268ef99c810729d110b05c252ed926a19e6108333e0d24d33b53ebc714f76525

Analysis

max time kernel
136s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

c7fbef13668d7d1a90658b961b62007f
SHA1

3b63cc7f062731478c31da0c58e596b41daa5d71
SHA256

d408874f253e62c923bf3bcaa01447eaeb565f3f18ad28376603137daca47a46
SHA512

f6e6c672620fb573f8573a94cd777be3c2d8f4c90d15752bb77b9e1e23fea851b29dcc1e327bc769be0b7647aa34c9496a7019522a0849e872f2d3c1810bd683
SSDEEP

3072:Srk+q44JdLiyfkMY+BES09JXAnyrZalI+YQ:SrzmnsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{349EE4E1-1791-11EF-B2DC-EA263619F6CB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422471659"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2892 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2892 iexplore.exe
2892 iexplore.exe
2456 IEXPLORE.EXE
2456 IEXPLORE.EXE
2456 IEXPLORE.EXE
2456 IEXPLORE.EXE

pid	process
2892	iexplore.exe

pid	process
2892	iexplore.exe
2892	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2892 wrote to memory of 2456	2892	iexplore.exe	IEXPLORE.EXE
PID 2892 wrote to memory of 2456	2892	iexplore.exe	IEXPLORE.EXE
PID 2892 wrote to memory of 2456	2892	iexplore.exe	IEXPLORE.EXE
PID 2892 wrote to memory of 2456	2892	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2892

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64a5601cd2f33ac1ac74a97aec22b9ba

SHA1
a378098b0bcc5df77534f06ea78a80e0cdaa02fe

SHA256
93501e5142b530480c6b499577c2fe4df3559261aa26fdffef5bd98b6ba19090

SHA512
9cd16b11fe7942ee5bba4b2d3c9a2083aecb07d46c64bad3c28417a74b717e559d726f9098f0eb7738c39e8ad4271129720e638e932c0a3b5ab851ecd73e7f6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af8a1503bd31df9b1d1041cda54fe7c7

SHA1
b1d3e64ba0202fd78cd1ba8c7340c89dac9e2662

SHA256
7b8b6121c1667310c8f5d3aaecd2ccbf6564b55dbd73ce289ccd34a1f714ef4c

SHA512
843f54f4c56cfa66e45b6e7294f14e61ef386f14ae6aad4835efbf5635885177e01d0879ea363e4c42498af19df4581bb63105e4ba27853a2e82694ba0c52340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
069038c1c7a6a5bb5ec0668345aa7df6

SHA1
351cb2af36a30b05a3b2d75e0fbce8e418fc1d90

SHA256
aab8a3cea06a98948931d420aee2fb672aeeaa40583de5290907dc1b8ff53456

SHA512
333a8c89deecb4f648c5bd51b12e91c8d26df707d0ecdbf09a58805e08605da50352425d8e68c15c7fdc2c3d93e5faa5fa640ff67aeeabd2ce22e3ae54e4316c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6d66030f647e5a67a230664851738fd

SHA1
c3cbfbf553f881a50d81c5dbac46c08404b59435

SHA256
3e171bc07bd846954b830a7dc3bc1224b664af59c4992ce84779e94d5cb35dfa

SHA512
d31a410b4b6bd9510cc60fcc4fa8ff987277307c6856b4e15131bd8505601c3c47ad1361b0cdcadbba6aadb95ad2919817947722b3a7642a300d5af6adb63314

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b52506f9a945b6104d04936c1d65935c

SHA1
769988595cc44875e88bc6ecdc5dd364b0393226

SHA256
62f66ce1658dfe2dc83394a648d5504a08aec6b2b97470445d4646bc59970ec8

SHA512
44b1fc745ad04ece5eec4fedfb08c14cb9170e489c7914e2c57d04f003fd3d6c0a2fc48fa3b4a26783d7c7fda48a3901d1e7434341e69da96e8d35f36fd6f02e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c14d3ad31c754fed6febb518d4b2744d

SHA1
60772e40425f6e338946030e8dd871d9d8a6b064

SHA256
3c378261195d8a69f0058a5947c59aed0ee7691afdcd68a75a1e583af0c1cec7

SHA512
d12b80e18f80af6d625ef18a8e7a822503fb51a8e85f6557017a9c114653b6a5e95a9076564b4b1c441346356c562fd10884cd23d3b4aa223430b5d194c94b74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2affc1a402ee27f82ec6982051aaf8d9

SHA1
f73c99e6a9f4a7b0d3cf6fe65d7bb0cfe3c8c7e6

SHA256
1157419ae99051c2132e54cfe77b7e620920ceb9409c3e303b120f3f948369ce

SHA512
bab170886e27c68d4a824fbdf58f28a1064a96dbf230d658f6c8125e47944a83f475721ac5588af620e28f5d61f196b19c4e8404cb36d459f48b382a1d775ad5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
812cc8b1f7336cebc1ae351906391de0

SHA1
f40c8ad74f726a301e98563f2b8ba2b3ef885e17

SHA256
2fd115f0f75826fb3250f9b7ebf94b0110d5e9c2c18caa189a722c14d029fc09

SHA512
604072546b1433b52d8a0c9a43528891c82bc966f931cbe4a2a3ca8b6061d79b1bd966a55ac2fcee0c82280fa03a05b897fbb3949502d0b76c426c49c674c5cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2e3b3bc1a103e591427432005315649

SHA1
cd57a14e40475009e693ac20113966ee99a958f9

SHA256
f93e56e5cd1f9663aeb82d0f3558e63e7b1cf69b1297a2739a8021e5f4e064ca

SHA512
8b4543c849d36050153291b07121e896a27a7c1ca26d1c0d063b83dfb219d15182a797cd1bb851fe4186b096ce709253c68b9ee7c90732a303ad2debda0ee904

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3fafd7ff09516c4edb11a5f08420cdf

SHA1
4d99f5eb09e1cd94996af7592308895373e3c9ed

SHA256
85c21f8adc9b0cae8f217995b9d2edabac9e9766ac6c077129b47826be4519cc

SHA512
206c60904cda4de61a7c71b8915feee06bba7c5d9fcf5f8b6ab58583daa610a611ca2316a0e126ca438b74796ab8bc348b61a5ad29f36396899a9641784f396c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fffd4ec89691d7843e9539b501132c7c

SHA1
6abb2a99acfe40a1b2a9e3cc1ac4a090d3d566c6

SHA256
f5540acdd7bb4dfb994d16b0ceb977d3c961b4633144fd9d730dfd1ea683e6f3

SHA512
97a6b1ae80a92a07348a817e60eb606b82f937a01cca0d545fe239ad686ce489beb9bb7008c767e29e3773ec76b56576576ad0f96444a4cacf6fb88f47b2e1dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97eddab370f0e312e76b5324b59d5625

SHA1
f6d902e24e4bff1758f64bf22c0632442ed54342

SHA256
ce496b54078725fe925ee1ba6b856133f491d99907f1e314b2c90c349b257f55

SHA512
e25608f497fe7197fc2f39df4b720984ac51acbb75e14e024e4e6a7eb9fc3475ff2b0b074af32f1144854f9fec00cb6ccfbff784d256ea1869b766fed3f9ab29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba04c9011246667bb1fbde282dc39740

SHA1
8814295d505fa2e9fce630eabd7a076bbcae1739

SHA256
58e68947220e84637d3a00f4ccdc65cbf586fe66b193f6be14a1cd47c097c8ab

SHA512
889c140859f3f6f28e7a10d53b31d80ed99a1134b7fa443708d7282e2ebd9e5ef46b0a867cb2819723f98ece3bbea895b64786a3e10a1f74e6ecc6230cb1c7b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74979601f36ea28a278cd92905e1a996

SHA1
04a39dbda33b88d2c038537c4f82e15d7969baa9

SHA256
ffd10025186b8afb24dcb920849e75840d3ef5711ebf50b73014cbc17553c41a

SHA512
88089f5066cb700ebf978bc89bb7229e5bdcb930198edf6cafd40239ea830f9c059c8e20723c91cb0c87cd25e1e6ca12b050493a6909fb8f8bf732b85c53ecab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45728993bbca4ee623135a41fa2ee0ee

SHA1
fa886b536edde62604fa839987aba2d484cb20eb

SHA256
64a915b39a36fd9b9542688f275315079494d3e1f52bb7e595d2a13516eb88a6

SHA512
e8c2c0328bf0632b615c0d48f8d399154994c2518789813b4eaca63c189029bf1252174a1b7a0f17cf23c745fee444b9f7457bafe99ed50d9c3f16aec0808d17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2fc31d55b9655ab5f200b43d1f6abdc

SHA1
5cca97db164345b5d3edbb679e9f17a922e4fde5

SHA256
7193c39a8aacfed2fee99498158980b1d0536b03dbbc7631a6c8867e78a11f0f

SHA512
3d80a8d8c4c6b4244487e5cb115817180675b7fcbb5d5bdca8d9e797908e6f58a05a779a4a457d40127fc72f89edbb1c1d008c49a0ed2412ad707d402b6a4b3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8D32.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8F0F.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit