131872a2276738f6ab7c02b199c9ac9c25c42363ce58a252968cad5ee6d99823

Analysis

max time kernel
137s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 04:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

a89d3a375bd97820a4233cd92d7353e4
SHA1

61773ac97155f2ec31ebc322807e1cb40c606016
SHA256

6441ac4a51957eb4a23cb86663e04aed58c6e7e432e5575436ad00209457bf87
SHA512

ad9f4d86f14cdb4e8630db99e796300896e5823a9c75706f919993f77cdf316f836a15f6828bc84e3c3d8ec45c3d12870ed1d62af65930024ce91a8531ab2158
SSDEEP

3072:S0HPmCyirePgyfkMY+BES09JXAnyrZalI+YQ:S0MfdsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{26009331-1727-11EF-BCB4-4AADDC6219DF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422426107"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2216	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2216	iexplore.exe
2216	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 3024	2216	iexplore.exe	28
PID 2216 wrote to memory of 3024	2216	iexplore.exe	28
PID 2216 wrote to memory of 3024	2216	iexplore.exe	28
PID 2216 wrote to memory of 3024	2216	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c72cf40ca4d764cb8447146b1a7a8580

SHA1
595a4e8ad04e4b43919ed2513f8e5eccc3a244e7

SHA256
766fff47597be0ae4437cf9cc324c92e7b35beb4f32b96fb093a4a12e3238087

SHA512
294fd19527ad09b89e5c6bd9e68f0bbb876f3ee44fb8f428224f8c6e85896892a3785d275f8d419ee60e1454768e08340a164e2e623afae1324a772109cae853

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
179693191c693cf4cb6baa27cdca36c3

SHA1
3882acf03b74bfc1ac63e0105ca5c885382aef97

SHA256
5be3226548b9997822e77df6cbf14e53153db8b998b2e8304b0e9581a38d5fdf

SHA512
bdb210059fe07afa099034226f2edd80f47c43f964d60ae69c89713def544e89d50be15b490c10680703c27fb8ecbc528e00668de4e3be093ebf68846b586a2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af6be54a5648419bf3c797dfb88ed5b4

SHA1
2f466f2743bde3e2d194c368b45032f0cc0dc4f3

SHA256
c9371c9754926f63f5ecd947a14f79d6be7a987db80e18ecf99264d013058e09

SHA512
a06440d354df499dc134f2a2227111ccca55f9b4e2bdba2f66c3f16ae6264271ca8130cd67a0cf5c592a73a4953fd9255aff4be29e35181fb9ab13ae43137f45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32bd813e97f1e0686774ad4b36571698

SHA1
ea9e601f754353e11e11cda53f686b4130e0e37e

SHA256
5726ba1ae40bf345dbc6009691f322d6e7de0fde3ca8f4692f356a948932fd20

SHA512
79089be013581bb31f5dec84b83aff858232cc1be73d469ef4b1f1a2c1346c733f2591e7576adfd4a3b5b9d7dbc4a286b1a3c1928b483ee5d54302d561f9324a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d38afbabd3bf48a47d9e2880c1d2adac

SHA1
307729be6aa900429c57fa42cae5a229d1cff32f

SHA256
f4f2a42152bdc7a1ccabe5ec071708b3eb351978f95dde87dd8de064cb8e6d83

SHA512
3908e308c0bd23b43e1ba0c2d74b925ca56dfcbc91c1face1e985e501763f49b584070def6c245e2bef061d5025d77e946d4fe949b35fe3726a0f09ffb797e15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
157c938ffdad854be8239d7c8779e8fa

SHA1
a336be02be54bb4696501e994bb23230c9b05183

SHA256
06ed3ca7e674d77a1c770107d6740b0f4628385eb43947c1d2575669b2811cd2

SHA512
55848624892946320d4fa26c9075b3d2bfb4e7f4f398eca7a17c9608b71910946172f1f3ea3d8ec3cb544b77660b4b042342faf93262b7e4918da640be762831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79bd6dfe2c6b891353f9c946fa1eceaa

SHA1
44a31d8f5aabecac1d87ab7808466dddb9d74046

SHA256
fd7f5eb73edd159afe6b8014e98d89940df7b812d3a10ca5e35b608ca326d464

SHA512
c00804f55b9d9a328e0ef235ec4ca6cedd6931d536c2261fc8fd4760bea07a7a46fe9d208c71804a724c88a136a9e643a75b30f283ff92274d8ace5eddda82da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35aacffde6b9e9c7b6988faf8abc07d6

SHA1
a13ff04e63e0892c9e6a83da8bf51f0d80bc7a9a

SHA256
04acfe8d0a6ba1841bbc3e0d0c106f313112ec3313661ec44a918dde92ceaa88

SHA512
8a40131d07ce161dc673b90f571cadf17359142b4f1d0667dfbc34807fa2765926aaed4406042fded8456a9901571bd93b33afafeef71a7d9e74b1e57ec1df67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73d9c2937a0751571a091343491a94c3

SHA1
4e33607bbcafeb26a70b28ed9833bdc9012828f0

SHA256
eb12e3102366b839c40670ec10f7ef1db8017664114dca6e17b2d8c73a7f214c

SHA512
44d316976364b0d05d6a31c99ee78d0e852902da4d51de26c04a93441dd9f75d494028989decf1d99db68120fb9c49c85e08b3d32e45020bc31cbbb7839f836e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd609ba265e13a1770b669b40520b0be

SHA1
bc5ebd5dd0bc54e032361d94db7472d82d9fc744

SHA256
41ca40d2cff53e54f21e62b1c5aa74e9dea310db9bc4c104af41958eb6ea8c49

SHA512
48f0997dfe368bde674d37f5b9c7c20104366c15d646af29229b484b315974c1a24b04a30be60c3184386331807a55442e226db84be6f4181923342f92488bd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfeccfc72469503c624b71569f5c9add

SHA1
a9237f7a9450b51312484b1863a22f4e2eb45e97

SHA256
f37db8a1b5786fd347175b36a14ac122503bca655bf4937e6c772f885ad00ce7

SHA512
78517a5bac019cd4611797d1b54d0d179a1f05db83f6add65940565fb09c04467b2543bf277a0086adb8d67a7d51a31ad3db543bdbffb28599cc1f9fe43d05ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b76356c47a6528828c295a60e62cf5d

SHA1
6c96661d6b9fd03a0a4985b22b9f47225d4a766f

SHA256
ed40710b5e6b42dfe71fabf30f80a9c3783cbdad91c35cbf17ac5359b901ebbc

SHA512
ec9d7921073d748cc3a0145efe673a19606b831e08a5e474a3d87c42b7b2937f56a13e3a5e908b50b3e179f6e4cfb748bf198d7698bcf00a50f2d6bb4ff0fe51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c5c26635cfa586cfaf653cabe13e67a

SHA1
86039af691163ca05896f1dce626084261381fa8

SHA256
b2906fad90a9901985770fdecfe7a17ea1194a7291d05686057a5807568d1aac

SHA512
53dec92d59c2d5aa7dad1f29b43c88582e9b84e1c0a815abb1b153aad7a941ddedf509fe506e1f433200ca806239684763ff00086556fe8d127ad77f1889a139

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3843ce294984adba56ea5ce6b372d593

SHA1
25ae26972fdfb4780fc766e87f2c1a9411f8bc1c

SHA256
ece72fa806b3dac00d4060f4d0f7ba52f86b1f408dc6dfc0f4a0da7fa9af517c

SHA512
cedae13e0168c72db27bc11c011fbdcc7a63c28eb99487f6f4bb9a672008ca8bbcc42cafa99ff03ee01c7ad65e3e5baa3984ab8ad1467d6d3e0a35b12f5b674a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48d086c785af0550ae7b74e537004492

SHA1
72422d83c10f98effb320fe267e1dcef7f7b1dce

SHA256
5d62f710a495c4bd7d6f13859ee37141d5dabd30909a469b33038f32531a3d0d

SHA512
25b80478f7655642e77425452aadc82d05d9b950afb66197333d3ef563da4fc2439b7648883ad84b90261fadf3ef0b4306522b28f4dc50abac0cef4969df974b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef2a64729e00d353c0d4554fa4465724

SHA1
3fb1debabdabc7c8c5184e242d55b990cd5dad56

SHA256
9f9a1c4afe774afa07c24c97a4d76a670f165ea346d4cc14430b292e3a272576

SHA512
bfbf10d64a28b6fdbcbfdddcdbd61d78c28a048a8996d3d6e4547308efbfff5a2a95efe03f01ea489784427716c35d7caa9777ba6e5daed76548265af8892d84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe8c77770cee2b6da2f5b4f06d1dae93

SHA1
29e58583df5a5ec8820b4a30bbec4731b543d736

SHA256
3e1f76706e887061b1c9c48dfaad0ef1ad660ea0867601184e00891e6657bd23

SHA512
79ee972e719e854930481fb13c53a999035dd13c1834c966a9c78039576915f8ee3f8ce8f03a4e7b98489d9a84225f8f5afcf4e326d70e73ed7b8a10f50073bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dd05e32be527c67b91946d071c65ad1

SHA1
76df001983be4d4621abcbf066aa4bd26725a03f

SHA256
0c114cc6fb650d3dc5c24b20c7974b4dd75d7c96cf2437ecd5459db86c63e412

SHA512
be76618ee6e5f01a1926c2d126652caf014a8e702b06af204d30f658343a3c4d42c9af2556a6c4a17b1ba5724a3621bfb68f2214432dc1ad653d04c9c391587e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dd04a1af8ad32c1aad4456f0710aaff

SHA1
b66841daafe8111a95781e44baf031c842329775

SHA256
8d95cada7a06f3f1e51436e8cbe59b1323968ac223dd64de21b1a72402019dd7

SHA512
576759c8e04713d71e466e41702c96aada16f5eb694cf2a45fef79b753eb48430ec9dd6290bf403cb67678903813ed78d322205e6948acaa30d80db65f6bf143

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3a3bb977d170e37114bca0ad36081d9

SHA1
e6000bc2dff36028e892fea06d7e83d8c5166cce

SHA256
4b616225ecb0725b3282f1c40894458e88645a4b9670584d43bc72562cb8dfb1

SHA512
ed0bd3c8a30494599a08677f94b7fd07f277818bc6925065c5ff1346cb8fda222367babf395c95806a54cfb9b8c717b8e84b42f49ef906feab3941ac1bafb286

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8AA5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8B86.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit