e7bbe72a417b7e1919179f8092b2d1a1be5a27a635b2c83f85114b841cafa092

Analysis

max time kernel
135s
max time network
135s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

59791a1df2ca1fd33a719ef35023b3ee
SHA1

f229fd22be7404a9494a4016e5f318733ae27cfb
SHA256

2f6a00659a978e2d49acd743961f684147a341320c1828722d1a2dd4553f0111
SHA512

abdd57270cd1c4f09f07631df670157709c563968f2a00ddbc2fa41204898ea95d412c8d117ddb1eaf71bb0bb62feb4ef53f6347ab2217cac6ebe09137a7f626
SSDEEP

3072:S1sYCWB2+hVnkyfkMY+BES09JXAnyrZalI+YQ:S1Bg0psMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D0A72B1-1882-11EF-9A72-56DE4A60B18F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422575314"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

840 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

840 iexplore.exe
840 iexplore.exe
2744 IEXPLORE.EXE
2744 IEXPLORE.EXE
2744 IEXPLORE.EXE
2744 IEXPLORE.EXE

pid	process
840	iexplore.exe

pid	process
840	iexplore.exe
840	iexplore.exe
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 840 wrote to memory of 2744	840	iexplore.exe	IEXPLORE.EXE
PID 840 wrote to memory of 2744	840	iexplore.exe	IEXPLORE.EXE
PID 840 wrote to memory of 2744	840	iexplore.exe	IEXPLORE.EXE
PID 840 wrote to memory of 2744	840	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:840
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:840 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ac2bd51d5ff666edf49b992c9628b57

SHA1
a5c8c2c01d7bfbd30a50af1b98543b1f2494f80c

SHA256
850beafca63233735760e97f65952fd75df63eaa56ecf218a1c97ad6edaacfae

SHA512
be165f707782a851ed1a356ea6ec4f9074584a356363f276a941dae1ce0ef02601d98fe6448ecd5dfc982af16751914dbad1a3c814f5b65cdceb1b77dc0f10f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d70e62433d2f28fa9c90ec35ecffa40

SHA1
703b5e836546f12dd0059925f7067f27cf4ec341

SHA256
1f048a383b6b3da92ecbf602f64e2aff94ec980a0ed72d6456934b4ccef5acf0

SHA512
d660f88c8a230074e78da7edbc97d1c6e261f37c80c5c50305eee653a7c608a26b138d92ba01cd8cc3f9d4ec04623d38adfa2bd448399d157264172e233db355

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e8930d1c38e111ccbae9bd236f42275

SHA1
fa8dbf9df7e4659f674ac8fd54a496644c10c908

SHA256
bfe81045172c98f419d5db05281db30710020dc8817deac1db8906d8a48db11a

SHA512
cddd52bed7e3de9787e3fe9a0bd09c191eb7e0676775ff718bff893547ed6439f6595455342fb200aabe17927ca9c5949ed1bd9a1e29c67b1791a003d1da5edd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b0cef938c66bd4ec15f8580f8e389e8

SHA1
cd970f862cc05d3ff072e6acfd346e0893b17577

SHA256
90944ae8b38850cac64faa985e86176e07e156ee60e845f07749feb5f1a9d17d

SHA512
0e0cf7a3a71d921d1ee56e3c5ef7e01bd96c2062fe0621e6abfb187719086a09520ff0f928ff933abe649291acc254385e370039c2cef65fb193e1f269ccc944

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c319f035d72650d6702f9ca4efc7dcb

SHA1
3475ab30fd91e66038a3eb0c782f2f7c1f630238

SHA256
23e2d692d134f1c684fa31a7d45b5a2b78302d576e8f1bc9cd5bb2102ea524e5

SHA512
a47a61465e98bf9de5eb7f1dee21bd3226a661a07f1f2bf85a0ec4015714f1881a6c36e5c397696f25a0592cf3a5ea55a014395136e08288f91a6c6fb22ff2ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd4e8df63f4b7faa458ee25216e6b939

SHA1
caccb2498770c74d47d60bceb5dfc17e3d4d092a

SHA256
6c911904c50a45f03c5f7e6c1552fd8af001a429c97d301e3a8baeac3e12a501

SHA512
80a6b3fc7a2c5169ce79b4b997a274edee87c760fb1e5b499eff0591b6c72c4ad477d6726f3868dddb27094b7fe2fa41d9723d4d9f43640d74b8c5b83d5a2c15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebb1c30768ae470aa9688ed12cf4ff44

SHA1
386e4f812fc4a8ac9dca3225d8e4ae3bd6f9e08a

SHA256
ea92a9e12f6b4b6203015ee170c342fb9f2c11a6127e5af812bcdeec92c95688

SHA512
893fd55c1830ae5db5d22689e272527d96db5d44e62b3f0d7e3ee03e8e92d806b08d9b2a903fc8de962b13426eaf5878233d9f7220b878d09decf8bba56ab58c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
598c3042b4befdee8480c4321ac52d9c

SHA1
95a1603235d9b7344c16833d1527280c1256e138

SHA256
0741f38f86f989b6c351f16bbe605e08ee41067478a57ff26ccf9201764b69d7

SHA512
76a36853d15f04f2f552821aef03b453ea331fad962db648b8e9f3dd31c67e40df85bbdde7e00f7ebbeee79730379917fa6254d4044f4b47a99b7fbca7333336

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41f581b7f9bfc57c3e14bb358aa5ca6d

SHA1
f8faffdd8c801762bc5413c8d91e711e00575c70

SHA256
176a612d219ea5b9a998084d1845137db1617364c115136d00da7dd255deafa4

SHA512
4d2da7ea48db3f74a02bf869d873c492d47a300f391f0b2f6ad19d08292b83cfde502aed02c3976e0bab808aedab6760fa973b85a48503f3a1185c1ee92d8ce8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76000737aed0af451a55bcd6b36aa872

SHA1
95746b9be7ea91fc000d4d52c13268dd4bd0221c

SHA256
9c4bdeec56639d2332946d6ecfc3f15913668cd36a9ced875c507161c476c9b9

SHA512
87157fccd19df3280a88a35cff2a326a891f63af15da7c405270e0664e7b2b2ee94f0f44a9ce63d48d9ad4703e6e5ea86c473c64aef7df9c1ead0068c35900fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4066e78396dc0ca69c38eaf358d0d0cf

SHA1
3eb34d76f52a142f1d4f58b3199cb258b5e156c5

SHA256
44a8dea84570a6d2e144ff48f26d5b0bf871c9ac73b324e72a720d9d9807ee1f

SHA512
02cce264b84668bf6b1cd96c096f0f0ad10c0cebe8124045e965e5a66bdab769eb5955031e7b58c1347e561721b9a16bb42725144eefef40101483700c17f0aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e8e5d1713a732c455500fc89b3fd1c3

SHA1
0651cf572f59cac2542b3ce6927e3bb10add09de

SHA256
806e64e424ee736c06d056e34585a23ced8d4d6cb4ad9a38bdfd394fcf1931e8

SHA512
43a2a008ff7fa9e18e57c845aaef7b3397d702f33d9be948d17663c93c3d4a46f88d621e63240084f7a951638bb0daa10cc31fae8413aba064fda9c25f65a560

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9ba581ec6493b1d2bd84e63355a940d

SHA1
e8bed9863d5cabd52da4a737822b680505315747

SHA256
1b112afb0f3687f6650ddd22b3656904a034923d374eacabb8df05d407e14884

SHA512
2460f8880b22f06df5aebc05fa626ecad3040933825d1da329694c33f6880b1dabcde62b3204136b8342885ea82ce9d7222d9f0798240421f9129d0ab3fd4de2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b460d0e3550dab00b3b5439160956db

SHA1
b6164c0774dede44505be353bd30527215715ec2

SHA256
3d1f649d8ecb4d7da246965758208810ee5ecf5e57079c813de89463179cc7f2

SHA512
fb73e8669dbbaaffc0e0ccfb8f8643b3277f8cb9e5071d2e9a997ea80b8fdf8cc86b0dc93dc45f3eb42a80a44e466fc3f94c2a3fdb7cefe429dda3568e734c9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e2914822f3832c24c278d15dabc5a53

SHA1
a2cfa9d0f7e2939ed7b2ef0e46ef252a0a2c736c

SHA256
d935c3ebd6b194a515beea5e8fa8c50d54040d444292e2bce02da929ce7dc0b8

SHA512
f3191965a62faff000689bdab8da2f2ecae9dfa72f6043ca54df10d4eaf13848f365f0cfd309289710e0e52bf886baeeb4f0b01a7bacb6e8af97b9e7f309183c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03af2dadc6668051a4bac996ca3598da

SHA1
157cc85a1064dcc0b5982e3d3fa3db5ec4aff855

SHA256
4c4ed5c244d1ed59d2e14294afb6f9f089313fb08c9925cd0b50fbccee7c6ae5

SHA512
259394a27d5f0e27325fb3aafdff8624b88cb0426d9bf37e4d83bca5aa0e156896c6231b4cdcd93121571dcdba978c3e0f6945ab8f3497b775c3e45653a51ea4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34f4dc7c22be592e558011f66eabbc4d

SHA1
a74b165a16814b4d3dfcb33896651275f3ba38b4

SHA256
f0789bdfb9064379b77b2597622f4424c6cdf8c4bbd09880f177123b0a9bab17

SHA512
3786a55dadad8aa2c404809ddd4cc027d387660f414fcbeb41feb445c9efcdb290717223455d7ef60ba4bfb1464adafe1ffd619461a8fac72885ac68e5662ec6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c820875e8a6b005bc27e8e94d95a331e

SHA1
41870932cc00ada97ad8ae2c5487edc1dea41a70

SHA256
3a87867c0a9458f7ee76ed1021394b7b1bfd8761222d4b0386c391832873e98f

SHA512
224e4270dbf8f0bf02827bd565a35d981c5aadd9fd99699400444600a0a9d74aeef5ba6fb2ff466fadb3cb43dc9c11f5af79111648c61623df08ff884c968309

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab10F4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab11C0.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar11D5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit