792529dc7e5b0a565f9bde734754535e6c17d1a7c1ee2f6e1c37363e6863308e

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

892a678c91a35b5ecfcc103cc1d5dfea
SHA1

5a916658bbacb90a3ea6c5e219493dd5216622a5
SHA256

009ade26253bb0831f75882f61e8492e0e9ec59142420b023503c32c0f3cd46d
SHA512

cee7ed9da85dd4066050cc21340b6e78ab79aa4e91577c28c352c5c7e1bc21ea1dcda248426c32c0e22a1ea2964d4fdeb499d25ed956221bf26ad6c27ba431a9
SSDEEP

3072:S0h365BX5Ju88hS3FLyfkMY+BES09JXAnyrZalI+YQ:S0at5Ju88mksMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A740E91-1308-11EF-815A-6A55B5C6A64E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421973182"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2244	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2244	iexplore.exe
2244	iexplore.exe
1384	IEXPLORE.EXE
1384	IEXPLORE.EXE
1384	IEXPLORE.EXE
1384	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 1384	2244	iexplore.exe	28
PID 2244 wrote to memory of 1384	2244	iexplore.exe	28
PID 2244 wrote to memory of 1384	2244	iexplore.exe	28
PID 2244 wrote to memory of 1384	2244	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59db8703c7bc6e5f3ca8160208d06424

SHA1
a23f0501289faadf5704adbf1b85aa2342ab116c

SHA256
f4f742bae4ccf2d24a4612fb7f98f89abd543cb1148cb5c4cbe51f969be3dd30

SHA512
6df6b0f947e4b3a1f64b9ac995d576752584575927a4da0e181a5874d8f66458f658c51d82832a8e56416fc6e1991f1a36d74a7ef2bb51ec726ea5f62142e013

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12abb5a2eb2c84008a24dd24c8559fc7

SHA1
cd33f3769bef699fbdf0b3cdf042748bea07633c

SHA256
c079d9be9962205d11a6b6367cce5dc68a7280d49579f05c33051c866786c098

SHA512
c3f09e69a7654f92ac91c5dcf2a60fff6bf383cb6256d0f3be9f5791ada9e8445cba6afe577329a0bd671965dbb4b1ded4bd45886a41a29f3dfec494697f9774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f8c230c849ca1bb74e4617ae9442aa3

SHA1
1e184211c0e7419eaa3ff297ef1b2c7317a0c11b

SHA256
ba33edc9bd56772e9c72d41af5291f34fab6313e4087edd6b5e7365fc9ed2cc6

SHA512
151277e5320fe0687cda81c6e055bcd5c85e141e75c9603514df863d5055a795cc6d8cde2ed182be8c0bc231d2e20ea0aa9c244daa7c3dec7225063de2fe66d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb0f23089201ee57b9fa44a06ac2972e

SHA1
9e6ad803f3ea18b90220c12d7716976e4a817f34

SHA256
9ae34de4b5c8f3b1a082c74a13fab832d3cd4f6017f67ae8f6f5a434515e62de

SHA512
bf053bebd46d2d2879d17851aab7011a21bfef523bbab3e646626c5e58d9ea94ac8ed2be167d0101a6a1b86334b6b71b2a71d013cc91971a7eaabc313ff8a683

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
def218b010603b67e90420a76898af7f

SHA1
173059448a8f4d65701aea67bed574f45f7bd617

SHA256
e58404d009a6dd99aa7a7e39c8790e033006a10f00881a9002ecab613805d85a

SHA512
b3597230ffc5d3fa1c90539a2f071e957c855f9f4316e7a90980450a478b14ca1a84908af96e4a6948c8736a417f2cf626c2b9eedab7600ea293851f3172896b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48e8fca8ba2e9813d7b2c41c25478008

SHA1
adbaac606f0410bbd9bde635ac9f087966614dc0

SHA256
08b332bb3311a9babe999d49a36673a0833ddd0f4c8654f6597bcdb4d4e87230

SHA512
cd888030e054dc608c0f59f428683ae918ab815d8df1e5ef7868d2e11419fb207670a37fa331c2fbc08284e7cf4cbdb7273bb2a76f5e4d665f1a30951b2aefd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f65f1888667663a220661c7b85d0c30

SHA1
804f6a8e459b9088fd24633d0c7c28c695ce184f

SHA256
bc9bc3d0c013f14ea002ea5c6531d9efd9a73ae32d2d553e693c7e7eea1076db

SHA512
1323c2838d2de56d707de8d0cf70ec034cb7008b224532b3f8ab92e83a58175ad6f20a770a3156077f180406db048192576f9952e324bbfd176b2bf59a52d7ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b290e384eced9a9289473b094c2edad

SHA1
ba5a83e564cdb08f3a929771fa834b54e541a973

SHA256
ec379cadd0a6e307aa8020f382b84be99a7ec7944786ec9a2affda39f646bb26

SHA512
4a493c153e3e0817bb428972ef1046d5fe1903858407fbad24c262682b94a6c344e5e78ab759025e3bc55acfab1d58217eced97b569da365e26d8cc0452b7114

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36e6674bed6b29004994bfcf640fff6c

SHA1
d8a585c92a26c97fffbf15870e5f332463235edb

SHA256
ba8138e0b8b7de7a240376fcef030b3204a8d155448e545c0ea81dba383b8ef8

SHA512
50e31345554afdcee38c56432f246c2918fb47321976b3a822f8f93b173bd1579855f8162398b76cb91832b17c38e9e573a3cd074719796654a9d6cb0e5f822d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30d44fdecbf9baff2b7d712a8539054b

SHA1
51eaf497eff6deedc0b8cdd95ee2ec08d7f5f396

SHA256
64a0599a81e502ef79c3c1c67d15c13b1d1f6b7ff5be8415b905993756475d69

SHA512
07f45d9d48e2df9579c5792fe9c31c37a989109b80b7c7b51b5b4af6525eccfa4472ef4b99e5f11dfeecc137c00862f603778d6e8e53eea04b5527ef33c4b7d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1356fbb4340256178933fa3c392eb964

SHA1
1fa31aa87e51a3eb2ef89c226421e8d7893725d0

SHA256
f4cb747ff11ad29744107cfe8b2f001c03fc5988c9854c61ec1752f7d970323f

SHA512
6bab6bd324b4adac09dbf778d14cc92e5ca5bd294792b086088b49b69dd3e6a4089065016d984155263949f0629b4f03b4831e727b05bb55e56c8bc93a9a0f5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3611efbe9173f08cc07b38ca48c22ee6

SHA1
18f204404a6dba7b7b9d02e2c127e2453596ae32

SHA256
9f831a206e355a0e2cd0f899a5e0c71613828b1d1fd10b7d9a95cf6e25aba8ec

SHA512
e6fb8273c58d9fa2f662047de154dd2432cf8f006c018322bf238652cdf5d20db758e82a860c4e975fd20fc6e1bda3a7e73f62360bc4207114a1bef1e0a8b2f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d7059434599aa81099db93102d25cda

SHA1
a46d800aa002a014668d6262150387e487983f42

SHA256
0e0822699b70c9bc42b1a7088d02768593a4c621dc13e306fa871e77976c3306

SHA512
997692fd31dfff6c7571f986dbec4c6361ead9c883c080e8d9f5141b3e25439c421325a68db1c3ee2a0083d651a438bdcb3810d5adc97f9ba8f3b4cdfbe5d485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2e932421088a75ef7aa7486fd5a6d8a

SHA1
8a7c4b2e6be5f7f3d67bbe26a5330060d9e6b93e

SHA256
237cdc5cfbd7a10411c9293dfe83d122e552e26b3fb10f970438092a2bd389c0

SHA512
6ffd1698de9d5993c72d9fb8892911823b6842ee2551718eb13c072ef6af19d0e2ffc06474776d1172d3e680dafac902501b279ff1a02e0e307183bced670eeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa29f2925a6f148b154ec039ac255d53

SHA1
ca710e720f3615297ccb77e4673a4ef918c2b6d0

SHA256
1345a6e4769d2b7deea4f471e0e18938b603066a7d384ec8f3ee4c65a3954a0a

SHA512
6acd3d070acf9d74a6d38f865bd077b45c0c907298334a50c1ce56da79b97dfd5f1044701977ac00837ff356071c7f3059469b7e6a156bf6c346f560c625197f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5145fd45527f441186c6e8f9940d04bf

SHA1
b6572b62bafd7d6df4647014d0969487fd6530a3

SHA256
1e73c4c495d3beac2de56ab88571033b972a0cae6937869921782ca4bdb1a40f

SHA512
ffa5d389db1a03b5d0e198d53f4e0013a513f7b8400b425241d76630bbe19bdae03d128e184e8b97df9d61d93d8f5cf2f912d961836a3d8290c4cb94c41c0ee0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afdf030089bbbab416cb1650067bfe53

SHA1
57ec1c21689510546a335edef9e40dff03b1466a

SHA256
cc91f0715efb98ba4859f7357b9af95fc3bc66ebb1376d8eddcb694093fd3a46

SHA512
764a7ddeeb9a2758439430767556d6ce36ed21c4d1a531954da51c36a028d473b2642c6ee71c9fe7c3cab0397b851ea9eb0d94a13e244612eca31f7e9bbcb123

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0afc7b34e918c964ac3f030cc2a11fa6

SHA1
11edeccab6bd2f8d40d7ff9a782eb6bd79723c29

SHA256
94fc37c6ad3ce218319570e63e3616ee6429a86a0c1befb5a3ba90e5d235f18e

SHA512
24b49e4ea368b33cc33512086c3c4345cd2c55b9a7a1b105c7bc86cfd0a02afa7d9177c573fd37f3a38d753afe5cee3440c57e913a8f5f2a52342b57411b3ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1FE2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar20B5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit