2ad82ce1b4063e76e51302f9e65a485d7d9ab04a82e16048edbfe5ec61da0ef4

Analysis

max time kernel
136s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

172f3fd296607349ea0179d67840598e
SHA1

949d0fc399ab842b9a7efd32eb101d94b9f7cb7f
SHA256

d6598201b34c5ad035b0ba44f04cbf412f7c9331638b0a82160bb813066fbd8a
SHA512

d43c46684ab643754f5f839a4440bd6dd4dddeeb0006b6be0413b7e3c578b292dd4272f153bfb98cd93527f64fc83abf11b39661c9893f7ae6a64f14bf2b6a4b
SSDEEP

3072:SADAl48/yYzYonyfkMY+BES09JXAnyrZalI+YQ:SADCXysMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422502739"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{919DB2A1-17D9-11EF-BCB4-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1340 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1340 iexplore.exe
1340 iexplore.exe
2568 IEXPLORE.EXE
2568 IEXPLORE.EXE
2568 IEXPLORE.EXE
2568 IEXPLORE.EXE

pid	process
1340	iexplore.exe

pid	process
1340	iexplore.exe
1340	iexplore.exe
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1340 wrote to memory of 2568	1340	iexplore.exe	IEXPLORE.EXE
PID 1340 wrote to memory of 2568	1340	iexplore.exe	IEXPLORE.EXE
PID 1340 wrote to memory of 2568	1340	iexplore.exe	IEXPLORE.EXE
PID 1340 wrote to memory of 2568	1340	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1340

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1340 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f99e90b189bfb576d100d6dac5beeaaa

SHA1
7c4bb99c6d5cdc8d37cfcb428782d21e4ce9a4f8

SHA256
b0111d6ab0eab0081df404a2cd98308867508cbada28e4d2249dda2f2a776871

SHA512
30b966d16bb514a82e09f847aed76215b6494f6d7eac800b496a87521f9912efe53270b7fd75b7eae32bcce5dc69ef69a61295d410e78a524af01d46afe2b2e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31dc46d33b54fe7f08a1a335ce3f2f0b

SHA1
1515d670c5f59292f6db99c0c972ea8371050fdb

SHA256
160b1bd2de7859838facd3d300ec64406603deacb2b5d83bdba085cb9886cadc

SHA512
245b6c489a758eee8588a9854cf7e6cdf18e2a6325c19fcfe7f4743fc71ffccec811d1c918b345211c42f7c56ea44942ae15da9f424d1fa3eeb45a452860a612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b02e8525b28dd0dacbfcb5d10d3bfbb7

SHA1
2e1a9629516710d872d3049a62cd8112ba96f8c7

SHA256
339db65ce2460c39b77d0b47fac4da8248eef5fb11af4861b9d78297b32946cc

SHA512
c2bacd820f3a79a9bbe0af16e37a8208d4ecc6220e34b87a37a68837460091382c3f4813ba9c94314606c8d0973fe74e9b429fa11f6622cab3f01eff19447eba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86088be643bdf29f4c53e03a3215d5f0

SHA1
669787db6673f5ce00af45ef51b1072ab8b25e8b

SHA256
8ba9e08b93a160b1853b60d72b6eed7e4e920392b0ccaeaca54a1faa2cbf0870

SHA512
ef6888cc0be4e4c035e64e08beb6dacbe7b7ab956dcbf81a01c87ca698ef8c93f347d4e40026811c90408994b8c980721957c22b75e00697367dc38cbf003cfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f916e2ad2482c73335896113d30441f1

SHA1
58d8933fba2599fdc8190331458e5da439d3394b

SHA256
6cd878675dc8fffcaa6b75b38073c63c62f3f1fa01105e90fd9317044d987576

SHA512
a7c3abac6de65429fae3128e3cbfe92a63502f25b443e3aebd29689c5e5f0b1a9d333cda74a8b553b0b7bf695a1f6812d7681d2436467524781b32d4563a7d4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c562006421208657b55f277280114c73

SHA1
5c0effd8c0dada4dd625764668f16ad7ff196b97

SHA256
add8c0dd429367b2b43de6801d552b7bc214487a705a525b68b176b2a5904da6

SHA512
a1926456a5ca9785eb4ba7679b0bd1cfbe460bc0bde0d60445f8210b3d50d137321b4d30244b20c391357e4f65897b8c10b2ab58d130f25aa9e60d936db83d7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33f612ba89e6d95d8003dcdbef313dc5

SHA1
485130e6d40e0d36a266b4f5a3ca46f8a3dcf56f

SHA256
d6c7fea01fae792b12463b0a43c376fca6764523109d8606c03548cc230361fb

SHA512
baa40aaa7a03e7245366e289598acc7ad7f7472f84b7d60e059e84de4f2605e8d8ad3ef0472dfa593120df042f2bc1b24266283d586342420b569f22e0dcd3bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9777d874fd905feb6b3e150e70957ab5

SHA1
eb871e942fc3b084601c55a2bee62be6b81e4ece

SHA256
1561a3b1f368926483583e7d2f1fb6ddb575f3a6db3fcc9731e46f9dbe8d1d66

SHA512
ebbe86fba7f99afa8cf90b753fbf18fd8f0063b5a47568b1c1509e9074a4d25c03028d07f783de1e4420751b0e1aaeabdc5b095142d17bef5ae3aeeccc68151f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7f1bba2c17f5b75cec1d86174587141

SHA1
49a8e443cea63bfec4a88e4fc5ec9bc9319ec984

SHA256
5ed743443329ca436384cf1f818a2051533aca5f8e4c348b278f8b14f6a462fa

SHA512
63761dac4d72f3d964755ea26924d98508b3e69bafce97340b1130376ad728b764d15d10ab59cbb04923638a3a7bb149450e497a061c80d043c976932b3a3999

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10c3df6dcd3469518fb8c6a40a0e56ec

SHA1
ab7d74f9c30286f27414f4e47ab0215c1c32a63c

SHA256
9c73ec9faa602b6a90299052c18c4d71f5ffc14376cfc750c5ded38f8c5ade98

SHA512
20c3c3cee630fbb1bfa5965e96f1ad50e0742665e205bcfff7de5e1a8bd67c411ae8dab5ed1a2c7f8272b9e9680bc6d06e4f9d2529016109742683a4edace9fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f07954abb541adf2a690d68f9dee62c

SHA1
b359b4576ddeaaf3e8e1632ce1524d449a2096fd

SHA256
6289de529c49a2d838fdccdda07bd62f3c6479200657e116985d0275675be44c

SHA512
e52cf50c2483d93a3c95e39755527e9195ec834ec1768c6613470cc5fabfa23c8b5dff7b17549d6e8799fc6380b8cf87103cd8b7423fa84a985a9e4c3cf6ee3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76093280981f9ab3b70196318132eeb8

SHA1
545796161f3a9fb1bbeaf3c701ab8a3bf5ec1938

SHA256
64d2d2e7d6529860b9dd5eec75a4cce19ed1789e6468503f8b7632b7b962747a

SHA512
9c7bd0f52ca5ea009bcc6fd79cb53453f39fb054f58e97fd77a5e6956e76e058f0e7dcaeddcd179706ea2942bc410c8bc1b91a9c9eaef7b5607ec19bc5e9fc22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fddcc15045134864dee5839d2ce5212

SHA1
d3fd8a4241001c44247d564151ec7fefecbc4b06

SHA256
4cc351bad88640c789741449acc8b8cc31f75bc78e6bf000b9b3e41a4748d4dd

SHA512
c627294d58659015574d4bc9f7e163d91ec9a193477dbd24df314a1141a2dbda9e824147173e9f75a6e0a99ab2a5f2ea0dab22aa2a43e8e14e368775d1189509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7402ff97c95786d6226e6ce693d67be

SHA1
6f909b111a838b0bd567dc1b8584a90268b3e7e4

SHA256
28be1dcd64c6872a73c8931d436ef014a0b03d781c0b51179f5597b23fc95b5e

SHA512
06f9baa87c0876e0bc3f955d3acd3b1250ecf242650beaacfb4654ea1a17619358a11cd848686f8c7de603e098954049683632aff71cdb629b501c830f816617

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab89B9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8A88.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8ABC.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit