36f158c9a63cafeb3817c82b118dcc2a78e51b5f994fe9e069a9af8b74a309cb

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 18:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

b772c91556d502e4e20c689a8a1b2d80
SHA1

2db8e60db63b0aadf54fcdff5146da013d996325
SHA256

6d61751c510444aefa5b383cbb575f01319b7d814bbdb449716d418d6b4d4d21
SHA512

c031d240d25a5f24c68bbf5c2ced680e000cc998798a5d0a3c80311a0c022b15380d63e9c56930b8e2da2669ae540d021d7f59badae46d6de9752eb2bed83cb4
SSDEEP

3072:S/OYwoNplGhyfkMY+BES09JXAnyrZalI+YQ:S/1oksMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{84333E21-16D3-11EF-A5E3-DA219DA76A91} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422390185"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2008	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2008	iexplore.exe
2008	iexplore.exe
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 3060	2008	iexplore.exe	28
PID 2008 wrote to memory of 3060	2008	iexplore.exe	28
PID 2008 wrote to memory of 3060	2008	iexplore.exe	28
PID 2008 wrote to memory of 3060	2008	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
653d307e9b05894c421d177afcb2163e

SHA1
0e53dbb47a43aaa6ac1c778673b945329b0b2a60

SHA256
d421aa281b7fa96f851f0b2a4160ea8c0f78c8f014ca844bd77972e70e9dc391

SHA512
281fb60fc26a73c088bebf89b1a0958d59bdc755081e456deafd92328fc6d5d22739e7d30bc270e74374cdf3eda0a747d6b32daa7be346ce54e77d503fae8755

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acacd64bbc128aff338cb4d28f5c77fc

SHA1
5e58f4fa9e0a8876c58ed2d8cfb9294fa4b4f588

SHA256
ca2f13d3df81f15ef2966a5eb5d9b0964c7145ab6ca673fb1e66385da989ba2b

SHA512
ef94acbacbcad57941163ff4b0a9b4afc17eb27a87dfcd30d7d7b5a78498059d5a032522759314fed83eb99c4154bbb0122f382a16cb3462658887a62105820b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a24d2e413a0495a2817b6ee38e5baba

SHA1
f54c70d485928dc1f0734c7811953f2eafee9798

SHA256
3a0a203c41e7dc1a49a9c381fa3a0de992772685fd48910fcb7d458343a92395

SHA512
c77940d91e751c28a4380363038f7c24f9648f14b6f28239f2328581e755a742ef2d6cc63e561bee1b5936a534fe3822b5cc56b0cda33af7b8a5d200bea0efe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc1b225d5c8701a4832ed5018dd5e627

SHA1
533854dd983bfe7ff2ef49e5495c5d91a0a88fd9

SHA256
c4965d77ea70b18380f16944eaebfedafffbee9b3f13dc0a9834f9875d58e185

SHA512
89294065712520baf3ec85d60bada31db5cb24eeaad1f0a8fb196369086c41edcad55777c4ea3eb5a13e05251915d5955c79f101a5c11a196a39c59b072e7db7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
489aa9f5675ff0b8c4a74fc0e49236f0

SHA1
dda2e60c9463addf8a6592bba24da210a90492fd

SHA256
0c58353a0423e360298482c537d95f4426b9fc77a0c7e88b183b47e3a0311bed

SHA512
e60f3ddcafaf682dc19dd42af787b59fa708bf76bbc2b990c1efcf4ddacd3a75586346e6a14288fde9dad82983314b19bbfb8068be99927ebc34b436edefd03a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10537a0f1265107d903939566e826947

SHA1
ee45775a6354f49e9c352f67deadbb2bb1432c0e

SHA256
40ac6e89260230cadec51d804ac3b7dd4c6ed4415175a3a173860577e1267c87

SHA512
6741bc91f6ecb17b874a111f52717d04730218d068eacd470cf52496acd8c50af7959231274992ab979022244a127a5072562bbd0ca2ee21129f4e653b2b675e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
075b2acc8285b7b478a19a85ef1a307c

SHA1
4e2a4b824f665b1670a5f8db021d1d9796e55372

SHA256
73c34dea43d8bfb96fb96162dc37b6d5c889da22181f6a0ccea805e738c789de

SHA512
f0727a35e050fac1aca8c63d5f2c0da10ffc159581e06ceca94c3391ccdd61fea9cb69807555cb53f246b618dc5c31be714329593a541df6a372cf1422e2c729

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
880be72c28c12937e439f886a0541a88

SHA1
01bb8276b7900900d0e7a5273af364dc286e94cf

SHA256
31576e7d3b10849e83c7359abd84bb1f49f51fc4cb77ed5d9451826b9c27ee3e

SHA512
1d30a91664bc630643380e9d71ff7af954ceeb9f8065ccb3a2b21b8844aa00a3d60786fd079716eb7e95bc90ce7049b785aefd9d5427cf24e684c055e444def7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e932488576f8e1393cb1dd408a7fab5

SHA1
7a42cedc1c6f1820b762fc3f2cfb6112e66706bb

SHA256
67d0c1d980d71355e4dac43e2c01c83d84562f7d58549fcf3bb3bf7de7406ee8

SHA512
5670a98550a3f656e2ae15f5815775ca07112fdffbe3aa44692437e7c2915d4c39ad830f3549fc39245265fbddec6a23b6fe31380ce0b8d6f8a0132628e96f31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8f0702e7cf0a131dcb0f6c76e09d959

SHA1
6d04bfabaea37d19201364b90ac62a6d3e81b543

SHA256
da739a68f0fcaa18b1bf37092e44cb04bee0225d279c02c527c28a38377c5313

SHA512
4440fd29ee4ebb13b2541fa699546c65aa7357a311495952c8bb707ae2ca7d0a5672014c5485b3f1abd395791868a91038a01d4f8262d0093b45c4b9a6f45e4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ac83fa215feee8d34e7d2c6b6006cc0

SHA1
a1486fee7935c3343d2bdb4fe061180b1bd4649a

SHA256
2cb6b136b7fa4ef13d757b25407c78f3ddbaee91f3d5c2f2358ed3adf17a1743

SHA512
1abe6372487cf9221819da7e8adea7bfd8f5f30e8689ba7b4807b3420854f913131d815e76c9d970fdeb6cc7c091a95c9c8e601b12c0df7873bee9f99ba3f956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8829fdbd9ba576ebbbbf22c34d8372d5

SHA1
76511a6cf0916e63c809e97d7532ab69b3eb6724

SHA256
79f6c56368c8cdc2f1c28484074cc0b7b7d0263747cc47db2c3c76487fc8ba71

SHA512
2872c6cda1d656e5c593bd09b904e653b61703c0071d60e5232d3f7058ff95e753a0cd076c5b32a5d1c2b13eefbf5bb17568cf7c528d8e3817ab287616380d37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e41efbef59eb2aad87faae29b4857537

SHA1
83f988f458b66348612d46fef0ad6335a531be6c

SHA256
0c5715d819035fbf289b8ddc7e2849fae9ea89e6319ebf2a9012b816b06e2a72

SHA512
9fa22f9e6f98f486265e863cfbc91339c695cddfdb4ee013dc0d9428feff1a65a5e718d7828bc94d28b59384d4af304540fba9985f7846c917c2cb8d38bb2cc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8dded2d36a502d744ee19ed190e3c68

SHA1
186232436bfc52f929e3ace061945226d38a54b5

SHA256
3676f5096acb1015e53479097258e48bb6e4d8734c08d5a9949b9fb157a115a9

SHA512
099f41bd6446fedd6d52f23b663b546bd85f61ec139ca8bb1292ad66d73ff896918d18922be859c96c9b3fa3e6c796c9d7543f941297516374a49022d2e5ca32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21b4a66cc32051874f607080220c0822

SHA1
08482dce73563458a2f1d3474028aec0bbb3b3db

SHA256
fe30d7191fa94d718902ec937dcab1a16ae94c5a466c222585bb2b80e17edcf8

SHA512
be518e41884319032c2659c5da73bcd921ad445f71f008e421e6c624a17eaa5e44107ffbd1e66ede3c3d9f20145f9ed63a4f68b960fed4183612725ef6c502f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
876e20811b5ecb66f0d5357af4b1de4c

SHA1
6d57648a7e674ec72c9a342ce666fd92ae96ef2b

SHA256
8d9214dafc79a8be87587f4fbaf437ba89b2219cca8c8fca7ed057758861b5b3

SHA512
54f12755d81fe648606d7dffb5587cb8ffec88dd4a12f924ea802226f24c179be8b1385e555f4fc9c1ae08096f9eb714e32925ab29a61e98e87b02fabb81ede3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
874d3078621f0051696184478e0fdbe1

SHA1
2d5ef6d5f6dc8c13f59c68975c68ea8d9392b779

SHA256
de5cfcd16acaaf084f0940259610e8026039f09ff2d3d086e4754b915ff84b56

SHA512
4ec059072bfa5d01b33225603eb447469608410f46bee0c95c38923b0e6901a15cd84563eac3fed801b01711c503bcb78913a403f6660d2abef231a64a265df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEB1.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF13.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit