44b5698a6e93f18a4088cf31d695b0da46659b5136fb84232a8836f2592dc5a6

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

54313ae83ca857915788d9ed002a9a05
SHA1

601aa811ced61c69d48b10829aed2ac043922563
SHA256

d3f7979492b9068d8f8019f4fdb0df185bdbda06d64c21da1c831da75957846e
SHA512

3b28e02c891b8c956eab068e33b95d2bb66cb7f13a0594e4a128a80a943e6731d001c7a54dbf219258f76ecfca036b961273c8e89b1e0444d55d29df47055c10
SSDEEP

3072:SRUNb+ftJO8SByfkMY+BES09JXAnyrZalI+YQ:SRxffMEsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9C60831-1895-11EF-9891-EEF45767FDFF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583630"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2080 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2080 iexplore.exe
2080 iexplore.exe
2884 IEXPLORE.EXE
2884 IEXPLORE.EXE
2884 IEXPLORE.EXE
2884 IEXPLORE.EXE

pid	process
2080	iexplore.exe

pid	process
2080	iexplore.exe
2080	iexplore.exe
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2080 wrote to memory of 2884	2080	iexplore.exe	IEXPLORE.EXE
PID 2080 wrote to memory of 2884	2080	iexplore.exe	IEXPLORE.EXE
PID 2080 wrote to memory of 2884	2080	iexplore.exe	IEXPLORE.EXE
PID 2080 wrote to memory of 2884	2080	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d24b3acb2db4ec3af11820899902a4e8

SHA1
e6d5c006bd59d9bc9b358e9071dc9030cfeac730

SHA256
729d71c92e5c0b15ab763e38a017a2779b7febdce6cb29480b5464c51d7577c5

SHA512
a74e4931fa00d355180a6b4310cb31da38a1586fa917d622774d49736dddd68e5d768cef4c6c8f05a2fba7300bb72c0c1ff2f08136673557f9a20a2ff9a1f182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f19be8117c77baaa08a96f8c7bc57847

SHA1
445e3f994a9044d713e9a71856220bdab8944f16

SHA256
2fed89fee271cccdbb8922b0f4b3ae669682b044a39750ace4a99448abbb5c7c

SHA512
e42742d2d0c039ac470389c528e80fb3f15602f93f05d3cdbaf6af4272e5d27766e2985f986cec6856fc3982b13592df0fa614fb8d752ab29d80b34c070b1ce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
deb7b80a874ccf1113532c02ef2c4c39

SHA1
b127d376346c39f4ad30572f01ddfc41e13ff08a

SHA256
11b87ede50375159ba3efcea6385a179280fa408c7bf6e918bc114f2df612c7f

SHA512
457ae9c0d3d65ccb375f5f71fc051cd5f230048dd9519d1965129b494ccb840674683072590e9d60b82b5598b544e66a01deae7d1fffc2d143a4015363a7397d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbd0a2bc3b73cf453c8a248a4ecf32fc

SHA1
dd8f299fdaa662a6bb83c59b97fae0d8e367dcc2

SHA256
e9d113c037267f902a78b464a15783d21787b8b7d482f5ed491bf2941302b906

SHA512
f6717255b4af9beb57c7553b356f588e14658c8a0ea30b9cba800a7f197bc759a10d6d85d0fddba345b2211cec43fefe4ba73cb6900d714bb6a99e72a452c436

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bb98f07024439a5ab2a974fe67319f8

SHA1
975fab0b0d9a7c01aea389c5a85ef6490cf9cf4b

SHA256
a22271b45efeef7d185b834510cfd2d4db891f065e08d6e465b411ada4bef0df

SHA512
716a4a5c16c328d2233f852643273b8b35e50a2ea3252a5254b4a9afe280dcf2cfdab176a298688fab00ed164f24c318c8590df30db08b8f86de278c4d8ea241

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef9f1461f9c1a454e5128d37810ca171

SHA1
ad97d22997ce3d020262ce1ef962289d58159d22

SHA256
9699cb6f96bff0baf903cdc85891a14b3fec326ed5c31712c2078c6b0ca54c8d

SHA512
e12b435d5df98e4e5363e6430475824b55330170a0cd3f7dca06346bf9c69220ac03f59b3f158965db4aaf6f460b07cd797a8ab14cf3df5278a84479c1132514

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faf6c419af4055818088ad4f94a0220a

SHA1
cd0d9723dd411783990b87316082cf53820e0c42

SHA256
a7367752a612ad9c6e52e5c84b1f55abe652a712e908269d8f1c94f1bed3ae6a

SHA512
5d1963deddcedffc3d3fe19349ced5064edfc34188b8f321d037f16ce91982591e79170ea5d8d2b36498fba130acb31b781b59c61300b7b6d8cb9430de482cfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43498cc8784ccc16e301bcce85f0f534

SHA1
b1e95e7522a1e8d8b8622a8eeda791ba2f5179fa

SHA256
508456285a1b3d989add5b1828bb0dec5e188e43c5224e5d8153a88ab5007261

SHA512
6273a6375cf5de13e03b9ba26378e19be558954590de204f22bc366ad01af31d2e19445786c7da11e2b6235bb09513ffff2db6be81d6baa59528061b7b8b6e43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35bc4ec521e686d8c61ace8e3c466376

SHA1
817aad72ba136928e2d8fd639dd732128b6caed2

SHA256
fdc626b596d38161d5127e6270a7ca579257eefa13ccf581d38044d357c542e7

SHA512
2a40dababbb36fce4ed8a93492e86db73c3a157da6f0a78ff4e445f569805f4f61613cc41685090e610dfa75cb5881c65b9969e2addabe24a6d5625316fe94fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
157f184db2e5a7442bacbd0d97c0b34e

SHA1
6be6290785aa449129e632cca6d8d90c8b90fa0c

SHA256
476faa60e700a0f4c83bdee00f1364d2b2db2764d166feabbe39582308670c33

SHA512
51c047da2d4d3d0aac17e171d8a5bc0d724a67216c5089723f09703acf852f67422c5bbdd3884d64d9c681f4e6a801d7af123f37ba163f01efa9093c9dd1f0ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e41a601b4a082cc54f64dab6dd955011

SHA1
b001e0e286b2f12f02ade7500372029f15887cf5

SHA256
cf81f27d3a79f4874d4e6b6a9c0e592d8f3bc9dbdfb14ce1cb851c5fc26094cd

SHA512
98637b19b5df85988e0c585c143722681947fd66e8cca4f3f82f09c9ff17160c64398b1427979217d93b38e2ddf59b7e5df834f1a3ab40b287b4cb8575d7c77b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d771316c24bb2044521c3184c357112

SHA1
c81566579fc8a861559c1be583559f1c7d3f72a1

SHA256
bead45e56b96c531aa649ef181c9d89aba1a057a38b2eba672b9be99e53c5dd3

SHA512
b7868a6af20b4ec7fa3becbc355b43b3d04412d5ccc601086b6558d89b8f769569c6e8fbd0de3c5934a8b690558185e9163816ef44ebd935932b8f0f912772bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fb545103137fe1784a637bf934f8c6d

SHA1
04d4c931da969c69115496acaaad1b6a3ba055f6

SHA256
435292030b1007d1d1aab99d17a9e134b885703541f4f77d91f58d99a85bf199

SHA512
8623ca9beab40c3dba2f134ec87309a6693dd88728175563da35e62b095f9b67e8a323148574dfe95a3b023f4ec554a82e3e0970e8367e72c190513c86bf742e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16c2b292d25bb1a4185890b5a55c2d50

SHA1
52f24e07d23a553f4dac09fff87219d588625ca7

SHA256
4378704f0666f06eb55820e95b494af63834224c77e42b5e361f994578936497

SHA512
1411c8749794febd63190ab80eeb2a8c2d5340bb1af605938607937c7f101ce688ae7c5fde1797e8e139c60eb7ae929d290a6548967dbee58159605622e7dd23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97ecccc1b83d20b2710f3016c773d8c7

SHA1
b44d111d5658ca180daaf23428f83239ad76595d

SHA256
df3ebc060b74248721f9195f1eaa96f659000f09d92715e4e2480f43e7a349b4

SHA512
ff82a08f18980235e51f3c1044779f206a293f8ad4fab01f9675fc5093f34dd63036a0d653250af851af5c6a0b64e290aa597c09f0b34c84e33793edc1dcbb5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
077ef381f9b31c0c0507d1ef8a371ced

SHA1
ada7bf805971911f37370404ec66a7a08e1dac00

SHA256
3cad3a114d91ef9a94dd3f9cf780b20728f232e510071e72624fca4ba242d6f7

SHA512
6156934e441d38540c7bbd2503f4a8b90bde0c68e60f83204835e745de9d01d50ebed837b1bb9f1a9b24d5318f10f6aa0fd6318ae8bee2f3877e5cdcdfeab93d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77ed59804b0be1b6b4064f0fb6c5a81d

SHA1
dd75db0417e62cf9882ee599fa651de8526ca395

SHA256
746a6758849423ef7069af4c4cd557ea26e48a9c13e0325f9fb6c23c1286338c

SHA512
0dc2c49df1ead1c67da334375a5645983b0574048cd93cc9493d779e6f54c22ace746421554953dd297c0e355bf6a978d3dd9c1044ed0dae811c5f730041f536

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fd386b588eb160d52ca491a57db247a

SHA1
a1027829f62e93ca65ed5dee8e49b77fbccd4204

SHA256
7889b216bd5ee20981dc81cecb738a7c1518cd90e7c83d8590ddb56d60472b4a

SHA512
39715a1481b87ea106e054d3d073db13ac4d4f09b1366f0b75ae001039b88009d30ed210ad609df803b05d6732fae6afc602eea190aec3dfe1a1a3f467813d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab24B2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25B3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit