d2e538eba492031496e8cccb93f55a9abc941f66c664d1f99cf7c3eb2d07619d

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

69d30c57fe065320b527876225283534
SHA1

dab9e1c758a902664650c97ae55d4dee24cc106c
SHA256

7217808afc838aeac647fc6a56e502a7f1ecf9122fed6457510b6fa353f7ec52
SHA512

d01050c64055ed752e4b2f35191c0f40aba9d11a05355fd4d1f43c454f69be6efcff5f89c2be209bdcdcefdbd89e2066f3668feecb07d9f4f49fce76f588bb39
SSDEEP

3072:SDQPr6rAveiyfkMY+BES09JXAnyrZalI+YQ:SD7nnsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{511FD951-11D6-11EF-AD96-EAF6CDD7B231} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421841632"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1772	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1772	iexplore.exe
1772	iexplore.exe
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2728	1772	iexplore.exe	28
PID 1772 wrote to memory of 2728	1772	iexplore.exe	28
PID 1772 wrote to memory of 2728	1772	iexplore.exe	28
PID 1772 wrote to memory of 2728	1772	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fed953c5214736f76ccfc042674f246

SHA1
fead4c021832868e279d17fe945cc79c7609c3f5

SHA256
d02ad2decfabd8dc0407667ceccbf8994a87d8f0a251a23c223881a9c117e247

SHA512
3141b23941f62bff183bc799101815307c58921e6b7e6252458866e69336645efed5ed92f65fe4feead3fac26b31e291b8a25d16f78070265999c9adee16e2c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3731617a2fe85a1054be2fcb395be41d

SHA1
5cc441c84c0669f740e5439be9f5bffe4023775d

SHA256
f08c4f214b8e1fd826fb71ac67e6f7dc3ed7165a468766dbdaebdf0b460ac44e

SHA512
58b2631a1c05036d2c26a1c677c6ad309b78289ec6e4dfc4a92f9e4c77d15491647e39326eb20e8a8426ddba8276897ffb32c1fb8418ff3ec5f5b4c52900c840

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4a4a241c29f235620b88d1b8e5029f7

SHA1
7309d0a3e969f92e0c140b2e3e61230ec8bb5431

SHA256
56eb7e62116b90fe31c9c4fc17608b9224835199cacbd920fdb76aa60ed028d0

SHA512
dc11f63b73ac567261c3b90bde4c41854cdaa9dce13ab92fde757801483d80f41d8c9a7637ab6c392b0ab38dc07947197803d6b568e02d7bba266a250db83fd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50fa387a89e5f3ab25369ff7d99eb86b

SHA1
770664a0ed2390b73c0911fb0fbc3196fbf7341d

SHA256
01a61b017c08f155de5672b163d683ba43f4efa06e866d0c9a12f46a34b0df10

SHA512
7bc154661514abb12a42fa3ab841171bf548fa51e52a86077c2d7a3d7db5683e075cae2337eebcc5058b12735c942a2096b2582eff0cfbcbb944dabad019f686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
256ea3a5f0d171d17c9b43cf8af4e7ab

SHA1
a7642463e8ca9653b796be893bff19a54602da79

SHA256
1bbd308ea67cf2e7bb5af6460f291b2d43c7a08f79c875bb732d9ecd7fbcec0a

SHA512
1dec0bb65cd33fd4ec18dafe5d24481ba694159cabbb35b31b49a2f93276f22b482e171b20013f93abe2459919845827d66306d0a8844bd8ab4484449d762e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2866d77a376ec685ab77e475c3464c5b

SHA1
a6299eb4f39d6e26c208ce8068a9a8329eb272d8

SHA256
b57597e18c217b39ad87b2987c3257dd4a76250cbc4b16c035768c76cbbd87d2

SHA512
d6c0522b009dc6888e5e1d983392231b145c30380a4535f15acdddc0b2dd2de7dc3e0420deeb48ccda73f973e0c85767fce9f554b804452c839d9d321736eb5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd7a85d84a3bd817167ccd81308fdbd7

SHA1
4573a31768c4f4c6d1d8d95f38c11202ab587051

SHA256
75e2ec5866067ba0e7ee5f875eb26a3acd7c0220396d0294c7e6b8e9af3f91d7

SHA512
87ed0ad6d8033820119e46b828786b2d61f59af39bd5fa17ec89d6252be2aa2ce0bd91d564ab95f13375efe102da8f97bdc7d7df457c399403ec063682462aae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b559456cb9f58e7957f5f022d7b1690f

SHA1
8fa7fe7d7eacb57301d1a84a3c9c188a860b4ae6

SHA256
8c56e18b2d33d4b034b9412e40d20f25c03d7a71d5e64fed81e72b924fb99fef

SHA512
027439608010a55b21c9273ca2e86def7c2d4251251edbf142b7c8ae142987551ff0fe938de3180531a1c94210ab326ec39a7afebe173e4e17b8ccb8e80c1b7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4821a773a737fb58f861e3ef1e355a32

SHA1
8cf91afe0d95f52871031695ff38864dce11b467

SHA256
c37bfcae24729c218bd573d641795662655fd1c8039caaf8dced895ef5a60048

SHA512
ced1d27bc5fdac0de5f95525a46bb74b2fe40071927a94426b7edce78f58464bfd6282b1e5b7fe6c24b275baa9d311d888e3df72a0cb9bdf7e1434626d14a253

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4027cb1f5875b720408c3393f99c35e

SHA1
06b0dd274ae1b3f48eb61897d855c980b37638d4

SHA256
1e6f51e2bff5671cae2931f3423097a274186f865ef7433a147a07b247cecf4d

SHA512
a45a12979a62524194d0e2724b70bc0e1db5bd37f01be63839604a190411fac8e39998464fcf00ddbd44022420f9cd036f931b0c52a006d2c0c0ff233bc78938

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
827769bdce68c92f28214c6bbb6ca216

SHA1
b2da9a42c626c02b759cf99f3bac24b89d5b02df

SHA256
3b907e36189b5bc0a50ad6e76c864b638dab1f45ea374f356daad3818367f412

SHA512
37d47ebc8b735d0003a590565818f5e151f51abe200ec527459994b24c1eb8336fffa03e444ffac3ee1c577f9b9709dc574b4ae6b30f68177c46b43965cf0d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
333be29eb013df037f70d70c7381e4a4

SHA1
56220dcb5bc4e183a1431fa8a2bb0564b7ddf212

SHA256
e21f0ab1e7f0a0dad2d4bdb210495b3e4fe13e4d6fb388f5d96981648f242786

SHA512
6a7925cd4f96da54b2b61d5a360c32fee7d19ba4a4944e1976b7456cbf99edccc4253f156eeb17634ae7bba6088a248d3b4c78f864b26789f9fa07f93dbf00b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dbcfd6fb8a83d7965f20f3bf27fdf91

SHA1
cbdf104089fecbf550f320fdc9bd0136eb165489

SHA256
d993aa1f200bc1f2e9ee373225155dedaa70ceb0aa6002ced4f200184b1c1b1e

SHA512
94a4a9e1efeb30fe05345c95632007bb6d4fe146ffd51349f690c22d695c229ae97129c59d6aa012fd1e6fb33b72eab3d56d892f32362b80b351b200e67c219e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b23dc6e6a64a17ff9c44a798ff030e2

SHA1
b5e060033d48aca3cc77990e238b74ceb5039ba0

SHA256
9bcd40c2fddc077c5233f97a0388121796bc21233a10a1247ed7917a7be1f1c5

SHA512
d3b60814ef6beba02c9f75f7034611edee3fe5c7122cd9719ae1bab9eb56465e86e7f00082ad90b48cb66aeda16192bc4f13395cccd3164f3b83040197513e5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3c2ee0a3631158fccebdecaddc5e7ab

SHA1
c03b7e5822759b6b1db909c631a956d0aac05edc

SHA256
f84ebbf934c36fa18798d11ced729565fb45f54cbecfe1ce5385279e66f7a13e

SHA512
f2ec60c4e8057bc05b5bd72090f883bfb808d57a2ae881af3c79c8872f8c02e640dc68cd05072da3d7254bc8b97cac1f1de12069064e931f12aedaf7c4576c81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cedb6f1d6b0525b2503bca979defc45a

SHA1
05d5b720451349e94f30f13aa9116908d9888740

SHA256
8a73c378f76990e55e0e5837cfa364a68a3a016ebfbf4986881815f07728a280

SHA512
83e84b886696aa20bd73aa93f4a8baf977500e339309c9f75b45586f42c282ae5ca652febd12429eb7ce2ea368c655fe964abfbbc1aad0014c5e86a63181bb1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4391e5679066acf31d6cd10420108172

SHA1
6be75793e4ad118da89f93c46ee4db3bb588013d

SHA256
4e6a9e1331c534216c5fca40ace618ad2e454af92f292442f97db0020cde66a0

SHA512
7cece3db5a993f6a079e1aade9fe2c99031b5f5faa9921c7801616eafc9769ceb061aedc0f8fafabf02b0a485f20352aa244891b513c5c7f30a9b1f9be2737fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edce8073d1ef78f66254da8103c3b73a

SHA1
ccc564a482300ff59e9ab479be652f93d9937c0c

SHA256
33da03fc07473b14c2de7fd95329b4c3ca6bb9acbb0d1d2a76f7f868da7e6207

SHA512
bf61ddde81c2a9d4e3f7c0cac26b335a11ad75085074f886f863af3e51cc618ecb7ac6824668f80d82ddadf3829419d9c1af0787a53e1f00cc875e43e27dc92a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebdd40b5a00ef5d6537fe74fd97df08c

SHA1
ff2b4d91afcc5b13ced412a038e790793251e91f

SHA256
efccb2901da73748ed53c3c05bb9044a6c79ae83dcf0677bb9c31dce468d0d1f

SHA512
980fa452ee9fffff83ba5aa73c395b68e16bfc0857c633f9cdcf394f9ff41619cdb802dee916dca955b1cddb96fe38635b7fd3a393edb8465b9732711543fb1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91514abcdc08f3b78cecb8c22a6ba0ec

SHA1
3eab277a68b395d2e2483716cf8d15cc2fe90df0

SHA256
a18c1c5c0e3039ff0a58689f62e5cce45ba42c4e88484efc20ae6cce8d841ab8

SHA512
0edff510c5e6921976333cc138bcd251c7fecd94bffe2eef9d6de3bfe8456863b5024e6444949efc8c29f8c7714362c2cfcfc1064ee62caeeaf16e9ba39f330b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E0C.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1E6E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit