4f1e96272b588f9a91045e1a3a6d571d840dce4306a83b8ffdc061bd96719000

Analysis

max time kernel
135s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

8f5ede2c5701f6ba656ec04b6986161c
SHA1

63a15fa1fe26a0eac5ce1794b84f3d55076d2a76
SHA256

f4dd8b3e8614b7a27b7562a8f60f4636aa2133cb5ac39e508c2d702517bdf68b
SHA512

d8aac383ab1d514dd099d72bb3b368b4d08b38d1e94838fd6fe8c667e246087ed5a50a355543c0a605f8e322da53de765886233776e7a018ba899d18562037f8
SSDEEP

3072:S4S8wMsd4syR+UbgyfkMY+BES09JXAnyrZalI+YQ:SZxRUxsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422019708"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE290B01-1374-11EF-BC57-569FD5A164C1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2104	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2104	iexplore.exe
2104	iexplore.exe
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2624	2104	iexplore.exe	28
PID 2104 wrote to memory of 2624	2104	iexplore.exe	28
PID 2104 wrote to memory of 2624	2104	iexplore.exe	28
PID 2104 wrote to memory of 2624	2104	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33a1e707ce325b7f9a9883308934a518

SHA1
f9101572609d66f3bf13daa21a18ab0436cd2e38

SHA256
da1d14afafedc5b39cca2dda7d61f1d7fdc0bef7724f958c9c554d1795b0ccba

SHA512
b6948262801d8af494f3e0e5648faf0ebe70bf1b6831c319e4af73975f17b32fe140fd14a0f1edf10aadd0a939322c5e6d705342c73e7122b31267951a32a226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5048ae1a3f5b9d400d4b08ef82452327

SHA1
b8aa31bdb5974ef10797d45154664c6f35a7fc95

SHA256
c10e36009e80a71cea86169f360f92bc719b64a6673abcbedb216676e0785b06

SHA512
304d92db66db02bc4e033545a8da6a2ca7a3b30a978e4e438fdc1b658165f0cf07709d1a9b758d51d5675fd77f9e75989e792e2aca08c2f277ebab2a6a67d01f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa27c72f8ab8e8aeb32a81d3fb841a25

SHA1
1a9fcf7866ce7139fc683a692d3f92e54e6b5e16

SHA256
bbcc04e1f5a0da5999dbbd0d72d1f217153db474333f38b1f0330a855300570b

SHA512
4f6ca53aee37dc68537faab5cbc31c71c5ecd10c46a9d6eadf640f11cb84deb770104ad5ee88e408c17fc9490ce0c40353aa64b716aede0db0c71caa819f066e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba37b5ed7a868a61ae3d85c3d6c19846

SHA1
48746437402b626d6b423b226dfc71e77a4d9cd2

SHA256
1f136da873c8b2511b427373aa91b2c43d07cd26bae057642d9af464e0f405ba

SHA512
1399374ca4bff14ec905abd61978bd29715e5fa91a644e39521edf61eba575db15d6b04ca3e3ad3d12380b3ba8c079dc5dd2ffaef7d1b26c35c2286f63fa4f08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
244bed1380d1a98d259b947498e293ee

SHA1
691b488ad9e9717abc7f1be728014755bf992fe4

SHA256
6c00a960da3645988290fdcb9d546491ad410d63920813249151a669b8ac98cb

SHA512
6225a4edbee96d2f952c85810391a07eb6736be5567d4e2e139b1b5371f615b712ea30a465852e34a2fe4f2a4ff7c557597eb630d7e56f12ce5f2c9c1bb75001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62e4f4b07d86efc612f3e8ff6aaca206

SHA1
a74b5a10b50ece92efc53e8563088b2e104f1e51

SHA256
a766b646eaa8b9a9de874b9755b24742d1fa4efac7f643ef2d9c9e0e7f29de65

SHA512
8af4b6df2dd4fb1ac691b699909449744170a019124065a34dfc9b777a3e7ea5ab40c70660ca696b6bbf2a36394958ed9bc6f1ef978a3ea47f5fbfdbc95370f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d658dd6e7921c815ea6db7421cb8ab79

SHA1
99b88f595085b48377e4cc4e4798b980bc3bc6e6

SHA256
f041e720ab2d2e2be7926c3ea55b3ae9c829e4a715fe2d08130c721006521b73

SHA512
808d3af133e896390cccc580a945b44007ff0b5c56a006592387dee9797bd41c4bf8faa0241964239cbcb2149fe9a4fe4187b7694a15417d47dd3048c62f6574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f5113cd31a6d3cc26f35a091b478c0c

SHA1
9d9333423f8d5183c794270121d26ea1e2a05f31

SHA256
da21edffbc8874bbd9052ee2de05751412be7d403b52e54f149d8e9853f677ab

SHA512
adb45f59e8337f09dc115c971b029e88a49a8c5bebdf9cbfe6d2dff3e312a89284ebaf41f71b3edca0f634e64768e0a1e2419fd0fae5826b4da8fcaef079dec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4cfa4b272467d0eda4bca87f0cb37da5

SHA1
626f19e6c81d6bb6860b276af3c07197a71f2a47

SHA256
6abdfc5683f77005982f3e41816d1c7c1bef54567b0899ed217897835b8cdb59

SHA512
71c5a7224c05b6be5c1fb2ee8b87f36957cfd32f416278bd685db4eca3db7dd50a6feccddfd21d78b8e23f101f636d6e6e7c7139aefe4efcaa086e31ec7090cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9192274433bd2dbf1f44776d3a1a556b

SHA1
f296b93fc964e14693a8e5d23eeb278b45c9a482

SHA256
43c57698aa2196eb3fba6cdf7a61191e9476fb87209f24cee81759800f0d51da

SHA512
ae95abd71fb97c6df56020a002d9658359f661f5c4f0637919f3aadbb615efc275d86f92759e241ec51ef89897183700059931c567a124787d5f625c068a7552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bdb1e90240627eddbd8e4ca23252f4c

SHA1
0edce8ec41a1dc8c601133992883331423db35ea

SHA256
abaea17e285a49a97c44b16a325a5ae95529fb96c3edee0d02294ec2e9f1038e

SHA512
5bea4e8c01354d66326333685ee106267565733f1653a5d938ea729fb671dd2495e3a0e35444511caba5a9023776866930159d6c5647def09013b86cad3a3c04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2249b5f852e018639119a25b6037f2e1

SHA1
39e567545f47e62631001490ea172dc591309764

SHA256
0c343a74e0edd2c74513af4ca066939c245e154eea4c1da86b7578538bcb08f9

SHA512
283e78241bcfe90c6531355b04910633c42e06a68e66cfa869efea33e7e9cc5b54505479f1b9d0c24292510663a2dbf8cc4fd9f2fd29ff6bbbef4a15c553652b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a798d5b4abf959cca498ab345a4560be

SHA1
6c8953f9421f35050727bc925c5aece7cfd1f2a3

SHA256
eb3ff2df31ae89f4eee66a7d65cf581dd1a23fed6d8bf765dbf6e80b0aefb3da

SHA512
87c217cf1c380dee4532c1e2017eed3ac3e9f09c85be89a2baac0191fbb8648d150e57c97822921198487988de215930673bafa66f707027d8a753cabf1b0103

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1705fe5eb07cc209ca03a83854423d21

SHA1
1d49c1ba0a02d986c5c014770e30e58aa51c275f

SHA256
17e5f61feda0d748c2a5c0bfd87ca6e156f24fd4231fcc0351065052681d8ec9

SHA512
406eabcfe9067c053263b2440b35aea01ddd98fed4c3fe816dbfb457e19c72fc014434f4a7a3f1286c70349da16e2035a2c62b5057de23e14bafa3b4d9659f69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e6ec9282f4d778ce59e3683b2dcad38

SHA1
16baa6307045573367acf31e61e59cc618990a68

SHA256
f55d7d1b1ec236eb29a9939e30fd9e8769d125e2c065e47f855b82a48f0f2f8b

SHA512
c7e6e61b371a1c2b3fa448f4c4479f6d5d855e65aa32dfb1f44b802cf08de28b5a82b0702e5d6f019c366f1546b17d184763e42b26e6efe8218081139a641aab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea29018f531993fdc4bfac4c24ccfcab

SHA1
111546cabf3a3bf7669b9eb09239815e1ff391ed

SHA256
f8589575c4b60cc51885183b7e5e7b180127d0d1faf0cae1c6b06a1d4cdaa9d9

SHA512
4943be3991028c9d554f190f8e022418a54ea152303946225460f9ea6dff67322425fb714c66963c3758c1638a32c9bb321b604b928a97df7530db4a1a672d90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2036726ea6779276e5546d3b5c0a41b1

SHA1
0de428479dc7091ff10beb29574ba666d0458023

SHA256
f97aa72cd348b0e26939d5476dc05788b9a1fad97f89dc0b2e18536f9f90db89

SHA512
78aa9a6c841423550f7f35fb2978b76a78e9ffdc352a85a285df061e95032d18543e8d7d7f3598828f06b6cff543236616efd9aa59c8421f0d3668fe986cf16c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
845083aef7d1c6ad6996e29364145987

SHA1
4124750a4a73c7da3e9d9d34b58e3251890da9a6

SHA256
44c0a202f0e46bf8379c3cea808c0544556de5074bb4aad72852677fe598237b

SHA512
d375f8af1b4fa1bff664503292864f8e63d124a7afb65086033f97e7b891f14d67857e52ff5bef2b58af08a29b3f274c1a75d7b28abc298317b9b05766f352cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e86bfd0ca9187f30482831d8712b70b9

SHA1
5bc1ad43897b2465bb2003447cc23d974c07c500

SHA256
fcc23754fc2023f2947aaf0376fb1fbeb7714bcf5b9ed80357667c378c783fcf

SHA512
3965c0a8b3bf506345593964bbfd19aeb225081eed23d03704dd43a8529cf999335432f6b9174db47c438a5a646f267cdb33ec62bfe24cf681febd4773cd4a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2648.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2729.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit