dcb291c4c96fcacc7868f7b3f4fd304d8fea1b423df1fad4d88ff633d8f4c55c

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

1c3ce2277369d0350c88578ee89725c8
SHA1

31954f1196c7ed14acd545346e2fdc175623445a
SHA256

c3c7a81fad2f0009f05460024670b755192d890f53a5fdd47f6f4320781d7375
SHA512

90948a006ee2fce8670b67dacea28be342d01b44861f96544330a50a4a1756cb7d7f6a4d55e1bc4fcd50a7f81fd5a3517658c3a8ab7445139c2a8d5812ea9c4f
SSDEEP

3072:SWFP2nixNfiyfkMY+BES09JXAnyrZalI+YQ:SWWInsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422506847"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{238AF111-17E3-11EF-BC3A-56D57A935C49} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2004 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2004 iexplore.exe
2004 iexplore.exe
2968 IEXPLORE.EXE
2968 IEXPLORE.EXE
2968 IEXPLORE.EXE
2968 IEXPLORE.EXE

pid	process
2004	iexplore.exe

pid	process
2004	iexplore.exe
2004	iexplore.exe
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2004 wrote to memory of 2968	2004	iexplore.exe	IEXPLORE.EXE
PID 2004 wrote to memory of 2968	2004	iexplore.exe	IEXPLORE.EXE
PID 2004 wrote to memory of 2968	2004	iexplore.exe	IEXPLORE.EXE
PID 2004 wrote to memory of 2968	2004	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2968

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4c8ddff0a539188c0b7717b8993db805

SHA1
5f3e59c452969f05eb5f462f46d8a3d1c7a4fbf1

SHA256
f5270c9dc7406c2c89235d315ca8f884f8ea51d3811c3dec2b650d3b6f44ee02

SHA512
99e75789a796e1863cd5e4e0d65f7343ef80e31c180cba396497b4947c110c61672992bd51808ec7fe630fc608d838f63749a08a426f7f5fe52fbb80d7ecd35d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e068775134905dcaf344b646a7749339

SHA1
8c043575f59eb6629b13353659601d7ef20d544d

SHA256
2411b3e1cd41c833f6e5ac27990e93340ee661eed466afcc88feae1bf10324bb

SHA512
04918b06195e264d3f6e0bd12295dd82ecf509706dc4f61d2d3940a2ca0adfacd5ebb2ab6e352579d7d7978fc5acb9c50fc51e654192b9f4f2747d851745f623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d26f16065d65368d3985bc3c119eaea1

SHA1
2addd9a72123a20e1d5bda65d79b3991d978b867

SHA256
9b639c66b0cfb1fbbcfef057113b2a6836f1b918c0235c4633005e70d18dca6f

SHA512
c62e48baa83af084616e16ba25a47174b259521aa68e3c8bca55ada50661056a9a0d0b1457edc58abb1eb64d4ceadc42db5ef394e59b43a01730be71878798a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
27cb5360d8ebb71393cb8840e0106ac1

SHA1
48ab9d4126707737e6efd5887c6a9cf7d5089f5f

SHA256
ba1fda8bd4d7c43570dd0fd6cc016ff38da3020671a78edd27cad7f44f09f35d

SHA512
b8499b610b50a16f577debafb7d91b6fd1646564a1c9582d8c67158dbc90a1c56354162cf93cc3792a1fcd767f90106a1a920d711a22c7f56f29fc0c028a6059

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3bcb82b67b5e3450f3341697cdf1de87

SHA1
fe2512b7ed9515df6d36d095bdf1cd1d9301f6a9

SHA256
4dfe4438f6d3076e52d246aadc8244cd78db271aca1a9331fae05d67bf7f6abe

SHA512
678256be67a8c5604a0581f9906abfadb4cc39a02f9f402c830c888e6b2461e397011afe3006e0a997cd4076f6f7467e3ea24e17dcc3c42ba36cc3743132afa6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
641396ec7e212468421fdd69c97ac71c

SHA1
7ee85fc640f0f2b7206061e2de409b87133fea7c

SHA256
d29e8dc4b40b0a0b71ee7b36ae3ec1d5aefdacf47f6c674cf3e433f2267e81cd

SHA512
e75b35e8f19cfd5da58bcd96b0d7abb1de098ddc7a94be8b13306981716dd896c6b7fc3d25b499bd5c424cc36bdd5ee7d8c7ea683eae97e87936bad825c2a01c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1f5a2c115ef84f80b87168759f4cd955

SHA1
a9da704712bf35a4850583cbec81d6d6f98aaa85

SHA256
c46742c1c073fd6f95ab5f4e5df5b78afd85a94baa7a120f373201367d3a2506

SHA512
0b97f22e298b95d943b390c4d7b2264cdf5d3dc2033c1a6f788e670257ea390f9bbf9a664401fba2c84a201f76619e636eae548a26e0164fdceece0c11e5d40a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fb716ec730f546ac64cb4a39d42c8349

SHA1
a500d3b7fd9299795578cdb2354bcdde28f8209e

SHA256
04160b36766a652a03e668548158bb2f94c731e8aaae3660406b6573fda66540

SHA512
7fb2d6cbb129f6c572ee1012b970e5616c304926baebb86315779d2d06abe2179bc4dda468bab5cc0d67a441a3ed640b1a20dc8ab1c0c5146bd226a70c2566ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cf611adfeeb7ef468e282ca2e35e53bc

SHA1
37c598ecfc4ea1eee05c2607edabc207408b17c7

SHA256
dd087dd09ac678e3d01018f57962ff4c5770acb851d91e8360df408200e31c6f

SHA512
fcea325a7af26d881aa6b7a87a8c61b076b27f81333edc12947f040c50234cb48036cd8edf2ef80532254c4890f0993115788e05cc173c929b4817fc6007e8bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
29e441653d752fe604dd949a79743778

SHA1
b5199bf6903efcb38379040c0cd4a85152e45aca

SHA256
ced95ab198b6bbed0f8de6d2b884443ae21747a8c99f08fb7ef9dcb580c7ec2f

SHA512
8bbd7c0b7f8d9ea154c47759dfa408cf4b9a59c960a355da2e5cbc14176d1123447c0018fc9096dc3d2b4c81228290d93f5bb2069dd13432e827af699787080f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2c65c0f014adc91290b635f6e036da5a

SHA1
b1e97f4d12953074a4a9d078c9a316ffebc56a4f

SHA256
2184319db885d0c9149ccd831adb1b14e0aa49d7ce0f4033132b433e42ff5892

SHA512
fe5141c6783d5cdd010c4e50ced69b4d2f43987609e9a303df0308cd807c6c8c8c72df8166fb215168e459cd19281d8f4f3c74ff58ac732da022de3c3036f511

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
11c8c49a15d795dfa102a08a56d72301

SHA1
1dd37a9cb835cfef5479903b6ef46c7dd81ba33a

SHA256
0e3b012191d8af9a7b5961ca87de4390c4ec603449c47ce69ca419edfabc8a78

SHA512
947cda2e2bfc58a12eead65ce1718683a8ef917ac5d5104c085f520ade36b859c5e958c7962c727410a08f84f00a4fc1bbecd2e81cbd7e9a5ebc90c8fec71de6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9ee3f141072fdaa6fe1c092f30e202e6

SHA1
f3fd8dacf25f70c5a3baa2998c52c1771a37a5bb

SHA256
d5c58683ed14c2793ea81c82e0413699b22fd949ece6b8c7f89fb5c28a6c622c

SHA512
98d2e153c211712fdaa469820c4ec086302b49239e382f367418e478b0f49693f092a29b91abf008dbc1d391ef6ac74a05d95a109280aeb719458d974ff6e639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
191d8a0f63bd3d7fce257916896abc66

SHA1
60f66a37b70b84232c17baaa579688d02a18c9d3

SHA256
796075c7c11a012dc4024cbd714f8483fceaa9a08ccd1f43b3380db293225e8e

SHA512
3709ca32adb385052c8014d15c378dcff591cb073955ceafc98e8cf1631c1d84c74148132530c4639c0ee97b7c69164e94e345d0389ef835afaca34458da69f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c97cfc1c60c00767676219947651826b

SHA1
039e07a75187601b87c2b684a0f975806f1d99dc

SHA256
b722dc78f2a305ccbdc1e8a4f164e5d465e680455c85b3f4dd44c953a5d90762

SHA512
9a046c8e1d4a6b97f02c4ba40a6340a72b071ccd09585bff811ff66a3de0637bdb4fe52da65e65428c9b81efcc70fc7cabf5eaa45a146ea4787cc916b59bae69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fc8b0d06d166541b1c3f8b3cf9307b55

SHA1
af5aff5ae9eb606eb1b1b0a466301b702e2c65a2

SHA256
75351c75d6c8158c4a21957326cb8934b6c106a5e74b36c2c7bc7b5290469020

SHA512
917f0b34b080851f1dab780aedef02d3a8b34f4d5b71f3100683cd72b9a2d4d05055e79072b87cb1edbe0eada0f7f8daee3428d136ea69df0446a5040ac111eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4c73f12b4a37ada4fd375857faf45acc

SHA1
de43621ae2ee99e9921ef66f57ec2666828b9e20

SHA256
7f6482c900200f4fde14104ac25a0ba1e53410b67a9c613dc84185e377b8da02

SHA512
7b025627169e262413f30d497dd2725572f003b6ca26d126f900353b3424c4c2488c5241a01167be2698948dfa0ab8fad7dfedbca560ad291f7ea543baa556fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ed3fe0902c44cdb1b5179eaa9abc2b2d

SHA1
28753303eb571028dae86fa4851d7c3255fe56d9

SHA256
12b3d5f5c0c659aeb092ac4acf738f2bcf20b6747add6b9bd2a7f52501f4d8be

SHA512
48dc15af2516d9fb793c3b9147e10483523e8b7a127c08356dd2e94f59acde5c58c99e8e070c891e204f7a540402d38c0ddfdcd071bb90e7661dd5d281bebc54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4b6785d8a985e29b58f820b6dcb831c3

SHA1
222adac5c713d210f5639deb5b735f38c021a56e

SHA256
cb33d7e4af1f2c4bdfbc6cda24fdf4d3d78e788bc5bb654321dbcce4a7278a37

SHA512
7f0f76ec5da98711ac4746cdf406297dea3baf1376618b762eb64705f19e1210a382b5a0d01da774bff2b07b2b16adfdd9736c6fe43578dd25639b0133fdb99d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEF1.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFE2.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit