc194cd486179fc543961f58c5aa8

SHA1
836fbe9ee9ae0132d2adb89cb379194192f2098e

SHA256
7759fb5b30bae9425e1ade31fa943b0dc6106ecb61d75259946cb3a1a3be34eb

SHA512
521a50724029f786dd584e6aff7f86495b9d0dc3c49d788ca3ec911c7077afdee79583c7aefb487be133315aba790721c666293f3a986870ccd58e7f1cc175cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20b98db1a8601907003c6fab91dec6f3

SHA1
3df0ceb0587bbe32b86d9ba49e00fcae1bbe46ff

SHA256
eb4c4aacfb9cf95c8251b5af67b1009d82a62e59e1a17b5e17068f91e6693725

SHA512
c818727a145bf179ca4f15f242a74c02893f25f4a71915f9930aa74f8d892de131b559e6dd447babe26377968a9f7b1fb674d015c02e0ccd50208cbd2ef36d36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09713de3c6e80ed31752dbfb72e3d70d

SHA1
d7d6e794bca95e8feb9bcac98e563bee84914e0f

SHA256
1de8dfaf5fb9a40c316f84f2d5fc7c7bf14d99168d05edc9f1007f15e7598c6c

SHA512
30d7034f7d3a6f61c3f9c3dc6a324f5dbdfd031be1597bd9cf7e5eaf305348992bf62dd7a103f2296a893b324f09ef22abf064f7aef4d712056fd30831de03e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e495dfd279fb22189e160ace9c836ab1

SHA1
9465cab59279be4ecd6bd491e8eca2ca97ddff6b

SHA256
abf13bc5f1b8683b13922296cac8bebefc8ab7d72e47f72a3308446915b0b0f6

SHA512
ce48c7291e31ad27e856c575e486e1f70668e7d98c87a179002f7a9b5c8f0fd6deb3cb974d20d9f181768b0894445247c11c44c08607c663a95817d40d1c480d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8fe9b523006831e995336aef6ca25e4

SHA1
aed5e8edd91559d51f00d121adf34437522ee6cf

SHA256
f28d96f82c56acd786be8201776d25b62f961a365d4f13ffe2627d5c8183c4a9

SHA512
782c7c842a04e93a03c47829d235650dea9e7354eb81974b60271d132aa5757946c7528c1186a19cc981f5576fe8c601a61a49964ab87c0014e0cfc97f3b10d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce948f1fad20b5b04d280b91b6448552

SHA1
2ef1a0cac1efb3ada40fe922a866a18ea3e88572

SHA256
5ea205dc24da1d44117facaf13098592a15048fad7265988418c7d27c4c20475

SHA512
d3464ad41ce41759fb70056aa032b90c64cd5956f4bc2e403731737e8a9fd5b7f6537e16f51d3f3475f107a5a28107e2f50bf2cf76fdebf1b0a7b4c220834109

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cad0a22a12fef6fea59b6b77b5efb349

SHA1
6ccb7b6adc0dd5c99ef0e82d210dadf2672ea556

SHA256
6b59a751b482af4e58c1ed5947c62f4034f1fbeeb23ea1b54a6a39136f75ac61

SHA512
d59434922b9797e9a59b73ab5b10f42a5cf3d52ba5a79de7aa0ffa100d3aaaa7906e1a49e65b7f75e0e16e153d66a8b67674d6848d6e50f5fa21f88dcdcfe274

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e571155a003688208a134a0631f0ecf9

SHA1
f7c0945defbaaf7a8bf25a5d7ab93b13a5e404ca

SHA256
9932b1d182f8c63f7b4aa8d4293422300a726196a1f11aa8b337546a393461aa

SHA512
945d7f3883f2c0545dc45107523e30d517fa99fa5c7a5de3059ca14701df544a22b1ff56723aae7a2b7faa05b5c62d0d5b581839aecfe55d516d722f7c0d8def

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0da649c1516674db4e82bb2f3f9cc70e

SHA1
312222fb166aad4562cd75d0181bda09ba33f3e8

SHA256
88b6fcc93829a7ef4d446c36867d9cb49eb33b65119948e47a80a838299f7e7e

SHA512
99ba6269026ccb2d61b29a8ff415e387d110bae1f09446681075f70676ec66b038e9e7c9285a4f678e1f7e9db51c6907519d4d6a30ceab077fff6c1be60bdf78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dccc2f6e4a99f62c63c9d29a5279dcd8

SHA1
f18a6076b256b4c848b5dee12911e7fc4d9a197e

SHA256
05f36f7a5ab9d3aa428209c003553092d47337b8d128e71ed9c2423c3371a03d

SHA512
e3d3514e53cc8a79a3e4772d7fb664a4b738149ef3ba05f3e81429aa90be308688397cbd9a32a590562679e3f1634827ba2194dedd121f7d56eebc0a5b9b3947

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ceaecd9a5afed4a837a1eea2c09cdbe

SHA1
29296c616222ca5bfffb27e29c82967fa601558f

SHA256
93e9ee4fc4678b46370402d43c61944a61c486e8b2443507a5fa5323c8dc50c0

SHA512
e1e16afc866aab7b68e7f76714b8bbe8d988c875a28d16b6bf57074e029030147d973b5c8ae3d8b3df2a220fdb8ab7adc4b2da2073795cc3aa3e7e7b92db3efb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
200b0999b49cb8a2d07f9991b13e4284

SHA1
e407605f31686d8228a4b2e43ac2dded9f5c4680

SHA256
648f66d4129dfc9e9518f2cde79965319c11013e47c8c84de8bc49a9c08f03cb

SHA512
2aba0a4d63e6a44aaef7e41c88f758523d78486156a54b98d7a114e8cd5bc7e12d984a9f880c34f177880006fd2bb39775fb5c8dbb9507ee652ac73424d858ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44ab7ede4880b625cf9fd535db1e32f8

SHA1
adabb98937e0d7797930e9382ab98fb990a32f68

SHA256
0a7993555f7734f211600d1c00f9c075e68ccd3809b846a61790ceb84a2f7f6b

SHA512
193c2674e0f7a74551c2bc862843f415fad439bf62fd94148b293d6b3d4afc4704cff251271c87a3074feded96a3cd8da725357462f9a04cef9c84635e3ae829

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5c1fafbd77f5489e1e3de2a5fa84888

SHA1
526877f5e64ab46b34cb6107f6f1720b298ca971

SHA256
f6e3a7861c4018d1a064cd3f9ce3017c37e569681f7200ea01bd81584080e95d

SHA512
cf00afd5aee3d270740d92bd473571d3195be8efc2bfae96d0a887a75e84b46a85f99165f8f427db7f8bf641b50df95925772c59cb7c1a095ff81cc6da335d2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab34A9.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3642.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit