777945fc63ddc8f0ebcf8fc4fcfd322e5e7e5672717b4b008648733356f778ca

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

221KB
MD5

5e20529e62ec238ffcb3d7a2680e3a88
SHA1

46a64fcf56c06951af860c4a73baa599aa474d21
SHA256

e19b1b952305a7b4168afc3ad7c36d1009713aaa7c1a36d2687081c1cb1e0da9
SHA512

417a0ab8ccd163f13e0723a5d5dd9b3e268158fe7c4cbfa24f70d586bc54fb79376f95a3652b1007d148a0560b99131be91d018537200c866d68aff9997897f1
SSDEEP

3072:SptsOlFlUIpJqcyfkMY+BES09JXAnyrZalI+YQ:SptX2AksMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422505951"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0E19B161-17E1-11EF-81DB-4E87F544447C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2180 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2180 iexplore.exe
2180 iexplore.exe
3060 IEXPLORE.EXE
3060 IEXPLORE.EXE
3060 IEXPLORE.EXE
3060 IEXPLORE.EXE

pid	process
2180	iexplore.exe

pid	process
2180	iexplore.exe
2180	iexplore.exe
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2180 wrote to memory of 3060	2180	iexplore.exe	IEXPLORE.EXE
PID 2180 wrote to memory of 3060	2180	iexplore.exe	IEXPLORE.EXE
PID 2180 wrote to memory of 3060	2180	iexplore.exe	IEXPLORE.EXE
PID 2180 wrote to memory of 3060	2180	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3060

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6c08b72432a34d1b9c77c1b427820658

SHA1
62165ff0b827b652fa22fb31b50da54124e45b8b

SHA256
0d48082e3d9af1b3089bff7dee1be76f844fb21cbd37ae0446d6c9c1732df7ea

SHA512
a7c16e1db5d9761946c95267360aa4eebe862b081f32fbf741a57918243991c9c079b9a8fc89b09839f23c3ce8af1bc6e810db576407b365ae2ef217db39e23f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f8c52d20d587d212f9a3bc85a49ed2f1

SHA1
80d32f05c924dc700879dff8d8b685333f8782e0

SHA256
e3f6976b940921c02acc50f6ae8d97cea5e97447e20be8fb3f111bea5d2c52d6

SHA512
4e683ff7708f4336a9bf750bd4153b8744e2b05315ecd65ede00ef02f9ec183431cd1ad8d5f6cf481979b9fb179621c453fb6694070cdafce4aac682532d59c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1d311f6a8b5132d85e2a45d95f0f58a3

SHA1
9df91b2239d209d771b15c4d0221a9ca45472f3e

SHA256
3983c4e2de10afc806408a77e6876cb4faa696a024eb8394a8c0795b300ffbe7

SHA512
f3a4668f0429eb8bae49c1e813dea9e3484bb386f95884d34bc14b352aae759b5d9dd25427aa4926cc64c32e7766a1d099180b608b73edc7183f1138cb044aba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
92a2b14068ac9d1689bd85291c2518ab

SHA1
989a282d3b1e568b29a91df3f235b0d51d67e187

SHA256
7e08d795f00e3f29f7d77d1fd1efa0bade7abd37a3ac53589cc89faac4e11795

SHA512
2500f1abb387d3df72c8675f4557b07aa18f3dbf946e6c95093eef895ed059090a4b40fbc180a7485cb5e1cbf0896bfffb157afc01786494e134b24543f12bfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e90dff1409bed3a59766dc632a6f6d6d

SHA1
56a4a49468c0a0d3938d60e7e31610357d2d2d46

SHA256
12dc99f7eb71051c7434bf8af2072c5869461166eb416119f4d8db12991e60d1

SHA512
544178b505109c3f135fc726cf3962f441bb65aaef0a212163110d2d613a89cab3a9f004413949aa080d0bb826e488f5d3adc72c139502e3f7b1a482b070187b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b23dfda2d5d5f2630738d7796a920541

SHA1
c8ad80280f232bcdfce8251bdfa0ebf074615d3e

SHA256
689e83e586a6d73f36ffd9e27fa7828bc0de4734eec93c4aafe79fe5d214e149

SHA512
271e520161c6288eb59b9a750d95e5c430eb884fd002dc086ceec71267e29e823419facba6791b39a449af7c9aa6be8327313aba5a4f58aed73faebf07989614

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
42234dc53e6098a711ec71ad86909863

SHA1
e5868ab2a372156d283944b1fe67b6b842c0d318

SHA256
2a8285e3ba0e7c496d1848ab59871c2ceec9defffc7054d84ebf2b24845ce7af

SHA512
d2d05d8e89a4e1c4f7d9ef047e3a346860b8e67a3b688781135477999fdd2f4c109a13d96a04dabd36898b838daffe59230e63fb0bd64437504160951f05b25d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b7e9ee65b793ecf5fae4ee9a075483f4

SHA1
af99a0fab909cc3e38cdf35ec1afe543a1732997

SHA256
cbed79c5354c4febc078a0ac83e2dd1fab84c64c71aec2c050f31a65e9225b06

SHA512
3a86810a9878e03374aaf73a3c1c1bf93340a37f9bbd37e21c26f2d4aed13e136e7a5c2e0320372f26f71ef65b57d5e0c02f3b087ba7b04050e7cbf32883ca17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
18c51a2aaf86e90d077faee556d17eec

SHA1
5dc785b75b46bf12eb818faa695bb3b394305d9c

SHA256
96b71566f3c36176876faed29a34f5cba8019e7e3861c252140a1f98950a1f8c

SHA512
9fac56e5e6b7a61898ab24697d9be921a82f62b6f9886f1a2110d73f596aa9b391de0349b7d67b57e5b05f0df838e26adc4f429788b092994b793e4861dc1450

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c2e49aba29bf23d261c19dd07c58381b

SHA1
d95460f0fd74db1a3762135496868170416c9486

SHA256
92bd354bc1968fd19a6aa35532cdaeb2626b4d965681df5cd3dcc50250f83edf

SHA512
2c2800a1db0ef33ea13976cfcde80fe52344c6fdc54c8b6d63b56ec8d8b1fa56cc88c93af8c4d0901b5e6401c6b74e26dc662866fb11ab7e0b64f008acd10736

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ba9fb2eef45b7f6653342069d38b9cfc

SHA1
d547ffaa040cf9705ea22825f78e0536ec83cb6a

SHA256
1665aacd3887b8c2a030c86dc9ebebfc08c4c2a830b80a7f2919323fd157a989

SHA512
fc4d443faffbeeeac0b88ef36908aea40196dcbcf2dca93493f277c08983adc0161e8ad077321e05d2204b9a7d5b2894bed1bf5fc18b90d120f0f3ed4a76d0ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
59a33e8c3f8d1cdacf19a208e25cacd0

SHA1
8de9787e4308f76ea59846b6ace1b518d299ce3a

SHA256
a045afaf532a723644d8e7c284a28fcfe5a71065dd9724d3b7feecb06e16e2d9

SHA512
25b0044cbaf11d65df3288213e30326a813417fac870ad090f6c9467a7dca76ad0b2b53de605d05f2035efc829e86d3d2307e6c91bc74ec3458d00d8a5846130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ac530f6375e7c1a48cd27c605d0e6886

SHA1
3956c3213a336c6d1291a7040037f12f73b1553b

SHA256
7628d014f973821d3bfe8fae29181b0b7cb399abb0015d99241d4f2a7ebdbc90

SHA512
55247f5b126f300d4dc78b73130dabfd8b3670bfdace055729cede46117c7841dcfa18b71d69a6fe317476ea31a543f5f733173a7e7cef682482da209c0da50d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9d1268afe05b8f3c919bce4d7e631393

SHA1
2db78e4c6472a00b8e8be9034bdc7d503b14a8a4

SHA256
3fb4771f8c5466ee3062fd7945b335177bd02b0f56f27d876f10f0e6ebd14d0e

SHA512
c17c831652f0e08cff5df02446c0f7d1f2f3edfc2b78187ab415fc394d6607a9a8cf69848679bbfd0aace9120e7039f7f5425068d73ece90fed86c37a650dd8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
858a395b44ab40cce5694480b5d04a4c

SHA1
e7bdec368e81fb42ceee1ffb622c620409f34ac5

SHA256
8e9358504f0e9e76e46060ee09dbbf56f2d20bbf12f6ef8ca8ff505af2519847

SHA512
cf0881c673e250ac43cdf66e362ea66dbfe4f877f54494cc7fcf8675e07df4046d339f92379eeae9418dd7894eba1074040c9164e1645a74427959e43e57fc28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9c7381da73f77ffc5a4d1ae847fe5793

SHA1
9a5d23569abd552f59025d574e34f8c54fb068cb

SHA256
7a53d486c3f1e257564871199d4a3c57030af553bcb1c73647eabc7f21e4d19e

SHA512
f5348b7df0312c329045600ca1494132d16e197093067af110cb6042b021b3ddaf7bf31d7dc99f75b3b0e30ec4909bbc3864d75989f2c117360cfb0300a63630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
83ce4d1dcbdde3749a268a804f8b6415

SHA1
af070c935bc4daff6cc9d27db287684b5721ea7b

SHA256
2b58cd05761a305dbc5c634e0a6803b42ded7745667d1b504f55288adf76a857

SHA512
0da5f4db9e88f25b1136cecbeeb473ccd513c3404f85c596f0db906bc14f92be029c98b13f0b435773f4bb437d4df76a8dd91d1e5cbbec1f5249eb6a97192982

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a18205adbde68ed80a390cdc39be3d64

SHA1
3401e16011d8be10a27f29ac12892f06a35ab02d

SHA256
ed1bd7d4d3a5a1d8d60c41e435135d1ac8670ce63ea4e301d45b6c2178dd7f3f

SHA512
14123514383df4510b2c49f31091af7bc15bac407e8d38674045bba3b2e874774cfa21bfdb0a744dacf160b69208db620ff18b5f3cc60da2b445cbc930bac71f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1822.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1885.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit