b865e8f7336d2fc1c2767dec526d42a5ab235172ec90da82c3dccd447a92ffe6

Analysis

max time kernel
133s
max time network
135s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

400b218c1d20a7aabec065bac99da31b
SHA1

87111e71689805e93656f1433014f3598561bcd7
SHA256

9d6a147d24bebe76a7f8227f95bc5acca60409d7d8a62ecdb4d461bd07cb0e40
SHA512

1422e03f52df71758d211ecb5670231e3f4074179de6d692fb3a9ab1a6b81d668a615ad17d72b2feef928660a1f3bdb09403667b4316238668f3d5c3b75c1f62
SSDEEP

3072:SiI4MZXcTalnyfkMY+BES09JXAnyrZalI+YQ:SiI5ysMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422502464"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EFA96E81-17D8-11EF-84C7-4637C9E50E53} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1920 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1920 iexplore.exe
1920 iexplore.exe
1752 IEXPLORE.EXE
1752 IEXPLORE.EXE
1752 IEXPLORE.EXE
1752 IEXPLORE.EXE

pid	process
1920	iexplore.exe

pid	process
1920	iexplore.exe
1920	iexplore.exe
1752	IEXPLORE.EXE
1752	IEXPLORE.EXE
1752	IEXPLORE.EXE
1752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1920 wrote to memory of 1752	1920	iexplore.exe	IEXPLORE.EXE
PID 1920 wrote to memory of 1752	1920	iexplore.exe	IEXPLORE.EXE
PID 1920 wrote to memory of 1752	1920	iexplore.exe	IEXPLORE.EXE
PID 1920 wrote to memory of 1752	1920	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1920

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
530a6d1126ebb2ea2ef1f46ded403295

SHA1
1a7b760a3146c2858a7650dd8886dfec98522db1

SHA256
17247b8fa94a63e5e255a4980758693325545e49f78415d01a0a49089fd2e374

SHA512
8ad0eb685b3cbc66277ddb2a30be02d7943f2ab33e6d0516c17a436d6a9ecfd105efc92d3af18e820e4c6c042dc3f5415b43acab18c468cbbba9da3138f9c861

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7d5bc65cb391987484cb3d5dc95abfd

SHA1
a84cebdd2a87d669ba04f58208791c808a8ab84f

SHA256
903fa29c4d57d514d3c01d4bc69234e933c07c2333defcac574880250c9caf5f

SHA512
5c1bdad7cb957fa6ee61ee9a796de5aca84c542f0971ecb1ebccfc6ab02bcc427bafd3195bfababb9d65857a72ed93bda98d6b9fb878e92819fd394837e45ff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54b0e3ab00fc1161961a7fa8b83269ba

SHA1
8ea64dedad47d92a01711f6e4a8ae07d18718920

SHA256
a9837b5773f7bd62b6d6d2a29ebc8f7f6b9a2f945983111a4d09573a94a35a58

SHA512
3cfc0449d5890f2c3b68686099a005a209f2c17724b7c5fdf7d943db4afe9a4c4c8f57dfb2e4ff1a3619bd2856cd908676390d7a7b57b62e32394b741c836250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
710d086a2e57acf2bf14a742e47f440a

SHA1
000e379221d5adbce07579e0e2f62c13f8ccb9e8

SHA256
5bfb1a35415a12a2770ad56b46b6e33b8cbd671e07f0e34c96798bce333a6873

SHA512
9bf6c864934ff3a5c8782e2be1fe0323f743bde3d7153779a2b26c1a4faf3f00bb5481ffe6893ea40ae3ac2b91ca17598e36697205cb98146ca247f78b8ad798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c728c8308f2e9ee95c45fd5887bb76c

SHA1
901dbfa55041263be19900605aabcdece3496933

SHA256
001338079bc872bd408da159c4f4cdc3f01fa4abb356213498076aa2d9d0940e

SHA512
39ccb98f9d5fbc5626e02f081461d80c7ef139f1f5e55df0048b0b8091392357648220956817bb50050c4198a4a6f01b77e6c7fd81542a5e49bffd3de8e64465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd9c908f5f186abcf8007b6c1d5d8b8e

SHA1
4905e7b33f9939526d4aa5421eeaa1e83a1c7b0f

SHA256
466c6662f3445f1728163e1c3098c9cfddcdf1dcb7ba87d2783dba4e9d99c262

SHA512
640563f24c41ac98e92323efc50d1761c33df33510b18aec1ab061e4f489a33c8d2cd8ecc7a3f97b2348d4a5944518ba5ae2c3adba6317d2eaa0b96b50714570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4b604c1ccdd3b7c09cc32ecccc014f8

SHA1
fce42038f457bca34195e1694dee51374b937ace

SHA256
b71a9d74e5b84f0fc9a1546c9c7e38400d40a66a9ccf7933b50c371503edfc13

SHA512
d4b50d6a864c2b5748d0a4c36c7313201d796fc15dcbbff5c35d6403a1c36abd05181539c15a1ebcda6483b190d7fdce5ac9a43c95418fb41c10252c626d480a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
904cd61ecd679d76d3e7a6de5f9eb689

SHA1
2e0f61642d9bc1fd8c06bf252d6ed0defb24b739

SHA256
471df96918806ae308e5a48639c55919b2a94869d4ec1dc6493459da49c34a8f

SHA512
309afbca5a500d9e361ba60ed07c51ff2b285d036584c6efb06c4b9a263d0c44d4ba5d0235e80bbf32d4cbe7cf166b983b954f005f101aaa3f235339150be9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0dc5db368ce16714b80e8e364d4d40d0

SHA1
97641fb301d92258fe453ec03091b12afa6a97cc

SHA256
82fd4c4821a3abf8bcf3d31b8d7fff16e8edd1e1d94f249b0c299fac0426322d

SHA512
51463281a05ccffa9da0f338fa14793d6d7a814ca7cb9eb0c69644802fe60f715fbf5e94f59581b6d2717463c7f4bc3a85db5e49c87ecdff08bd6b61dadcbc6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e86420ce884e8ed2bc50fe2207c770aa

SHA1
f0445dfdab5324acf930a2d8aae3e83cee02d218

SHA256
bfd7c767b9dd75fc376a16a63d0823aa5e38d67cee915b589722d4b376a32242

SHA512
c2b8c8c4772c66c27ee4a08564cb718de466bb5f23ed37580011e1c3f86aab89f7d72457734eee7b178f61a61e012b4a9fc0962b480831b495cfb7aa7d985163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cbc0f1fc057cdc537ce92f846a1d4c0

SHA1
cb4e4b1033b61f47768349cc9ae12c3a03157247

SHA256
9942245dce31e85c88c4369ca62829511d2bcb65aa0b9d46e420691bb8d5fd06

SHA512
b1c53672e1bc17d9c03cfc9cac3fd4343776d6e58ff61aaa3e777383956560928ceeb8d3022ea763fc3ca903f1cd6942e72233874375b35b1f3a9f2ef0c4d331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5304398eeb3956db5542bf0196367249

SHA1
105f0c096d9bb78a24ccd06d146c321380c71fc1

SHA256
c3f80606fa887ffae4d2411b444ed6e5a6f60cd5b35b8e812de30548ec3cebf5

SHA512
13c2a25b05358bb1242aca48c2d11d1ef80b1e789c94f0eb1054523f7b79d7230ff4be049b9c3e0bc4cfa55f8446dc89bd31d279a2f355d510a2dce9e4182a20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5883b338ea0f0031bbc4ffb1341ffab6

SHA1
dccb33bb828f25fbec24ad4f1ef80c17f0336e96

SHA256
cee9f1bafe01ffafba55dd97033d678c11a1da8838e26a00b346bfefe8b6829a

SHA512
1ec3620e7f629be12e9e3e5afb0a8d81557cfdd597d16797149206f75936cf315fc9f66cffddd4ca6c03d46c559276f2e23028ac2b6d8cfdcca4f349a3e6648a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0727d4e1813a305716fa803c86f8ca83

SHA1
1694863bf228ce654b9d322c957ad40e1943d374

SHA256
280cd652cc3a507fd910e1a4dc4f33dad11fde7726ff8c6fccd257ea6f781513

SHA512
42a25b0a82b4bbbf26edac7f50a9132408ac4582216661a6f69fa391df5f87dbaf0abe0f2ee7096f5efa0cf6af4ac50bbfeab386e71d48cec8c9cc0be0b66ac0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f10f9121b93f25ed00a74c7e7ee812d

SHA1
d4e72163e54cc2e36c39d0c2927aebf926b5e821

SHA256
1170ebc6c6f923924d7774cac8eadceafc8129fee93c28dcdd038aff044eb87e

SHA512
5fe1d7e2738086d2232c10f1395eb97401bf050cfa4edbbd92436d5f510264abcc1604ebe679786bea42ccd5f95391c52d85bfb961aac16f14cf7f4ce494126f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62798f44c021fd7533e7fbba8bf7175b

SHA1
dbedcf5909381577172b6dc12a2849acd3e6052d

SHA256
a229c8c176a3afea4dccba2e8acb646f03c51e8496d9b2cf995404046488c1fb

SHA512
88846956a00b997a02314af43f3d6361bbcd69fe640936a47a2d78e35fa5d2411185fbbfd83d450a9f70d6059d968cf455828b3b21b7e7a9a4e119909d86d629

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ef15dd5f82004aebf8704519355d5f5

SHA1
cd2d4d9e1ca5cbce209ff6e8e308b7800984cb91

SHA256
49012a2f02e20de26f56069184f5d34ff36da6badd3fe23403259e8c913db055

SHA512
e23fd2237f8f810ba61ed71a8c2e699aff134ae54738c7d0dbcb4d88631abc26e7ec515e6f88474dea8efc8b169cf0be99f72dba5755ccdfdf9d33a3db18b833

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19c25d0ae070f3407dc928a7c415308f

SHA1
6201ebfebbbd2ebab9eff70fd2670730432f766c

SHA256
dcf1707af7a6cd7bcf66bed96f77a77339efd5b8410de1e4c1d9763d6feb04f2

SHA512
9e809c13d46a4dfe1d9ae28ba917321309d55f5e0924b3028fd32fe5fc35211294114ebc24d31f87c3eacade7d164c42169bd22dbf4b28a7e62b548383292e4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03ef519b071db5b6b4ac52c52567bb0d

SHA1
cbaa60af17d4e23b99eae627845baecbbbfb8716

SHA256
f707c69face765ef4ecad7329c3a06c190ab22e3ef0d013ac179798b755032b3

SHA512
2c596bfad7204aea6d7f1b1701352eb36a4ecf2afdcb83d1e7bfb5b9528fe2cfb51b187f7ffb840ad6f09e89ef4b74905a8433216c1557649211118dfa489619

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE14.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE88.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit