972ed6f13321a8e35e284dc33c060d27880107fa0faf51a83855f9044ecc9410

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

ed76279e8db1db76f08a2bd095740b13
SHA1

b969ee8e88694a041dffa488da8130bfe7cccedb
SHA256

5b1bd1ff8739c182678d09f24cb0b022cef65f054feccd6704ac35af6121aac1
SHA512

e8557e95391c008ac16fbc93759d5b2d6b6b8d8613a6c65717c9407c761dfda26f78c07c19ffbdf39fdbe89cd6465ad6c10c3d9e5a7f529aa8fbb541898f1cbe
SSDEEP

3072:SDXUuts2n1xuwm7z5Z901yfkMY+BES09JXAnyrZalI+YQ:SDXPP3o9RsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422581416"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2221EE1-1890-11EF-917C-6A2211F10352} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

308 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

308 iexplore.exe
308 iexplore.exe
2168 IEXPLORE.EXE
2168 IEXPLORE.EXE
2168 IEXPLORE.EXE
2168 IEXPLORE.EXE

pid	process
308	iexplore.exe

pid	process
308	iexplore.exe
308	iexplore.exe
2168	IEXPLORE.EXE
2168	IEXPLORE.EXE
2168	IEXPLORE.EXE
2168	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 308 wrote to memory of 2168	308	iexplore.exe	IEXPLORE.EXE
PID 308 wrote to memory of 2168	308	iexplore.exe	IEXPLORE.EXE
PID 308 wrote to memory of 2168	308	iexplore.exe	IEXPLORE.EXE
PID 308 wrote to memory of 2168	308	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:308

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:308 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bec4ae01946121fa7324b8a5072e77bc

SHA1
46d63b60fc649583a339f20f40210ad61d46f792

SHA256
32f22718818f7682ed39f51fcaed2d1b731e11b88ec9832cfbf0419b0d9919e0

SHA512
4ffb5e7db92aa7ff0cbf023caff0f13eadad8f82201ecfa686f12fd3f572462f45a90ffde0d48274175c2cd5f2263374ccdec5bb8ad0c23b59ff3bd8b8f60b18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71fea211e051f4fb3a1cb67b143df067

SHA1
a8790f74cdf757d4c6d3e93cd2081a9b2ce5ca63

SHA256
961716d6ad4000053ca266dea320928ee040ade663e96a5b3a50284b1ea7db87

SHA512
614e30c77233f7232fd9194c00fdfdc591d77b511e7d0bd771fbfde30f25d88c156ca8dcbcec98f4c49541e256e429c82250f4835288744b4947b3616b36712a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22af8dc4a91391fb2299354119eb6966

SHA1
680cb61a39e04a4bc1e84d5c8fbba7643292b275

SHA256
4207662aee21676c867f8ad587b219009007b95a71b34d8006b674e0d7fd2518

SHA512
393b5c5ac07b72a8d3570dca70503398e95395a9efda3eb4ca8be96b3c860c6bb0a352e1061ca03fb5b6930e10ef7301be3c1b7c0746fe59fe1236dd6a683d3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17563823704ab5a26a855bc30c05a862

SHA1
456c89e62d4ffc6f1dd471952f9fead7ffa548af

SHA256
57d0adee4ea2e10dc95f6b56c664a625dce1dfb06a722dc0fa2af4bbad85ede6

SHA512
d5aa7a970ed4980931777dc10018a5e6c3e9fc896a0652828ff26a6aa6262d758bff338a2c971adec64ed2a2f8b9f57924bccfcb6b35caee53ec8ad5b4a19b6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1d992f0754865863250f1d9577d0146

SHA1
d17bfeea5e035d7a4da2d34e0afb7fb12c96e763

SHA256
c7f776139d0d95204a2ba038e6208b033abedc6a978d8af8d112b9afdcbeef96

SHA512
65c695c7214cd2dd53824b8611b745b4cc36e86e0e55a0463f277e862dc8eeb1877fdc0330d21aecc9a417d58857b9d974a263059b75a4f8cf2abe7b5d0948c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bd5a65fa59690ebdb39acab6e82c40c

SHA1
558bfb87e76413b933724b843b1cc13e5c24306d

SHA256
a7f8a89176f64eec7d17b9500da8cada029076e0cc35ce32511d0f84158c8f31

SHA512
fe02d26f6e15f6e38f3820d2b8b09fed2ba226dc6efbc0a0e3ce07e4cd368db7b103bfb1f825345753e6e409f39960fae6a37e4ab3fa342e530c7944c2d3b29e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e83febe28719472a6269aa3122b3c30a

SHA1
10ea8dc5fbf32f41c9d403c781e729f8e0180814

SHA256
b8ab458427d0024820aef728d569d6fc2921dd2b8b962210af8be375cf27b395

SHA512
fbcdc4bf06917b6db4658d30ede934c318b2fa8c6518a3e4f730a798722734ca73f8670b78ba8b7d815129e54b6ceb8695e706a0dd6695b5d5656e25b0593d3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5b1605192d54eef3c11003fc4ad9342

SHA1
3d48e5628ebd81d278731a5b6d6645ad8fbb0425

SHA256
426dc02c7c22846357527b7b519f060c39bd2fd6549e89d67fb2ca5e295a5502

SHA512
2ac4fc5cd79856f4588ade5845a0abb39c0c8e7833067b051295ca3b872762089b8c85c23f42e2fd4afb3d029133f7b6ab44de3ba51e7fb25332823feb4706e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e226ceea7f4f492d7d9d1fed08d3c83a

SHA1
80195499125c825cdba090311c14f0fb4f0e1426

SHA256
b93f8e7b79adb3c6fa6106896428b833a68ad7a64d91a57e2fa23fc787ef5cbe

SHA512
e3a01160d703ecd1b2518ce0d6935efdcb9280b3b95e6923cd6ba07911b5f9840d0802fbabc698356238f3115f1d3923e008a2566bc77e716988cc419ceb99e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f51cb25fc4cb35b790a8aa1b810438d5

SHA1
cd5ec5455a5ac4da94c6f245cbd1395be93eb24b

SHA256
5cf087538132387e0d5efd8b4c1ead6e01694dfd7b5deefcac93129164a5e0e1

SHA512
720d718a8699f8b4d1efc9758ea31a467be98e05b91f381a3a7b28e8ff97701ba2304178f36191ccf9d86bb2d3f77fe42310c4d8c8ebb0fa3723832381f406f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d79f03e2d1b8a5dd3482182a8d971deb

SHA1
2ce0b1a0f2f539d9eeb7040fb2eb2bfbf9cab772

SHA256
14d07313a1000c7e51dc588bb4eb64c171aac80f6695f8ee4e5ca6571e67f3fd

SHA512
5b738339793f861efd8e7521dace1bfc37a87b692dec20edaaef23d69dff84ea6936f989f3c075d1f6c4452e8318913e7fd4153a842087531002c06c60285b10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a93abfa251c32dfceedb84a8d48c4637

SHA1
e6a6d2687828ac87391d4f57a44d93729f8c58e1

SHA256
91b2c0c0383bdd0a8a867bcaed83aa091a15a6757f33de82356ad3ead3c2106c

SHA512
36111d0da90bc3b87457b7f5d7d8ee985a0d5ad408a8278ff33602c5f595b4c3cf7984014b182893c755b737872a5cd7d8dd2692c26e1834f1fa278a0ad86324

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e5519c775b11e0bd17c0ad26380928d

SHA1
c9c4c52fd303204aab68342f129f78cfb8f1ef24

SHA256
183d385225a87010fbba036cdaba9c623861f24979defeb6acea24574e2f9fec

SHA512
e3ddac8b696978ccbf855f5cd94fd5f28aa93ffd433dd4332f1580af7effaf4d90e05c9e994453b20706763546b1da43f117f03abc1791b5b59e9ac56de71c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f280d15ba20d05a6a8c43f85d5f84eb

SHA1
b547838ce2eaed6641e833a5cbc00fdd5a5ccd70

SHA256
4591a713b9f96a7a3d2d9c39909209aad1bafa0fa794743e03f359ad3a5055e7

SHA512
f3943cd28de52699801abe1094eca758dca7bc402103b6ebf83e61f994fe4b7e4d00a8f36be1ca5e61ff56809db4a7ce1d7dd05ea13799ce715c40eec7fe9d67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c4a48f6a2e7c22399028f9cfae0edb3

SHA1
468e3b2c09d0ad5c31381ba3b29b9a9c0862d9df

SHA256
116c282012ca5a82d47f97414f7afd168ae213f4e946439b9a29c370c8283a12

SHA512
00dc8aec9452a5f7513ff277c7de75c4f73818423cb45ef3b937ed05bbe13d79ed9df79ab396a44b5f2e18ec987cd2c77e20c9c5c10bc04e7a7d4820c36292db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9075681168412154340067fbb61ed6be

SHA1
67161faa590464907adffcd0267e5ec80c8766e7

SHA256
db3d6b6b94045e95a1600c3b8c7c922750f8f0a9654ec4d70466d02e755d25a4

SHA512
14d96e5767dc3e902efc5c12663659ece58ae5336ba04645c4cc16324604b60b66651b648199898ee6c5e77f36cc4633a953beee5b8ee573ae56e7d4af570121

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
806dedd1227a2885f066dbbb60d7dc83

SHA1
9876741e57ad3b676f3ae27943d4037880824aa0

SHA256
42b4d4fb8c3c45a1ea3c72f7cbe5876067ef6790d96e97a5785ead2de6c17322

SHA512
20a4a9179893af34a57efb9c950fb15bf44066ee956671a28f509b6e21aa2febe029883347d75084cb7f081654ca5977823333064ce3ad0528b83308f047bac8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81ca52dea1ab36ba75c4a3912e20c626

SHA1
a3cb254cf5414d92057ddad2bf5d64942fe2f548

SHA256
a80aa4c041ceeb127e203c54011e8dee3d8b7ec79456f6960714575f7b5c69f9

SHA512
e3f237158cfcb9a5b7e38626acb359e7048af5efb3779a0277f83a2ce624b66db867700b1a80aefe40ec1ffd618e804e38ce634aabb422c5c92c9a0b5fa11064

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9476f557844dfb97b5e4979357e72e0

SHA1
d23f611136804729f6e0c8926f64f3c31083a8a7

SHA256
87e0f08aba9e9a00d598420a1413e41ce11e556749477fcab33d44ba2636e3ab

SHA512
bf01b6164ef7da8a5d81b4916c401718449941803cb92178de56ad7a667a65fe45f157f9e1c6ff056058502bbb909b39c91ec0b5379037f381af1b5d8c087299

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1FD2.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2023.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit