0b06a1bffc49c73110fedead00c992cd5f9339cb1744bd071ad6f62b0eebe3dd

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

d433594e6d2b2f1886f2d8d1ac7e34e9
SHA1

e8a0b8a4536edb675775cc8441cc7af67f3dfcbd
SHA256

a8fafc38a80cf3c9ee39ba1c024021ce86252b6c1658cc8f4741871d66c6170c
SHA512

0a202eb5eec94c24711293ddae8ad196c3c6eb68972e411dff978d98c1e3f205d5c666e6dc9a4785c85b36b4e333134f4ce2a58c5c1cdf0a0624eae5dccdb0ab
SSDEEP

3072:SPG0e2KkSsxByfkMY+BES09JXAnyrZalI+YQ:SPtr/EsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8503EFF1-17E8-11EF-9DC0-D20227E6D795} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422509158"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1888 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1888 iexplore.exe
1888 iexplore.exe
2380 IEXPLORE.EXE
2380 IEXPLORE.EXE
2380 IEXPLORE.EXE
2380 IEXPLORE.EXE

pid	process
1888	iexplore.exe

pid	process
1888	iexplore.exe
1888	iexplore.exe
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1888 wrote to memory of 2380	1888	iexplore.exe	IEXPLORE.EXE
PID 1888 wrote to memory of 2380	1888	iexplore.exe	IEXPLORE.EXE
PID 1888 wrote to memory of 2380	1888	iexplore.exe	IEXPLORE.EXE
PID 1888 wrote to memory of 2380	1888	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1888

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4bba564801c0e8d6981ed6e22e40c07

SHA1
4fa77685dc72e4ec8b9c79eb613cb0598f3af88d

SHA256
23af0b17c134910bcbfa3ae14702f64b42be0b78faac72d727efd7600e36d3fa

SHA512
2354eb3a570ee8d05a32c8bea960a5d204d5df28cfda21482d4ac437e82688730827dccf09863388307af44db11bdd24cd67d0757563588b2512dfa3cb389843

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b3ccff7a4dd3fabb0c98713dbd70165

SHA1
6f6c9491cd04f38c06cb27fc9fbadaf2e4b67557

SHA256
10881c0c1a6dee6cc96c19011bea8e4f1fc51d909368ce13572a1514f42b968f

SHA512
25f2bc116065bab877f9748ea617a3682970b90d68b835e97d2857acc6e8e43fc145d083826ff3a45609b3b6ced043dd5d5360e09d948eb59d2d7cadbc965f7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61ae39ae78349b32be820b6e09e68320

SHA1
18f8aead86a780d1caf0c1ee08e6f77b0be60fd1

SHA256
99995fe1bf09795568bdeaf1b69431f1cd92bc0798206f4d90f920f747d29b00

SHA512
20eee912e7164a68b37eb5efd7a173713f5e660cf870c6cb2eec5ed02999886882ebf075ce575eb86e4783a4ed68c408a4c733d94fe78e32452ef2cd0b38299c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea175c2e4f63c0b7fc4736e3b8c1e741

SHA1
c1500f30d82bee07065b9a6508d420bec1af4b39

SHA256
0fb21154cd3218d9cd3002608f8f9961b218f69a60c007e6d064d1c6d3ed24fc

SHA512
390cf297edc95363cf13076676b65c2348275bbdf8c764cf4a86e2b5bacfde019a667c95e87a11775adb68622d4cb00f63d1228e29b5a0114f00e01674cc1103

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a8d8c0851698b88c60deb5a5f9540c7

SHA1
93c06bc6b5dc7d639f262351354b360e3cea6d49

SHA256
0bf22c0227d9a0f38c1a12f26a2dec7735296c850f3b2e4cfe4c919459776958

SHA512
3131b35d9e40d7286a842fb008d54d881d303a1fdb42097a97dd27ead9f3c016551719c4fbd2e5abae9462d42ff0a94a4af373b252efe86d4174314e32dcf922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91f4b50833dc8b776f6932fd31725136

SHA1
2d46961dcac0e67f893b88d89a9534119ce784c3

SHA256
80eb3fbb243a9f70832d7e6ee18491f5ecf2f18e91306b85f5af2fe17d319d95

SHA512
7ffbed072635aa4026be679db8e1869d533e99b280db2648f9ec02272e59dba6721e010f4d16a70c242594593cf9554ac603286629bbef1fb4a9a67e7757a6e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f539e8ca102dbe249c4914fd568ded30

SHA1
a168aae4391a2438bb6820506e38fa06c7caf492

SHA256
06a79f363d3cae19627dcb251b7df5f005c4da2950c5141307906c05f3b595d8

SHA512
c03e6c378d37fec18ae5cefbe4381dafcf0ed21eb87c3d76e2982a0434aa2153012e0fbe5a1833d72aa50e1791e39d627f6c895f3f8062b904a36185324d1f5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faa5a02d9d5fbde735231a5bf2ee13d8

SHA1
3d35a91c051a80dc3414c66299fc9425663ed59a

SHA256
197e062b33031ae2c4e4029ee15bbae89eb5e88588563f1ef9789e41f42c0b81

SHA512
f03fc2963a37cf6589e88d96b503fb167d98075cf6037e670cf5fcfebde3e6d892c3240274ee585088c6eadf5e50265a3b41c467e6b3e74a05221143d970cf75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ee95fd57ef2bdddf664072a68522e11

SHA1
36a802345825f17f4119d1af02382c2aa88a9ea8

SHA256
5d08733c1c203f1d5f4ce03a6707ad4a81b02ca37d385e0720693ebea236d3e1

SHA512
e00c67a2a42c29f2d70aa64c6c98f8f7756db50ec8f2534b42213c983bf7d91d18f8cc25fcfb564b8a69cdad2f8d139dee1ad28e62d03941a5c0e81f35aa5bc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ab7da87c46ddba1ad64c5e9438e6941

SHA1
85e9c59d385d9cca68abc2fdd9e783b718811e0b

SHA256
53461197e337612410ff02c7f2f578445fb8a31c6530d439f7d0b87e20175a35

SHA512
bbd611d70d58f6851ac31c83452a58f238b1fe2a31fc66cee1f8057d90c06abcf11b7a0693313cf877e58e33c69480037f646739deba09f9cbdee53e6bb58e3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
329140e6c9e196db48a3359f064bf6ea

SHA1
6bd297212eb41399fd09f19a76274758007ddb3f

SHA256
f873f51498f66ed3d05f33462f09edd8963f4a1515545d5ba2dd91144ab0efb2

SHA512
8fdf4d1182ee25fe0fdee9285ecb596a7ad436db943359099825f88d1b31a25d9cfd60bf058fd2378ac48d417fdb089db615a361984ffd04530f869552a9e340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d82e72db529a93b6705144305f407bba

SHA1
13a54e0895616414a83ec88aa38c7b726e561736

SHA256
eb3b87f0bb3d4b3de9e70d7ff6af0dbaa1b5ce365f4a5ded7dc5031befa6b789

SHA512
8bbbf1f758a28f184581196314fbd925130e63d59353eb109e7f00da6ed90516d4e275bf219228cbead46dedc7da9ead66c5cdd25ceed9ce43c0a28a4461d8bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68bb64d9f47fbb456a60e4df9b6c81f8

SHA1
3373c5dd1d26ae084b45dfbefb10cf768fcb771c

SHA256
85390110d27f78031b728a5f574497f2e2d54adb56512d4614eafc6239d41f84

SHA512
6692b46b3a9dde5e04a96558fc661f44bd5272385b4abe3df98db656c4cd9bbac4551ca7c6fedc96f029a7a6e601c7910c1e4f0310910e242086051a695776d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66a60a010fdd515c1fe854d10b38f3f3

SHA1
e3801fb1e15dcff80cf2f1813c3ebfb18ee1ff3b

SHA256
d6e32b54c1c66f6be1d303e95b07c87e18eef383861030b978a98119f10466cc

SHA512
b416e04879d65a8eb32ae64312fe2692ab37cf07cbd94849e46d0da225e3cf90e36a0407867400dbddb7fac355e0c150e866266cd1a0eda9f11ca9300f30aeae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7aff38188b4d5bc384440bb9368b8bea

SHA1
ecad4bc386456555fb0c36dcdace8169e82abcf8

SHA256
bba51f121ca42f725877d0403e32abe016da8441c7d8997e0b989add9a437bd1

SHA512
20988ecfca7c824d31f1877e4db8a144c2a9556b3f78496be98234ec3dafd024dcced85270358810df53e02327866746e909b8d1ce779a84ec320301c8a8f27d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
893ba9fed786820013e18eb62dfd213a

SHA1
9dfcb489374ce5189dba4e85e2500a4502141bfd

SHA256
a27892ad2c9a045f2cf774180993ce8c750b03a2189bdddc4be296f2ec705e20

SHA512
013150bae6449f5e3e1a7a602afde2a26c0a119ddf77ac6c033e76f86eede15e2bebe18a779e9e66b50fa3485cf0e584b04882416f467bfc6eef694508e117db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e51640fd2a60431bfc56f6965c0cb887

SHA1
5b8a6ccc885895614779e2e656989d8c95eb5097

SHA256
1209e9278cf6386ec7e4d6ee54db8ec55c711a1006f7345a2720c6c7e15fd35e

SHA512
57003f1d3136e8db0e692bac3fc07fa95466f0fd94d8aa8167df90bf66ebc7c196cbaf548799bd7940688e4510049ba21c26256824586d0b0264398abcf422b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25bcc37ca80196183384a77f3f4ef69c

SHA1
9f16302ff3a8d26e589daf44999964517772b261

SHA256
c579c7c9e329985c57aa08e7701d355d1171d567ac8523d94a579145d12d404a

SHA512
539240e07197dfd6f59861a2cdc3a22672f71c089a10a10b87571c3a4321e40a2aa77329c4b8a0ba28b5ce8f6d9df90266eace9afc27c7973339f185bcdcb8c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
857d48cf865ccd8c9a0b7b6bcbc27dc8

SHA1
8c6b930c52891633e78ed96ff2368bd552136bde

SHA256
6a7d0409bf94fd5114edac63bbccffc81ecdae80c518f5628c57b4a26d9c44fb

SHA512
c7a675b41f3252264587343a7971f95801a41e4f64214f52d9cbc75bcf26859220655177752c160295c25ff450b7057df0cfaee1a40635b62e705e1f24c852e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3017.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab30E4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3108.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit