2ce49fd76cd612dccbfd5cc704e56e3cd2bcbe220c2e82f88a387684ca090a59

Analysis

max time kernel
134s
max time network
140s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

72eee656596ac4d741201f52ff841aaa
SHA1

0edb28f1434c30c3d9b4bfbe373b9dc3985da1d9
SHA256

cb269da17428eb6653f8088d373a156145945e2bec0b0774ee96dc27f42689e4
SHA512

6536d0b6a58422d7a12b41dc15f149edf09058688780641730c98b57a2dd43326ec6df2d10ce34a1d5f96196172d4f55d33a4549da0637d244757951733bef37
SSDEEP

3072:Swol050LTPwyfkMY+BES09JXAnyrZalI+YQ:SwrgtsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422352200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{12CD0FC1-167B-11EF-8F47-7A4B76010719} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1700	iexplore.exe
1700	iexplore.exe
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2996	1700	iexplore.exe	28
PID 1700 wrote to memory of 2996	1700	iexplore.exe	28
PID 1700 wrote to memory of 2996	1700	iexplore.exe	28
PID 1700 wrote to memory of 2996	1700	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b02e029b912868618e7d6b95edf6332d

SHA1
bac96d145cf037e19e0d946fb57b1e9ac74f186b

SHA256
c30ec71b628f727e78c888b30063dfada04a7ddcc0b4198b3d026078f8dbdeae

SHA512
1594bb10ecdfe3692974963aa33ea9e2c4707aed2a664e6054b04dbef9abc9957690219a0dd859a0b06903720a0b137d1b8af8c36030488fa90aef10307b653a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05b5d1acff1e9db407127957c2d751cf

SHA1
62bd7d898714a41a4cece7eb0dacfe65c2960bb0

SHA256
25e3dd4efdc71c04794a49181cc3764b4e72d92d3cfb8306af74a079bb38302d

SHA512
db0fd635ba68f438d8d53c84bc9e37aac9e7f796eae1cfef94cd241c54d43f172ffa86c8affb9e875a719b9abcf9749211cfcbacd9272ff87651d238a68ff2e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e180cb0c644b85ff8213a720d6a7c5a0

SHA1
f236ab14e617118aba0353fec8fb0369166a7acc

SHA256
a0fd183621cbda7da85778e01e9f96ca16d48e4cca655f7f604adec69094de51

SHA512
3f151c1e5e1acad8a1d534731a7ae42d63e87d775b23a9d1982e4d2821c7ee17bf040ec247f1ff7a1dfce1101ca6d568355e1747b174c783f8461d9697887472

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e89e8658b282f018e6a61fe86dc45718

SHA1
b5b7699a4d6790bef2011e1db00f921fe0f3fe11

SHA256
3e9b1a63572ef8a16c3f91df94d40edc602419428f45b7a48c94e94eec98f5ad

SHA512
98f270d7ac97f9a3b18498b15dd58e43154bb85e34c7afa00a0216ea01ae6b45a832419f87d3d88b794ed51590447543600ae37d94aa1edf919a2cca2e51c9c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b054bb823241e3af0b2e9ff6797486a1

SHA1
9dc06ef97c58b20c2bcc82991bce6c8a00569aba

SHA256
dbb8168f645fbbd106ff132206b942820b40888a1a3a5fbd5998ce4a1c4eb48d

SHA512
9322d1e0662fe7985788a92279d8248f8ff7f19365b2d198795db7b7eead0e776d4a168b6f1682f6fc4b95658a60ceb444680fd62152621b10582a4d814414c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00bb5cf3cc3169c11aef7130065cc592

SHA1
856d943756c4980e89eff25e3203903022d83778

SHA256
be98614f94d1cf1c38409111825089fd5596904e373b25a9bb31c5ad2cd57f38

SHA512
b7c173306d34a9413d6c86901e4262e606cc621e9fb0fb37666fa517ae4e347b1f107cf824bc3c198c695b7d629c7bcbb6e3f6c2d4caa2b301857a5b563bfa71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0cf7ba661d5782e1194ab5aee156f6b

SHA1
b4b38ad51d41a68b29f70f8d142818195a68bec4

SHA256
20bdfc502789c634ecf5c940ca13a6816b25f3a3bb88cd748f3350b9aea58e0a

SHA512
4a4f5596ea65371d8544968158bbb7a78886fc74ebad2f7c1be2d9a6de41374884da0daf4e3c513627919bb444061dcc7aca07cd42afcefa1380f7b421131c61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2e20237f912978f1a1e26a3b5c405a6

SHA1
6bffea9d0a7b7b5287cd7174307b192bd98c1993

SHA256
13012b7428839755b5a1490e2f835ec68ce6ce370aac293e5befe69c3e492ab7

SHA512
549225672bb35c40017ad5f169c7c92f8762205f71abc78b0825c4e2807628ca5fa51e3b21ae8c49fa1adb5910e832999ffce3bbfc6d4dd7c78c0cfcdfc26798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a7ed542d2b5c5f78f5f4c628744f77c

SHA1
c62d3240c531da6bc39663d8f640ad3a09ee1415

SHA256
1bc03d377120a10a5f3cd540d0481a668256c4f6876a0d224ad58ed3659dc37c

SHA512
b0ad62044b84c22c796d582870ed71a26e445c94381782e5fec02520ac5f918aa6654f8191381e8da62517548c56c35506e228e79e9a28d00f74e7df911c1a7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
883b075c977fb538da572b341caf482d

SHA1
8011719cddebf95c59dc11560bc655640aca621f

SHA256
ab0d23397ca7ac10d6be81bc442892f9ae52872a2c66d7933a7f9277c00692c6

SHA512
359bdfcad7e1a5858a9c1576491300d2530174b6ccc714b3fa37f0b16ea2e871fa2f232da013ef554871a1f3e5a767602282158a2878e472dc69021c49451806

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
390e731b51ee5821698e369eb980787d

SHA1
3dd1ddbf5fef8991b2a7fdfe1e728d059fa69b97

SHA256
c9d4b93d8b139d5cee241abf9da602117a1a1c9b401bca15c7cf8f84cb554285

SHA512
1abd8994d004e49f76e11bba78fc1012415f08d10f3b50b923accbf82312b251ab73277a4b2201962d62c26bd2f17be8bc572dfd7d0c22376051f6330f8646d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9370cfd69e882481b14b78dbf4e93846

SHA1
8426df58e07bebcaaaabae393fcb5d086e083022

SHA256
54e7c513ac9ecceee5a4acc4d66e17aa6f38a6108a53bffcd4e5884fd39053d0

SHA512
3a3dd28e0db3a1411258a4c5a187655eb691677a7acce62ba8fe1c34290addc3864f6727e72518c3d68728b47b0121cd5360d63b881ee42d7cea9b88629cd432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbe802aea98a93f326664674334d632b

SHA1
183ff97c7ec9d3c76a2f87fb249475deb64da71e

SHA256
0c6717cc7e38952cdb792f04fee1d7ae704b0fc78b0d5f75bacef00508845e39

SHA512
6bac7dcdaeda92a4e02ab2bde6f04fdbfa8868a17274cf6e101cb462cf6ded0ceb147a6c8a733eff354014a8cafe5cf0988d2105538673c18c5b708929a3621d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a0f3e54c8414bb87e59acbb38421d1a

SHA1
b7f6f9de67cac9bcd01ba49a7367f893faba6198

SHA256
d98e2974041d20950a10ff38d64d3afcb22e529a62b335e9ee85cbfc520784fe

SHA512
0fa613a1944af7abac85d946ad9633b8a5b34f9407225de11ff3af3bfb1addb8064e4b1161bd0e6a6b53178a938da5bb689fd338985883635a34b958671acb9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8c4ffe1ce1888288150812e16039bdd

SHA1
6534014958a02dd915256a61773c46b9f7e4bfd0

SHA256
79191651de397c90ab1ca43a7e9b56c7d714741327e49a0ba1b3c9f0d3bc5fb9

SHA512
b449ca5724dac3ec54a7d066a9d0cd364f5340695e7dcfef9d6ba315d8d6ce5c72c9a640e53ba7e6fcc60b0283830a344e3c83e29093b962d9feba84bbd85a33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25ec6d587051955f14e2a4b44c087f7f

SHA1
c373cd02b4efbea3c85e85431208008556a7ecfe

SHA256
680936b8fcdf0fdfec08320bf9e7153f389bb4f25ac5f77b3b740e767e39bc1a

SHA512
23eebfaa897a04cf28a55ed4bafe17b62359d884e44e5d643dbe969f576bcc42e88586906062489fc3fcf5e442c97a8ebf8de1c2ae2c65a1b9bac621011e4fd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ab568f766c19f0f7fc4f2916ed86b6d

SHA1
4c8c16ecb0054b88531ebc33efa5b35276de6e8e

SHA256
57946f5caf1b9f8dfee5e9fae292009ea6a0bb7e30d447cfd0fc4d3531e70050

SHA512
a05c756f34ab34b3c364174e58619309808deef949dd875125be31731ba00619d1c83a88c2eadd6f2eaa682230803c5bf31ccc8655ecb3984fa959c960eccc4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b4239a944331819dd8d54fda062fc08

SHA1
8f6b1a02063047a81b09395825a22c2d8c3cff7e

SHA256
eccdcbdac10b1dbc9dce6203debdb210ff0959a17697fec84bc3c6a4ca88aa5b

SHA512
9211bff6c280f66c000424d0f1c318eb9306143b77261a29fec77b604e16502140f33900b270be3f0b375d0afaae801073d28c8b22ecbbeeddf5dbc9d6327e48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f70bec68e13cece64c2d9e8b45f9ca86

SHA1
c880684e855d8923eccdf992616eac3d9c637dbf

SHA256
5123f164b3cf25bf2b83be3b0441d799ce6bbeabc9fdca8d540120bff5a9dbda

SHA512
133efca34d12000214f3302c0a82d5a7022008b61d6798dadbe75dd588ef2fe8075a866db97075f455efc953e8d475ef2ef3ab8182bcbc9af06c9ac3eb1a0dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1BBD.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C2E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit