f0f0fa39c9e77c258fd45467e05ca462a82f1565a52bd8faac24da1ce68deb24

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

ef82c2c28ae1862fd32634cb8d2b5a3c
SHA1

2bf61cbf7e1dd2c67f42ad6bc49dd6f11f87fc8e
SHA256

06e3c6006f6ae34c68722fba596d5627a2f8f36044033326cea6825424db0093
SHA512

81c630c6f552e7a656270cf587336d9deccc2de9d02211d3d7a10c0cda1773b4fb6f2b424c42caff450783fe416b7e63a29beae968da7f677c8c2f3e9f1de8e9
SSDEEP

3072:SJsY1ephtixQAllK5NQ0J0JqTUzC+TV9h0lAeXwH2+HSppXNFNlyfkMY+BES09Je:SIDdQsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422482602"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B0668A61-17AA-11EF-A002-FED6C5E8D4AB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2348 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2348 iexplore.exe
2348 iexplore.exe
2224 IEXPLORE.EXE
2224 IEXPLORE.EXE
2224 IEXPLORE.EXE
2224 IEXPLORE.EXE

pid	process
2348	iexplore.exe

pid	process
2348	iexplore.exe
2348	iexplore.exe
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2348 wrote to memory of 2224	2348	iexplore.exe	IEXPLORE.EXE
PID 2348 wrote to memory of 2224	2348	iexplore.exe	IEXPLORE.EXE
PID 2348 wrote to memory of 2224	2348	iexplore.exe	IEXPLORE.EXE
PID 2348 wrote to memory of 2224	2348	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92fd8e7b0464a9020f953e7da0d3f83a

SHA1
0f996a4b1e2ca0009696da0359313362bcf50767

SHA256
7083967f85e4f8de4525f45fbc0cd3d201a0b9e9d6c2dc29b1721c4bb1ef0464

SHA512
790374416e40073d124d3cea8b923d29bf112d7c9caa11d8f1e2916cb9d1d027e444f86e9af47c515ad18ef63ac495e8cc2d4dd86360b16c45f1a3f87aa774ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aba3d988da52faee971f87e419978a47

SHA1
91e6cf4bdd848639a6628694d54af9cb10b2de34

SHA256
e0f92b3af0d8e9a5a85d5c8b8510d1c5ca3440e89d513d772b4cd3a8d195cead

SHA512
d8603209cd39b13c4dcdf71d2f39bb71e9dcd62a8456f985ab7c294f14d2f634cb36994956b40b7d9f99e8d5c9dc2ae02545893012e64d06a09595e679339f66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0637b1114a4cde9bcba2122bcfee22d1

SHA1
8e68debe4b9d38e5cb7871254da64b58b16fead0

SHA256
f6232895e28bbf6cd57af65e1d613fb0b6211ffbf6f7e18fdded38bfc89f3ad0

SHA512
970dac8df497d768e077744f61aeac09a74996e638c9aadf1f7141785bb3dafb3f01baa2d3f16b138173312577ca95340c9c7ba20278eef9e88f40b9ba3246b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47e22575e2824784ec6c18978d3f716e

SHA1
194d6bd506998752ded6867e69f567a645864e4a

SHA256
4061a663ce11c1dc47643ff819a4162ffa7012c704cd809e39c52c860dfe8d17

SHA512
0badee90873215c781c9eaf816e69aa6d952409534f5112ae9c8ec88c611916f7172358666d2e1f4a5482d61474ac6dcf003c625606bdcf942902c83b8db4a9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dc2ce5a3fbe30bedb71544e3e8438b7

SHA1
c4dcd89055760793011fbe44564b6cda77ee608c

SHA256
4e61cddb383e964c16465ac0b355f0c159d1d984d8afc96353eddaa0efc48d37

SHA512
60827e0c4cc9e9ee1beb6a3d19c214f48e808e181cc58592bad7a7658007bd759f71a206103792b1170d010aec1da99418bb7d6be968c83e04bf9516e08b368a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e74866e600b9ea86cb88fa45928f356a

SHA1
9e75ba55242f044b59b63fd7f6fb6965cd27391d

SHA256
03e58900b8f4ac7ce19f71e642a0421d533f062ffb8e459b123b36ad8ad31ef0

SHA512
bb81553961433250933095183f739c573ce1be138f4d122c3bdf57eddb97faf1ffa7839a68c02b27ecd502bf7d6b615016e6b87803db59279e05820c77ec6474

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d2dff232f5ec4c9951bb30affd3548a

SHA1
05dae31563eec29f320e606a01c909fc5a4defb5

SHA256
bc34d3b6ae4174abe1823e76b32c89a5a7e4d6541bbc9ce955d3f0847419945b

SHA512
a89f335ec2799417dfb9988001ded8e04709dfaeca2a7bb3f46a6e60e1bd9125539b0300f4afe28c047fd7fe2c404d7f98d517e0e77f74f74e88eecbc7f4af94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aad37e7eeae91ac4f943bcede47e5792

SHA1
762597d9e9cf75d0cf832890d660c7321af290c5

SHA256
78ff4f2b80ebfe147c396f5ecca1fc0bb231f95fe996f70d0c50f91a7f9ea178

SHA512
1d3656c741d12b0e6af358c2f07554308ca59ac660f64c6cb83100f451bd572c97e354c52a73681d8bfb07a1827253b21915dc3d4f56d8f46ed88afa299f8398

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e5c491f661b3a0707c437a68666f247

SHA1
2ee5d0ce01933235a0b1d017fd2c2e2bcf97cfca

SHA256
e8ee73441af26fdbf2689c6584875f37c8d1ce58bc10d672df9b728371ecfa79

SHA512
41a6e3d59efd3a632729c46b222ea77d1e1c3c7b5492d45ea7cc8083d0451161d6b3ee99337aa21b0ae0f316a8be321c4a211ce8f6377d4522be52c84eddce42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d28efe8ea66969dad07020391b970fb

SHA1
e55c06eca7fd9733b005180bde91cd1c12a274e9

SHA256
c27aad102fd25facd4a288d8edbf227215f65fa853dbd40196643abe70d1997a

SHA512
6e7bd0368bc069a8a09ea82b6ed900847ad840b7cdc5ab7e3d1e7423d2910b7155a5a2c538b037186b892e789cdae67a932f21c40488fcd86ee511e64d6c5ec3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8e4b1670fadd2bfa779e98e78b3eb00

SHA1
d6a0619045d0b43cb98e026ba0d7a3f52b171b85

SHA256
711d17dfdd0728b1ea0e86442ed6e367e5e537472f19e9a74d3ab3ee8a1aa311

SHA512
4621908ac4aa32232d7e623bce89182a47c4782e3fc106f79ea74218500d811ee1be3b7af31f7a7a6fe4d8d3742b97d5ef86badb29d0d42f8b6ced00184dd56b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7009b7e6b79fd212c1d3fec385388da4

SHA1
6fa56afa9cbeb386aa908413899c1c49fd02bea6

SHA256
c4331c0ed774edb4d33664f011457a89cde6cbd59f2784babb729fac3d6f1e1f

SHA512
2d062ad53bc7444d6587c054c6c515f35e3a33b34599db447596574bd4c74da6493a1e6adf6e9c5b7bf611acfd7e2a78624b19b6bbada9177fe4bcd85d18e229

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
911f8d018d9c8ce345d86e3ba46779ea

SHA1
5a7112e7670f7543c12a224f94df2fcd4c5f6e36

SHA256
7a6ab36504e55d7617ff6fee108090210e430373ac830788fff636c6b8639826

SHA512
102e02f4eb6dc0e99efa353946c6f5155bc7dc6013ad868e2fa89244712419380d295602c2006aa81c2d728c3da971efee0b6998002f387ec00357c524ea464e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a696cd2a02e4cc36625102c2163c1e3

SHA1
2a6632b49272404b7d0367fa269bf5cda2821970

SHA256
d62520ae9ce7001c170731260113b380211dfdadde5d73d24e2e9bb7a34b7a8c

SHA512
8443f368899b598cb02b63d32a63d4f347053e8cd1cc7281d92a4a9d392fe216ef8f2f2d7c14a88ee57d0254ced54e43b8ef292ccd0a6c0192f6edf37c01cb47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d846c7277800f4180ae40ebbac56242

SHA1
53d8452b2ebd179fc76ed93e552b7fff85bf781f

SHA256
b749cd7208b8bd916d5c23f79011367a834573d42e30034f3db493f5e996d6d4

SHA512
7bfd94e432c314957eaf56cecf6bbe76faa8197c043763a2b95aa0547469e15d927c851ac7034e427ae3a43773d130795e6b98573a46483c85dec5db03621a54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7552034824da1c2395f0b6a614de5366

SHA1
897221e3ca599c27c00bf6ab47cc4ea7fac6c5e5

SHA256
a346464c526e7dc8b850bbd161a1e6da16059ccb108fa2f778c845379ac3a75f

SHA512
11fe86562d25ddc19a58e64f6a3ca2ee41ed491db498f5ab8c43bf81243400de8214a38a2866f25d2d6b518e1c725e73c2364bf244dda3b9c1f2882244683a2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9aa84969dedace49e2b2a9192caa856

SHA1
e164befec5fafcadd6a22ddb56e74d1147e53585

SHA256
bbe4c9de236fb60c3c7de2cdb710fc7dc51cf5c8e64f9e976d637fa3863c7a44

SHA512
35c17c2b79dea13436486fdcb0e78dedec937858af83edf93deae636a19cd7f833b89b494dece3fc9b9c3a093be7972eed205254b0451667a512ce8b13dc6375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b250d1bdcf69f7b0bbe26f901f2aa55

SHA1
9706d96a9972b32a17ec76f5dfd0e9a0ccb58039

SHA256
86587b4dcac1e2a76a06c81eda3857cd7dba43048cb632f9b8d7849bf7841e1d

SHA512
b63f92d610e8cd487644c5b7d97ca53bf8cd81ddf2aa422768770d822ba0d504ea2156c741b7ef4525ae1a2f0d7f0fdd78ad389dbdb2c412230aa0590a6025cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f96b296a0ae370ce33cb54cb5fd5172

SHA1
319ae1d4320570c089d09c2fe67118e4b07472e6

SHA256
8d0d34991dda436a2374c7204a5a1c0fff51e102fb03ba439720fe2ed41744bd

SHA512
d1a6bdceceac43eaf958fe866af4f2ce20dc8c41e37e812524293949e5f5979d4cf2e07fb4d5e408e40d3ca4d44fd367fd4ae9d303e7a40ebe7b482ae2a4edb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2DD4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E46.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit