dd307763f5e2d3dc92f17f1eea18ed34337555ac143ba448924edec66a0c4eac

Analysis

max time kernel
136s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

f2914b81c1227bc9a7aa2d4445ff6c81
SHA1

708d2951fca219ff755d7f19190b9a882af93549
SHA256

5c8630012f078a334a4b010f70129251249e55e6381f7f9fa79f4264a5bbcc49
SHA512

5a94882288aa232376d422b4aad038c3d4d07a0ad37152bdb8d6c959192c48f26d98e689344bb1e5c9a0902cf59e22e0d4c7f2d06f500a36649eb817e2e54060
SSDEEP

3072:S5IprOMa5A6AzyfkMY+BES09JXAnyrZalI+YQ:S5IBIaWsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422573854"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2614FE71-187F-11EF-BF06-56D57A935C49} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2076 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2076 iexplore.exe
2076 iexplore.exe
1056 IEXPLORE.EXE
1056 IEXPLORE.EXE
1056 IEXPLORE.EXE
1056 IEXPLORE.EXE

pid	process
2076	iexplore.exe

pid	process
2076	iexplore.exe
2076	iexplore.exe
1056	IEXPLORE.EXE
1056	IEXPLORE.EXE
1056	IEXPLORE.EXE
1056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2076 wrote to memory of 1056	2076	iexplore.exe	IEXPLORE.EXE
PID 2076 wrote to memory of 1056	2076	iexplore.exe	IEXPLORE.EXE
PID 2076 wrote to memory of 1056	2076	iexplore.exe	IEXPLORE.EXE
PID 2076 wrote to memory of 1056	2076	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4719ad2c847445d3727e1ef1bc20372a

SHA1
1e47f8878f2e63d82a44dc2cd54fe14cc7c25680

SHA256
2f800ac79b2c747527918bcf698a9486d5ab6ebc46636185948199305063e79e

SHA512
5757ec4f167ea60bc4f8d93385a21fdaece62061a4e8751715ceeed42a97a7c1950734d37bd17ede74c5d11235e851a516b353dfe3524559363d46116e33123b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
585890f180af88ae2f3329a96894cbcc

SHA1
453be383984857146ae78ea6154ac33b5cb361aa

SHA256
b82d38dfab024036677c0ba96f828db403c89ee95ca0c1d32cd9a9bed743d63a

SHA512
4ae7d7a751d35a9c19ce624752ca2225e1b77c453bb34eb01ab721eb78aa8d0460b29d7d3ce206d258a05acca884f91e67ea897615e987ecba8f101673ef4197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4940410f55d3f10da3cf661a22121259

SHA1
e160dbfe44501f6cc0cd327addd6e919e642c80d

SHA256
420480b7259f9e2c3af1e33434da3bb602863228172fddb0db96c0a3ed6dfda7

SHA512
03e01755026000ebfc049644978f3e057c7909fe2d3cc6edb3d7bebe2516775ce933161ad818c4eda008522a62f0e94307b6126d6434d67568ed9b4d303f6538

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dcd65c6f1b7288e78e71fb742ca9668

SHA1
9714f0d17abca0413377320d03617cc419b2022b

SHA256
effc8a5adc4a51ad8ca0e652fa38fd9bc36263050c5cb82ea26ba1b8b3ed996d

SHA512
c5e8d5aa0124868e2c990048b97acd40ca47a23a5c33f90009aad2b5adddcdf1f68c9f3840105d11e3979b889444ff7200087647639455fe5518843551dd025c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c12196cf907cd72afcb131f42413c94

SHA1
a02ff22c894d0ce4f5e1cb11e6f27711eaa1d11f

SHA256
8faaab842ac0ea3399871ef16f3517f26e5c51c92dfdc41a619dc0cb6f4117a6

SHA512
755ea47e0a26e346b504b715444407119979e8ebb2f88f9e0ecd019a78d88f17f8f9e996411105fa315a22ced394821a979e5b2cda0b16c3c7194f0f39cc26de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99c99efc0c4e74e0f8e6f8767ccc1bb6

SHA1
cf9d43d42a9219a7653cae38f554559d2e6b302e

SHA256
c5774f9ab0764deb501999bdc29cc60a907027e7085af511610351e60a2cd171

SHA512
c19f6ef7261d8a3aa219e8cae22c625a3e5a67bab57b27b8ad533f301df070c8104d8cadf859b03829ede48e85de2603706bc7b9ae9e1522469b192a634bb5e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76a657787c4173b4f31814b3bb4fb2c2

SHA1
40d003c29a39410033a69fefb8be20066e854901

SHA256
67aa2bae6a24d5f21babdcc00df5cfea25cbaf7fafc8177e352798b903475b8b

SHA512
3f48882115354ef455119c20f5b65bf70b9e666df499c858a62227bb07339b8ead37dc5d720fa0c67876aff9a29526b1afe9dddabee184df1cca334a90f63735

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c42fc74858817091eeaedaa61f77f2d

SHA1
600007ad56b5f17c1c1aae7a5f9ab59b1566e170

SHA256
5486c0ab43321a82a59d9ed3c52a891dc9fec9f69004697228f656b9e3364cbd

SHA512
a37dc80086bf045cc36e9511fc9d96fb92d059fbd74c8dda1cd5c5f3e89648d4f7933c22ca4c1e07442100970578fad4cd897ebbeaf80bcf930955b463b99375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b710d37d182a958aefd915d34d418dde

SHA1
6ae1f1aaa5dcb805d42938894a6eac9c3a9f1bd3

SHA256
af59c768c1fdc0b776b6285125413eb6b0d42f7b2368413c90f9850e1ef07aa4

SHA512
eedf2186ab5c256f8a71699a5d86d4577cbed9679c06866ada6e6154d2ec0403ba69825e337d8f320b5d0afa9ffecf50ad82133a72fa13cb292fa2cd2a449e92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
889ad43fca08c9d24e449dfc06e7236f

SHA1
e5d4acbd03338aa87e890e0689d6db3d82d0a92e

SHA256
94ccb238267aec9996de195957fc7f63b441f97c26a748d2024a7fdad4c01f7f

SHA512
de2ef73687bf7b3e6c9a7c804a0e0936cf675065cd249ec0d79cbe57e61cef623d3c295df0f1d3d3bd9a75e5c2929db3f24addcd9db65b530c653fad4efa7214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62e300eaa1941dcc879a0e252192002d

SHA1
e25099982e6bb775908feb0fd4c95bf31ed77d18

SHA256
b6d89410ad073d0641bb5ccbdd740b261c9a9b302a337a86e4becf783bdac9e4

SHA512
74fe587bbb3d898e28d199077720fb1a2c1ed0ad9935e27552e7c59dead4d62d558a2e9f09804ade59d35098faaa2d81b1bf0cfb515256796e89182c347349ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71bd1768290dd2a5da4ad563a23ed2b4

SHA1
d362b0119829135c068f18c62c3c84d7b54ad080

SHA256
93a22735ed4488d7c0eaceb7661b0f5982914349b26135c4e586dcb6bfab9fcb

SHA512
fe07b2fa3d20abcd524f1e2c610f0ed0967f4bc754f05ebbb8072a5554dddc5e701490ce98c888432482cbba918674b9e1eb89f6fe6d9cfa26210e26d16957d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c36474887b3022252e7a29e8604a5bf

SHA1
fb5eaaafb3647fc215aa7b8a42a9113a620fb61b

SHA256
16c382add2ee171ccd92b350f5ba801bb87af9e8c0d2f999fa08cbbec6bae05f

SHA512
7dac0fe8d800995ea378b8cfbededfd60a3832d0d2f43567ef82c3ccece93854acac8baefed3b105ee67930b29abc494ac416946a078f8d6c2a6ad3a1241f613

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
add6e92765a0673da349f76a38da2f80

SHA1
4fd505422554a6f7749ea35dcd92310037bde67d

SHA256
e9195917a47b9328b335b2169eebfa3ac086e038beeec24687b0e1f5e063dae3

SHA512
42d08c4adaee4cc656c1c06cc9bca98ec3767a95260ff30a588f9d13b3dfe6b460255d98b36d90cac4c845ac910469793250cf96e772b5e500c17fd281e2c5cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ab150eda97df866061f0fd23a241b14

SHA1
9208a065cab78a5c054a12cc40eb484fbe525f0d

SHA256
4bd6effdde937802abe9a804f1d82d22798629e0c8fe6593d2f8e7616055b9ed

SHA512
50d07c1a8c6004a2e4cfbb54787b01e097fb819e84d10265aae4100a9d50cd755b821ca7320aad5104d04bd3a244d55505fea027d9267e6d65de3559d2ff13d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce0e68ceb5c2dd7f382ccca906de553f

SHA1
0ccf16c929284331a8a060fd7f189146e03ab7f0

SHA256
2f1c8889f884427c00d9eca550b1bd821ee5958e7baea96e525da5d061ad4858

SHA512
1d8e7b0ba035082fc188994b316f1e0bcebc812d44f530caee924d6ee58a714ee0ce4b7e0ebe138c03261491f3de4efceca50797e5a1ae293ec4387d37874d51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f97c49674b5764df7792c22a633abd7

SHA1
eefaf9cc3e7b85dcd20f1c02a40e780266f4c739

SHA256
264e47862b7ed1dd89dd2c2426eec3539045a8c8566d91eabf8d01c5c41c6ea6

SHA512
2918ed371c0aa94c1bcba56f5d657607d090ed3d957dc8a3b68536a7c237f4e71c4c5706830fcb01ca6c792d1928010b880f93c43fda8abf7d7cb06284873fab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e5d2c9150b52c97d60bb9702c163744

SHA1
1c64fd0d3b3967c2ceefd7efc7d5c933a5ba02de

SHA256
af25f133da3fa3ef3d8cc956e026d04d26a9476d32e068aaa74d09cb23029af3

SHA512
0f5cffc6d20a03e737ec0b5e8bed34577337cf66f3c3a66627b3601195230735ade880f9387762cce2ef1d3314dc5bb6762a846506a11558679945ebd9cefad7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9b405d172543eb0281b13b048cb1d42

SHA1
4492cca05ea9f0aa740020d8c4796a91cd50befd

SHA256
9b290dd63b799ca10d4f31d7ed71a7f005bd196804d4999c9f361be7696165df

SHA512
edbf65e1dabb9e3e33e0ae9e26adda5832dd9630a9aa9296219dd2d50a69c0496a2eace6b58211075d17335ce0f9086bf08dffbfc0abaa487ec72da83599536f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab735C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar74CC.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit