17c1af128aa73ba6235e1cad76fdbac846acad82762c68cd4f95d36fd2d5f9b0

Analysis

max time kernel
137s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 14:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

4cb7c8616f2d94bfc057ada47e5898da
SHA1

e8654d959ee63417aca8b3aa312ed9488acd932a
SHA256

f54c313d56fd5f9497b24a2ba056f4a0452f57e2ff01fe0489f90e04cf91b6fa
SHA512

3212c6da7dec5a6cc7969202853b23f7840ed4cbe1808d7300a3e67f8a559423a86164915a6ac73aa6de157a1970f97512c576be4e016105165e5c7cfcece509
SSDEEP

3072:SQAt1HHPP1pmvkyfkMY+BES09JXAnyrZalI+YQ:SZrvOxsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7235081-1137-11EF-8C27-FA5112F1BCBF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421773568"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3048	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3048	iexplore.exe
3048	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2560	3048	iexplore.exe	28
PID 3048 wrote to memory of 2560	3048	iexplore.exe	28
PID 3048 wrote to memory of 2560	3048	iexplore.exe	28
PID 3048 wrote to memory of 2560	3048	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
400afa7c2ec3bb16c9f7e936dcc704a4

SHA1
5f407aa53d1741945615fccfcdf2cd1abd33989f

SHA256
7ec66bbea10827ff9a56175a3f505de9a68b88e5fc5d0fd222eeb4cefedacfe6

SHA512
b268bcfdad9067c45d900766bfca2cb559a6eeadc7741eaf4f0d7353315afe6c6e2f06af7631740c14870df513410bb11642bb265998af4666287a4b20d9e920

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83e5415294d5bf21585c740df78d03a7

SHA1
4e2b1d1829b8f12a94c6e554556a98473f74554f

SHA256
4f5f6f9a62d5c1df7d05d8210b6686f0de0939c7c923bb13c72df2dbbd905a38

SHA512
04c89dadfc8746e2f402f82e68f5ccf22d619ed7e548f6c9995c91be42414d67d1075ecfef4f20942e796d4d00af021539aebec9c6f1935a3927458f123d7f67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d49d5ac2a46035b684a4a7516297e3ed

SHA1
fe2834f89a8a19725b4850288c71ad1eb132d5eb

SHA256
06c925c028cb4f1ea7c59d017b5e4cc6cb25f4898f337df576396b0d5b4ca07d

SHA512
b766b846a998d97850deb015e14ee5eef1ad24e21907351c76dea6e55f9528b05fb7e8faf5ff789a72c95eaad0c90825be63bce991804476d9091b0a4297a5df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40df012ab0cae32758b46a56539ff064

SHA1
a584cf5e7fea630569f58796fd121e47e262ed20

SHA256
f52c5f29ca4a9c762b66c27967b0b5256d39a45f6ee83436f97c96fe11c3b63b

SHA512
177c4e6bebb6675d103b5d22230ee1c71046e683323db9eafbcd2fc73565fc6fc7498c027def9b2c571c2cbfe9cf59fee506a90bcd495c714805865c15222a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d23bead740ed427062786d48d80e9f2

SHA1
d2dd5e0c5dcbfbb3853c24875a3e5ed61f7c7af2

SHA256
c38de2ed1b003c42522fd93fe6ce168eada16403fa284f8d8ea1a675c424bc09

SHA512
44fd44ff9f70ae798c437a5330810117df5b05363053878ba918bda9dfb79a6bb54cbb5002d5dfa36e1faa55b7f8e1de7b68a77098a2004545f264ec2b1f37ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c9da12c3a18956abcfb6dd4c44fd0a4

SHA1
06d268ed0220f45442bf94c1495717674a80f2be

SHA256
e86e4d864df5977e813841cd149d3189d0bf245e34143b9add76bf72ffa666e7

SHA512
15710e13c6c68855c15ff0b29a33feb97b76fd7bbda877979b9f7262eab5b0bcf4a74fc2949a81e323d3f2ab1aed6692b1f555d57b8570976cbc83ca018ee6c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c882208c89d17c3efb7d682ec07be92f

SHA1
f1445e35a493fda6880e156818c3fc9c78fabdec

SHA256
1071384de1a79c78f53c909b8f5a5adfbc478284c60ce5a40433e7f5416c96ca

SHA512
5b075925c0fa182e36a3cb650f57057a62cdc2dfb0706363ab7195e2fda20be3a36bce773d22ed973fd80dee5f55a48917156c279eeef2489499c46272a6cc42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bec6e8ad0d42f628c1ab1775e93793f

SHA1
b658f9b409fe3d37182a177fe35eb9b1b4904075

SHA256
bbd23b6f1fb3cc0fe9f0bcd97bbc6ae6609bd65be49284cf3600fcad8506b871

SHA512
a11a7498aad32153659c060e915e42d13a0065ef3820c98e4bc50a4dacdd3bd820aa3249e1e72dd68e3901f3d5fbf167c24b78ef8cf9ccfddd1114cef9c2ff4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
173d01c614809adfbe967624108a75b3

SHA1
c24f0c4491a45449e880ed3675132186b1d20039

SHA256
21aa3c6860e92e51afff858fea4261d871098774e48c7dd7b6050742c2463851

SHA512
afe1014dcdcc5a5d6ea0c7282670062ee1adb4d64d2d4747f72596fbe76300366812be9daede02c8df27f61fcdba4eaad4d84a630298e55adfab4603c4d53b1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c5bd135dc434020fe1f786f7cafcad8

SHA1
c5ea0b5516037341148896da556c8e17d10ab7a2

SHA256
50e616d9747174d7f23b964cd5366ee332a81dc510829bc6b31c1739bc1527c5

SHA512
826a1ab3d57508afc70bdf9519c770d0d90c297759f217b3d597d0ad068f04a48bed9a17f70f438eaf7335227247ed3fb02ad1e506adc2b714547afed69158c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bd440bf27ec66fc11e11153d16e0663

SHA1
7d46e860923d42e822bb9f0f4c4edfd244ffd53f

SHA256
e2cfbacc5d4b6491bb065d3aeca7b27aecb9920bc80d608300cf65c6a815b5ae

SHA512
153bb2d4e27d88d8be87445b8dbda429a9e78e8839e7f9a25db434a9148617eef445ed845394f63405854389ab393b5777d790d977d53a1d03a66a2c0c4f78e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
826b94292c5c5151f4f43fa64ddf8fc6

SHA1
3c4d45eecf0245c33916ba7c1d8d1408587e5087

SHA256
dde309ba98a241c8e7dfcc54aed8e72a3be8e41a7d4ebee831369943a1bc7ec9

SHA512
cbf74e45653bc6a19cc2df0fe31bd7f1193b3b1090369bc43e0cfde24795a8910916317dc350ea475f78ee1fe48a3fb27f987e7b30d1b7afb98d0178b1dbf2a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e62209f5ddcc5ed3abbcace8cc1ffcc

SHA1
0cae7339f6f6082395d717df4cb4875ccd5fcfd1

SHA256
54dd4ebc36f5416792a8935ce8a158c9f0ed764f5f1ca16e9b7bc16e70845208

SHA512
6df367c259421d94327bbadadaab71f73b8e182c584601e5313c7a49a6a7a8b709cbcfb9d800da641566c1d139c7d758bbfc8bdba0f5d31f57bdb88862ea9f37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3914cfc364bbfd85769be23bd9217a7

SHA1
5f6a8fdbd5ac70ab6423b962faf6cbbf2ba1cdd6

SHA256
a39aa915129b47ac992cf076a411ad86da4b91fdbd0f5f0778aacbb2a3c17e38

SHA512
43554ea94f837f49ab023cbedf0c571d3c64581a950ffbb3f2452d481b7c69d0cd608bef668aa5e7b8a5702cca7b47310985913bdf0a9cfe6964a8f91d651716

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
214a80a5f4776d5c65a076d56ab20ec3

SHA1
3b1bdfa4c5ad4cf7d946599400e23f7a73390a96

SHA256
c77e806847e87640bc4c56885e4e0c009c12c34e17646f2349f71713a9e2214d

SHA512
aceeb13314fa7cf3856b40ebeb1877b4b94e8a87d2a81138824fbaac1568413b2068a5102d9a233b1a40885591b575bf548b2a3a033b92d00a3db8ea26577423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c18ede335d027698690be3de1aa1df29

SHA1
14adeb8412b3124fb3ce111b36f3c2ac0092dc32

SHA256
cdee6c70a9312517f330ef4edcef6dabd4ccde44b78f23a393c256f70a5bfcc8

SHA512
0e7e6f3b3d7438cb4d8f1c56519e08a679c5afa66e9daae1e7bac10d414f8c0a50c4ab6619aaa3855c58090df5573bf545066203eed39e2a7c4a8b3699e9ce79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d223a68cec0afddbbfb85696cd3a2d11

SHA1
b2728067e904428b0472f67d1fd867124546ba93

SHA256
e780e8aeb14198942bc56ac0a84b09475ee24bd24f57f68325177d57f110202c

SHA512
d67104d7ecfe2f9e194389fc7e7316613c62e7ac944762c46e70a56f297113a81fab71c7381c59919caa356c60d3e1d066013ac0b9cb5fb676c00c2e6b7cdc15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fe9852637b51355b4eba65ea05ca9eb

SHA1
c33cd906ba5f94edf28a525b2602b6bd68b491c2

SHA256
dbdb942d48d185bf609cec86286ad51788cab6b8a1fe2677347d86acafe02f1f

SHA512
d489c04475f8262e111e846d1391d1cf458a93688f6fb7f3227ab371193b421870e1a0c2c79e3643aafd9df052e2b6e07aca9cdbe3c0cd9930530d85d4fff849

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61edb38c68dcf514d164d91f72f0dd72

SHA1
caff988055183457305386c945b29d4d3e9e4260

SHA256
f3c5af0cc219cc185ace024d39f5a7f032f680bbd00ecf4d040dcd21758c0d64

SHA512
5b571a4fb961db7ba5072556c488c234d1bfaa7ea641eb55e6b2ae370fc2a292f252f81d80706ab0822d8a5b1d2b9078a4b4ca0c41be9414b7a13d9266d01890

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7C34.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7D15.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit