13e1f5558773c203a57f0e455a994b7c767a2706dcbc8360581e4ab6b3090b72

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 17:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

c146be84c0fa5650de3c6549a34ece82
SHA1

4c5bd7646389d0658365d751eb09cecc8737610b
SHA256

eebe00e2756a289c0e7643e52038b5dfa89c603af01a797af5bac7fc925120d1
SHA512

0a5dec6598dec56df3b7c0443f42d42abda500c2eb1093a9ff0fdd2c466b1ed8e47120b7e13cb52c2ed452757bc228fd1a0253db6523e32010cba168fc5aba0c
SSDEEP

3072:SDF7J6GsGnYF6gyfkMY+BES09JXAnyrZalI+YQ:SDFEpn0sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422043729"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DBB28861-13AC-11EF-8356-E61A8C993A67} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2556	2156	iexplore.exe	28
PID 2156 wrote to memory of 2556	2156	iexplore.exe	28
PID 2156 wrote to memory of 2556	2156	iexplore.exe	28
PID 2156 wrote to memory of 2556	2156	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddfcbdf01372539aaadcd43088d32e61

SHA1
9395d4ff2a719d6a9d71e9fd222e76ec9dd51a73

SHA256
59994bc4de0dfe91d4d27aaff93c0f86e06e8b03fa060991dc1b0215d3d23f9d

SHA512
dd0f41b13a04006210aa817baf24f62d492edcb0a9f2c51d1772111e0145c6cc9193e48ac527d153e888279f7467bca14e057818cc5eca69622cfe6ac2c21859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb2dec7b4ea99c63d0bf6740c0b6f8f1

SHA1
de50531bf445deb751a3a7bdf882aa9de5fd2e7d

SHA256
2de078fe8f4ba697fff4db769a280ec3d026557205474c98bcbf7e16912c979d

SHA512
42ad4279bd38a382c6ce38ed2bc874f6fae6e2e4c004122a7279e5124b0b3461f6560dca08520f11cb3be12bf4ef4c57b698edc84ee73edee22c8e2ce39ea713

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5e1134f5cb282fa1df49db38f72cc79

SHA1
9417cb2bb1e81ab6c976fe071adc4338d09110d0

SHA256
0e2c01756de2aa8d959a179ee43caa16e55b7f75aa9ee1aeb38be0b3a3e6be84

SHA512
bd98683921c31368a4064a11cdbe02fa679b83358a5b45574e90f1bdff7c0f0ec4c501477db32a69dc898193c98a2771082e88205c8a592da3aa01ce37d447c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c502a4fbcc9013d85d0da7913b4c9b0

SHA1
12b689325528dc10d66c9730fceb3b600198fa51

SHA256
9974b2fcbbd1f9cc25b4f78c4f9865b2517965742468f59bf47f0381204f7acb

SHA512
d7409135760db3d4eba5c5f5cd892b8be5f0bc074c4c9bcd07d53c5f8bcfe67428f65499938c2de5999611d1decd53b3377f0f8d92212c4c7155c799ee866646

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec727600934e4d58aa0d6fd646d802ff

SHA1
3df82f7ba84580294f64034ff5c65a5a59375778

SHA256
7ab64342e107474703e629c72b69fb6b8751194671991efad14d2f3be91618dc

SHA512
f73fb0f5559b4e2dc713e9dd88edf6a149457b96e3eca13e2e49cc1e9dceeed586629f6997febc6d3e792a267e0211aa8628d40249d1aa316c6e84908f9a2192

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdef332365916de4e6b8cdbe9541adeb

SHA1
e7026792df92a1c37161934ac691df8c6005c104

SHA256
5e10cb1d34ca396bb25d037e2b9ca73dd96d048d9d61e619aa54f7d4ecd064fa

SHA512
c24e2723c8d5a9fbb66a71b19c25a7db5663782a231b8926106b0c174e05b34a782b4d25b7694a17816a29110dfd544d953cf778dc32ad7cf193a9f402465a04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d56338f3948db52783f520125f9a5cbc

SHA1
c1718da81d9989c055095a03928121fd2deea1bc

SHA256
fcbfc09624eccfe8ea962a55ae6e989873bac58303e6e7ee28e4c19f1c380281

SHA512
ecf52a8f3e762b18c0dc5bef1fab94509b74a5037a5696edc4aa36ad26b38838fcbfb6bbf1f20aacc9a702b4598ef4df421744d1fc7c773aeeac503178dfa84f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
546a3d768d01191c9abaeae6aa572511

SHA1
792f8597b8495ddc4c6d6d544c2d65b32a97024c

SHA256
c7dd204d01d555a9f39a51c652c04495ed3cad239fe7aaa080aa7e9031d7e29e

SHA512
9db842884dbaddde041d519c654c6e1c2a9a83339d393c12a4deb2f921a74698f1d3eab825d0cca3fde2fa0a6aceb4e3b2828df72a89a3d65c5cbed7ec026a6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
432af169b989c884deb72d5ab990c6fe

SHA1
e91d5c3d0a185960971ea3affa509f5f393ecd90

SHA256
a9d369ab8f1c73c31bf0b383066edf6f49906d38d24891c021f01d2885473e68

SHA512
042df822e8c648a77f4c5aba91e7141912817c34da9e0c4058149175ce0828c70e2e88dfbc5645307ca8407ab5ddac95e420b692619f65923976bfa0629d623f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4b2148641fc308cc09e08be1030a479

SHA1
9fe4b68fbb211e5b8987fcc85cf832e8f0261b21

SHA256
79391e08f17a9e7fea7f56bcc7a6ae19d26b1ea3feabf09bf101284b656e5d48

SHA512
a19b49ff180b9d7a121aa68392664504f42bc84e65a5ec3dacb7e0941e2d1bb9ca8ac745b385d986a9c86659dff75da7cdd2742174e5b5eb63ab115f4bbd7d46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4127586f488e7ff5a35ead883fc66556

SHA1
7d9162fad2cf30e48ab0887ffd090d846894bff8

SHA256
926080d6acd332b4d84ba324720f8aed9e0fcc17c2010f0c03125b63f0bf0347

SHA512
f1c340724a0844e47bba98dcefad2d25699efcd4d89af5389de8a687b45c2a6f51dee959bae191c804087d5ef5bb5fa02edd1e1be75047413cc42a5cebdffb78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
814152886a32d190ef4e6292147e1c48

SHA1
49c032997b48f6901809779d688442368af7701e

SHA256
3d389802a4aec61fa5fe03fdf9b6688dcf0123dbdf1cd14af5e8abb7ab5a745c

SHA512
bd85416301df56772fdc63062e70d0f9acae945df44945732054a9e167081e490d3bcedfd6b69d2f897b2256484cb599d0015d894b835d0f9ced0eeff4ec540d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df05b8478d09f3329545cbc47ef6374b

SHA1
50d65f6ccf06965045976898b15cd842d169db2d

SHA256
63dd1eb6ed7dee6782a67ab68f9ca9ad4e80b70ad46c1666b4f289cf00c1017b

SHA512
f793e1740bcac52767bbdf8be62b3e4ae460931bd53359c4fe7cdd1add37f1623b3695bea820824decacd6068516871c98ecb46dbcfd76097e945400b83deab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d735ba0448636872d580ca0d3cf2804f

SHA1
0bb89ae3329a1499a139513d23b608af6521dce9

SHA256
599d22c227a6f2367d91396a4a9cd32ba884d4759022f9b9d538dcee266502fc

SHA512
98e3a15f837dc429c6adb41af2b60774ac4e89eca22ea7f4170687e39650552bf04fd5ed36624c17207b58cc980f9b1e75b01df47285b668aac3f05a4ea0845a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62b0bba1704da6fa2e78b59e3cec0af2

SHA1
0f162b88ec2e9fa9e81b60261880098f3a77485f

SHA256
4dca4516d1c8e8486ab8fdc377ca57f130995a333d50254dc0cdad7e1b7160a3

SHA512
a7792c25d59e6ff2d2327e84d5cb14233c2f1de688bd580d085dc42992d1384100f914c173067fa4cf615b05b8c82c88b3cf9c083f67d31749ff8a972da3999e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91793481df4347ca5ccfad84dfc059e7

SHA1
4dda7ce808622000825f66eb9f10ba53c35f2397

SHA256
274103feb7c6de44955d23335fb9da31299cbad64befa45d176ac33260e6b210

SHA512
1dd5f5ab499805261f5884c5b195c088d5c3799663d6da6abe5702066e16d1f9091498b56ce270f82ecf5624a690114398e02cdd8a90b8276d2cebf95756b79e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99a0f8eb9bc00fca2b41cdb7e83ac100

SHA1
5d1d791e49520b01daa04364511d4a859f685d99

SHA256
ed0faa8abf25727a9c25fbb6436bfcbedd73938d982806f84db80d26c4c98105

SHA512
d5b44f9d13f26dffaa19d363d1d251e91d191f74f02c064d51925ebf02273bd7d6680df3a72658720807d9c011a58cd06a7190de32f766f338688a607be22df1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f86142e39567e51bc731e987a37c485

SHA1
0b120fc59ead563cb5ffb7834c24643af46e6a4e

SHA256
c851e8b2dc765813c08d9104471f6f0073cf40baa6f93bd2efee1ecde72b6b37

SHA512
eff87acb87458e02a44babd5f6bf336e7f82cde652417d8fd28ef7601f4e642f1fb9baad9f5c6ffc5ab469e23dd287ed293c95fbdc2723f521c315740473fcc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9f7822aef92344af21e65a1adcdf708

SHA1
ae23384b725185a7b8e83baca3811b2801505a2f

SHA256
4f3ff406e57d02a86744ff6d8ffb6e167f818a46846acd06aea91af7cf122ffd

SHA512
88ac0b2ccfcc1d8ff4afd53e8f98f32dc6df2c181126cb706dfb073208366c9d58f6e0c1ffd50434e8948cc77285c104203696ddf02a762895b2a50894d5d771

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEB2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF94.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit