041cc2e3a68e1b31eb91aead65ab8794aeb4b5b8b1dec94e95d2884cab6c1702

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 04:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

63ae73ef4b7e06fc0a4cd53f0e067ca7
SHA1

fffb34dd113b1de9235f515ed46450e0fa5fb71c
SHA256

20fd7991d17957cd866766b67be7b4d10e0bb29e3d78fe9a16c941936cc5765c
SHA512

e9ca079c5d0ee7a71249322978ef61f48f5b0d55a96c84ad2fe982de4ac996f4e3bf35013096f5edef5b27fc879619de78fb310d84b79228878895df9c09898e
SSDEEP

3072:SRk1CV5pGCflWmdkEyfkMY+BES09JXAnyrZalI+YQ:SRBwElpgsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{43E39311-1660-11EF-AE27-76C100907C10} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422340686"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1752	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1752	iexplore.exe
1752	iexplore.exe
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2480	1752	iexplore.exe	28
PID 1752 wrote to memory of 2480	1752	iexplore.exe	28
PID 1752 wrote to memory of 2480	1752	iexplore.exe	28
PID 1752 wrote to memory of 2480	1752	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9b0222497546e4690fe5c51c335ff0f

SHA1
92cca86f202509a8b9527189b760955cf0d864dd

SHA256
af42b60c18428ceb72bd9281898405d8b3924c736f853e368d71a09c3090b07f

SHA512
1e0e2910f4e36b77eba61d3415d3aacbe9425ccc83b3eb1920734b1da5f8975df94b55bb9e88f65b52a038393f854b9db31954d78753509a077c48fed27a8165

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f2f99c4f85933009ce56693378b3908

SHA1
e35b13f817ecd66047c67361ccfdbaf807cab568

SHA256
e31f7a16fcef18ccac200125d5eaf15ea8cb156ba4ed2d7753e77a94c66453e6

SHA512
36f9780a04777fa04b14895950784ccd803fd2e94b4c05c5aae27bd7ff12bc127752fe67b11dfc1f978c8d4e804a0560d3d41851673bded09ccdad828ccd510c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b87c4f5073d40bfaac0e4e7a94ffd51b

SHA1
c63cfaa7894ed28a7e1894f6abbb46c35ca85073

SHA256
b2f842b315e547b3eae3e2b48373b8c4e9aa74b14b96bae717640ca247b3d945

SHA512
60a1e15a2295abe6662a49fba331bd0ff1243e76d52e9830217262169dde648cca2f7ee6133de7e995d887e16d7d9fad955c194aad20394084d1fe2c0f2bab9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ac957738d823033664b3c6b0b99879e

SHA1
e3563e3d5d9b18dba08cf7f60dc173b7bef3a6c5

SHA256
9faca0f0b9aff7893529981c2cb1b01a4abc5bb12a24e1cafaf60dc6ab5cf060

SHA512
311fde7ea755af522ff6da9be46191083cd30932cd6d1ffabb4507cf86f80e3a92ba5482fe9625d214fd67d252c25d2a7bc10569595732b952cda7390d8e8264

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
038e2c58d018fc22de3cfe7a965483c2

SHA1
6fced0c1b0a4a2425d75fdcf05a42cc5c277ddd1

SHA256
bd003de8df45dd884919df4e13f0993146d0751cdaccc624d9d6c78417d038a0

SHA512
ad27c19e8a19d8eb76055e2c6e5749913387e9d36029e1ba71f2612727820ee8b1879116d82acad9116176443b0f13a94432766ae979bde59ec13567b60da121

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9f213696ce8a21dfa6b5a33e26d3262

SHA1
76bcd10ddec91d6710918944d3cea2a701b7646e

SHA256
29e41fa36bfef67ff0eeafdb7aa733a7d55101d9f0db79f622b4555bf507f5b4

SHA512
db330af857edd4b05ddf4bdb052775f0ea4abd45b91054c12807e397adafb318eeaa945bcd477cb057bf86134c1078e0916f06c8bd4263f5e3e93ef4f47ae3af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f30061841637b195f63bdef48905ee1b

SHA1
0445b5ff239129ef6e6153e48ff68005cc35d50e

SHA256
de24f3a2d054c5ac46223f537eacba04f63e37d05d3cd42fbff57959ffa99b1f

SHA512
336979d004141406e8426774bc4ad68beabc958d83af8907447360a1c7a7a98c8428c31884b55b57a4e637f3fb2f6fde8724bc7a3bfb1ac55a46e6c710648719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
934d1e8544b924fdeeba7b024bdc63b3

SHA1
83e3a5cd436f4e4f2bf672a5545cdeedf02421a2

SHA256
1aaafc5e23f97914fc64db567091590097249b033fda9dc7d64028d2c80643a2

SHA512
49beeb0de68c5d593299cb03aa70878adb6aff5ebb248ca30a9b5af42e4386b146eff42353c9f859b54c4f04649c6e320d3fb565e46f5e54acdad996dff6a068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62572842e96fe1cb2b552e2bedc0c153

SHA1
198aef360549e6c7959219d21608058ab6fbe72d

SHA256
793da8b20e0c22d723efc1dd1c9fdafd8d11e466677c6463f15af34a8af7508b

SHA512
650ed717c544a91910d351f633adb0cb4e4ad8e364153a576c5fad9c6fdb68d89a8865cd67fe08e52fe97229150b028e48616c117ddd310108851bba6dd115d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f1b8ea4b7a784a621e6c0a06cbdcceb

SHA1
e7a52fbe230a7b0733e6fd19c81cb1b48ef7ab04

SHA256
3ebc2a75fce7d3813104599fde9fdab96628cbf61193c4eb04cfa77ab5a51a3a

SHA512
31c020637daed822657d6b17883ce278d9c05b75dafc60ed8cd0d781a81c0fb3b136d737934b30141be89a4b094f92ab95c934667016c781fe73245229f232fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB18.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB7B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit