e061aa123ee7635101d5c671221abc4a9b011ec7f9a6195a37a5941f32871fbc

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

39dda50532a47450c01155e0d219f918
SHA1

c200c1601d47b15caccba3937a81912dd7a4b656
SHA256

3bc2923774dd5f224c78e6649ceffeb3ccbaf6d29b440c5daa76accf000b115b
SHA512

69448c3a4d7844471d4114e7ecbf88c9fc1804fe5297ad95a618e2bb8abb086f989de9202c25d474d678c02643d20017b209a8465c53d774b38a1321acf80d2b
SSDEEP

3072:S4NgxOQD+RY4vCkyfkMY+BES09JXAnyrZalI+YQ:S4NwaRfUsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5C924DE1-1785-11EF-BC03-E626464F593A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422466570"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2868 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2868 iexplore.exe
2868 iexplore.exe
2568 IEXPLORE.EXE
2568 IEXPLORE.EXE
2568 IEXPLORE.EXE
2568 IEXPLORE.EXE

pid	process
2868	iexplore.exe

pid	process
2868	iexplore.exe
2868	iexplore.exe
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2868 wrote to memory of 2568	2868	iexplore.exe	IEXPLORE.EXE
PID 2868 wrote to memory of 2568	2868	iexplore.exe	IEXPLORE.EXE
PID 2868 wrote to memory of 2568	2868	iexplore.exe	IEXPLORE.EXE
PID 2868 wrote to memory of 2568	2868	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2568

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b5eabee278a6b7b88fb9cf43aba2ee31

SHA1
7f14a1f45cdc2d7b3054ab475ca8f2ed7ad043c3

SHA256
98b2d019aaa82008a4d8699c2d810e7b6f10500019bcc0e7af895be9d4eee3c1

SHA512
c59e71f61b0569d3e6d61c755d20b6e0ddedad5dd7dcc08b8bb8a19bba41bab117d91d590b482994ea19ad0692cc28710ded90394e591b84684eff8c397948c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
59a83c8189ca4f3d61f806daff53a366

SHA1
c9e311873ddf33cf21bccd4050d73f0137f2b1c0

SHA256
ce0b8adf9f95c6c7581a8f0b48fb14612aaf20d90f0b588dd62d546aadbd6f23

SHA512
9119ed828e7b43f3e5238d899616c2f6f49461b20c423acae0695351b8f47032ad24be7caa7d65c0caafd8e0d02d1aa6c4a9e4d7846c5b32334093a23f91311d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
89fa8ac853c3aca1d904086b687dabb4

SHA1
b73c565e3bc040aa7bf9dd2727e74cf9fad183f3

SHA256
037f0e746b663389a17f60c78b60c628ee0413c63d6b8e4b4f2e6c7039ec1097

SHA512
f29d75945387f3f214aae11b54de006e66dc67bb62d78ba4cc1229ad7179c39c4b281dfaf15949f697f0f0d9f4eb9362150b577ca0eae0b5c9782e7b3fbee231

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f84f5b532ec918e0df17a2bf4f824af9

SHA1
0341f7b100d38c7a7b97643284200ac68999a530

SHA256
8a40cc92599cfc9cbc9c35832c9aa873370bf72fd007b036e88f155081b693c6

SHA512
6bd960688ae22280c5d9f566f0a56ea13cd2bd6887059508cff5f7350db95ac236d7ecbf86e79716f056f82773d5ba6e48de8898da4a5176eb0bf9874bf43a00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
063a2615a128b32d6a95db00c2979c76

SHA1
c36c449276ceaca374727e9867584adee95a96e9

SHA256
a008b5343cb5b6041e95047a56b7dd062847ee5f3584ae27377ef4c3798768fe

SHA512
9c3f9777b4c76f5376845f386eb3e858b86fe00b10a38d76d05f388cf4970955dcffe44327034e63f4370850d4e4eeedde21ef541b722980434bb3ce3ee159dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e520864aeb5a11a90bf289b00c935e9e

SHA1
7aad5a639d32cfe144c3e7a40183e87de0e93b5d

SHA256
12579f8771da2882f540bd95922b28d997b34a261039427f8dcf670b3bcb8c4e

SHA512
354df8b55380503a0743038d1f9fa70b5ca17081b57a7b32f3b7b8510d8aed4776d2e4f7eb6f9d01f61384fa7b0ea339e0bf1f9652cc2e031daa3676cd9139bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d038e779031f97b8beba78252d4e78b9

SHA1
6671965b5b0cfe328074a1ec9e7426159c0d733a

SHA256
0195287245b527588c9d26e53f77922373858d072ddf3332923744fdf579026c

SHA512
dea97cb041e60f1182e4fa19ec630ed65c906725f5236f0e3d099a5f50baf92b3b819c3e29fc11434d574a6f6e0c5737a2f6f12f6bf5d08812bae280e77d1e9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
51c72569fa89c8ae61787631c96e800c

SHA1
27c12eea80fb95a9d6330fb7955b4f665618d9ed

SHA256
b45a6c03d8b06d17243f178dcde24350a70586c480525b73bb86c94ed4a21a02

SHA512
1fc4534c80d4c7c671700dad7fc278894fefe34bdc6a98ba0cb4eea0616279b4c071cf49deaf415e3204f501fec8713d9aabb2563498f62d8d5bb7115a9bb2f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
62b2417a44d81512a735015f5e1539de

SHA1
2cb53e7779ac0b74308038fffe2027b1ef1a8ec3

SHA256
fbeb9db4d8aee62ae2a25a4b6e412c3834446ffe9342a6ac836468a30d49942d

SHA512
6253c89b4ee2ba25fc63cbbfde411da6e0e01013d8329442444ea2f339e69f6e70ca023557a3b86008d8de795c0490cd6abed719ef497d2b338b4c3027b0242a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
91061d7a44f00a981496f96bbf984cc5

SHA1
94e4a4e82134a55b6cf7a6097c66bd18d2a1b244

SHA256
0ae8cc77af637af7ea5cb52ce58158d4ce29d6d0694bd85eb312d2b1bab06115

SHA512
6051c7e140592010c5dbe8e988892738777934af963c6b917f705f52cf849b87019afac3cc53afb8d21b46ae697c2976969e2752e1a0da853ff7865527d816ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
860bce5292692b13aee34b2918414522

SHA1
8626736a036795e5ce3e620406fdef3fe3f29290

SHA256
eb92bb77765fd69b5f68b2356ffdef98549f524a418f93b220c511811c723b37

SHA512
1d73d9d391a11462423e3c56f5293d94e9da8acb891ca96df77ddf3dc3b6c4419197c2f4bf517562e84f4e63fa7bf3476a69956767d90f9d09889fd2b3535060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
54c7078071a08cc81175e6024e237f30

SHA1
fda13d38b82cb22be50bd976420cf7e208feb69b

SHA256
5e52bbfd4e3172f8a9be90d955b13d1f29e1e08bf7f47c52fdbed5f40239f245

SHA512
818865b21c774e4871cd760f2fa929afd9003d556a06832653d0cf47dc2925c8f9d389b66f06a3a405ad7979b567f841a3f340034b7d570363b50c157e30e616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a2df4aa00e1f48bc9a8c30c22aa59714

SHA1
a31467a017130ab086a3d391f2552b6cacc78652

SHA256
7ebeaa01fcd8db6a850e53827d5b169f03b387f3c6c6bec34f26c47bc780e759

SHA512
981b9a396bf6250b1b073ac7bf666688c1290c6f3e4e9f95a509c80a5dc1303dd878c664a053e24ac2a425fa6c0e7dbecb53779dc021d8468167f5ab7ff8c645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1997dbfb7eb9e10a8118e26d5c49fd5d

SHA1
f3c2a8db08d4689ffd4616260901eb7b94ecf46d

SHA256
10add7c72bcb1524b2a3336d51a9441787fe3d9a12bf5685bfdd3ff1b486c089

SHA512
c12ce2f2e2ab602e0e1377acfe47b3aac58ea566d139309d7ea096305def0f13a276fbc61a277c3c51c997c80f751d82835a51c238708ad286000af719fe1c32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9fe87c584db94dbe830c4f8b7a6ba8fd

SHA1
59995ca36b3a36ac267eaced41356534b9cd84c0

SHA256
194dfc3f6686c88b422572f2fd7c43148021d3d1897877a7d4d09b3c784c76ba

SHA512
abd919dcc16a83ad1150fa02fbd50fe1ab229f3915bc37203c7b25e8d483a30e8ca6c4eab5c83c9e57536ca324c9ce19434df3f2a2d3c4b57d3c57730cd9cb3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ddecbcc7d89d6bccb9921afb19fa38f8

SHA1
84dd45ff4a5b7d1473e8b63b261cc472705a4262

SHA256
1b7c61b0b65027727cd44d6d2c07886aba4fd00dbeca36383b34444e1c81ddf3

SHA512
9ae72d388b8ddd43b68b83044a608dd9354d814a0eadf789cdeb4eb97c27afbe20c5264990591c30866dd6864714c1e3525a71378ba354fc1a7dab85236e8660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dd3d6ddab03ffc4908acf109cba3436b

SHA1
1c71da884a53004bc0b841c3adb727c65af6dcae

SHA256
97f0c9394013fb81a43c18d0b43a5bf12d75990ba70c56717ad1e52163153781

SHA512
6b32abbf1cf26325b9bed32825fc0083442e3eda7f8c1da7f7a8ec0ffd3d688d7243861fa12830c21e94899a08e31485bd1634b1d7760e171587cc63edd0e01a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
46a82ef170cbccaf74831d3019a4d0b7

SHA1
5ba2b776a6ee7739bcd94f2660bef0776c327a23

SHA256
5f992949af57978e6303e6c6ff05d17c3d095134715c137a2313dadfd73944fa

SHA512
6d744a9e0673f6c5ba3668aff6ddd048a295e8464217cef0929690b405a08dbd2cfa1f59856e9f9d37569972735d39594686ec75452fd4c07901462e5c59b82f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab11CE.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12BF.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit