e2b2b3f0d34d009d3132cd90495cc712e9e11b01739317f2e047745e1190ba8b

Analysis

max time kernel
132s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

9e562f906e1bd469e29d03ffc3ec02e9
SHA1

066a7dc3c025e186acce2178d36d34770cf0cbfb
SHA256

6285b98faf6e73d5d0c1135a43af0a1a3c8a53ec1a00abf137c8d8adc9be5a25
SHA512

3b1b4ac7549c618e806fc3c1771d26e0f42599d2d84cd02013b04dda4bb28203f4289362be188e01e8d6ba13a51a20e5d486336aeb6aa499c5a5fdc04f935afe
SSDEEP

3072:SJOdwya15d0LyfkMY+BES09JXAnyrZalI+YQ:SJmVusMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422585420"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14AE82D1-189A-11EF-B826-EA483E0BCDAF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2960 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2960 iexplore.exe
2960 iexplore.exe
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE

pid	process
2960	iexplore.exe

pid	process
2960	iexplore.exe
2960	iexplore.exe
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2960 wrote to memory of 2144	2960	iexplore.exe	IEXPLORE.EXE
PID 2960 wrote to memory of 2144	2960	iexplore.exe	IEXPLORE.EXE
PID 2960 wrote to memory of 2144	2960	iexplore.exe	IEXPLORE.EXE
PID 2960 wrote to memory of 2144	2960	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20ab618edb338a576aaa7990597211f7

SHA1
cb74b6942395b188c4cd09e2c103ac4f71693790

SHA256
4b34fbab1b3e98afd8996b2caf1676ba41e1506774d5f0af90f6522ca104506a

SHA512
7938f95a97d586906a8ab9d0dad8a249fa884e93ae0ba94b60b7d7908595334ea4ccc01b2a4120672a05258555cc936d84e41d94e203f0ff49412f5e4ed099de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
928849aefc49da95bc0f23fe058c51eb

SHA1
ba78aa100843ea17e114deac7bb153c97bc6eb62

SHA256
580dee99a24705e2d052e626735b200541464cef89df5de5657b4bf74d8ae65f

SHA512
ff321fdb0a46659bf32a177f609e171593da7cc0248afe3eb7cd6ce6e2026bfe7153f817c782a6383b5bd25087105c9d9558846428ddf4f85f0ee20541bbfcc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
230d16d8413c5c2120888b61a7660c36

SHA1
6989e47787e3ff48cd0f3226650a120ee290b278

SHA256
d12ca1d8d78b6691339448fe3334d72bd736ffdd85eba64cc9fcff8f73d7d5c7

SHA512
f7906117b51556ab4f1d8b37f65502940b3f11dbffa9d4810b6ba3bb11f646c3a52a4b808878bcc7ec61676e174e75f197869ed7b558f61cabc1f0622a697e10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e6414e773e2663d85c066df440fc783

SHA1
3b8d6888cf94fe9281b7e4e010397be8269c5d93

SHA256
ee1cee04264e0a352d0fb170d6af29b9a39c47bc0557a30dad63031555c5596e

SHA512
b676e064540cf335d58effce2f9c61414ffab223108f5b756922ac5fd9f2d7aeca211d01e203f6bcfea584210b219a40de7c10377a138e14e4daa05f38c103d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95fd2f35308433fb477ccd07f78d6073

SHA1
fab55d355ecc7eccaeaea5ab04e77255a45338c7

SHA256
e3d93c67c8e51aaaf33d4ce16a95cf54bd6f41553a2b4aa5a0166241d142e0ed

SHA512
d0e9e9f73d6cb13c8fa5c082e3b127917c9002be1cf8af1e148c4ee64ce3368f58cf5122f0d4abce49205ba5025067e58820eb93397a02bea6d04ae8da3ec58e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
620001e3761bbb4595b6a6601faf9578

SHA1
49da5deac7e2d7d933060c0214da4f8319e69da5

SHA256
ac9d4323cecfb7d695c89d94ae6dea286b2b04ff10c06db9461d7474b55267f4

SHA512
6f2827be9dd4290c5404f1d77849d3914033113acb8074d480c97f11ed96aa728ad157fcd52dc6ad81811b18ac1a625f96af444fe82d3a60cc98b1e108e683dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faa2d9fe21ef9d0c0ba1134d13cdeb6c

SHA1
1432707852ad99a1b404206d15144815bb619f32

SHA256
f44c2c9d775aeb197fe49460e446395c098c63a3b7459653e952dd14afd2728e

SHA512
b3a8e2f413ba3e9c22ef466eae1b1a3ae6a566a0e7d0ba325ffbccdb7e8a35ba7e085aad9c2a2f4e1465221ee47585602c6c156c9e738fa60acf437a80189496

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9ecf31f0783aee967800bddcfb73345

SHA1
a7e4c5655e4dc802d303391b258e0d486c9a4528

SHA256
95d6dbf291bed8cd74130f97d4ab8e6fd82eb56d604ca633e3f324be191796e8

SHA512
ed4614530d117e6ff761d72f43807f097e3b4ee1584688fa8fef36cc074b64234afbdf4644e83bdc685f432f0108bf907cd243094cf5ad5ed61fa193595fc5e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29bbbaf9c9838bd2fe0c895d1800c217

SHA1
ba55cf00f9afca32b682b04911e92df0fdbdcd77

SHA256
c8f9cfd1ccca5bbbd0b709f1ba02972b2748a8bd3b5f3c99dfb381cf4fa67745

SHA512
1968c4580b59b863966d23d19c9e31b3ec183e42625e03c284c4ba6e8261424031d8c7fbd5a5cc2435d50e755a4927dddaee1100a1e327708f169cfaa41035a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
000c4554594d3a6bed6a4ec88ec3d52f

SHA1
91f26d9b3a1f913695a450f4ba95fb692a91453f

SHA256
8911ff48c24639b474630a1e14eeb2336f1028648571d36a9ef98c350c1d49eb

SHA512
a60b387841ab8c6a96ea57a604b1fe5af764a31a735e1299245a014a77d7864ac40d1389e1f9235840fcaa2331dd05d080bd9b1e4a92c05d09b229054d027669

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f3703476e9e2d7192a318afc5167ad9

SHA1
eaeaa894c9ef006c49df4a09e1aedf46d67bb4d3

SHA256
b82619e84624d10e18649e4c9ae728bbedcc3125d2867d24455cdaf0ff516829

SHA512
cc94cf165d9ffa543eca7388a29cfa780d051a982dfe7669ceaf90b2d1adbbd4d15ba1c35a7e25b315c2b059f2083ce8f215e4fc4a29c4619a11e9fb2d6d7ddb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c4e53e4c9eec2a880f31e86ea4d3a27

SHA1
ab8697e5602444550f3fae4afae08cebca5aae93

SHA256
80bd8f0cbae1fa5f31231ff126ce67de7047870f40b340b1cfdfbe9c2ac7c607

SHA512
ee0c303f8d9b0d97ef216106a4291a4a1fdf81599b2d7ab744dd54840726fb336f01ec1203b34cf0f17cb147a3092f63dd8a4bc6180e1e8020c0b6a89aa75f17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33cab9bd218d41d37c5ddf4f22e028c1

SHA1
c10774c5a433e6e49044d6a73b05e5b1ab127e68

SHA256
0f2dbd487c5e8f21cd6ff6ce3184888045811b2086ef06c051d0f5a98bb132d8

SHA512
bd9c6c8550c06cbc9b60a4a0a0fcb5e6351e65c84522029ae3b0bcc6a08d8f1bbc54f777196cfcbe8d7ff9336cf139035a87af57648e5552d59430c7e1bd1abd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef07c3fea49a06d88026fca0454647a4

SHA1
0959ba716baefa123af9b4670e2bebdb22f72889

SHA256
df96cb35060daa4fa30d6339569d00a9db22ae9eb05f0ccfe38aa4a4e568f9fb

SHA512
420a3cb27ad8e827adefbca4d358195350bb2718e75944baf24fc812a0c2a2243a4a79eafb6377ada678908b3b74c444a43253b9b371935cacf45a35487e2edc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7925a063b051590deb2b0f380910fcc

SHA1
5bf93b2c150567fbdab10e14d2f77cea99faa23a

SHA256
9ecf1248122639fa419fa71fc1e3732e984b4a2e1e7d45ed43bdc4909422547a

SHA512
6d92525de34b9c8ad702aef0d140d68ee6d360cac807f1a3a8b25c9f31d375a4d8cd0dafaf198a170cb93f8a719d821fcd3535193a5fcb91bdf0bb4ca095c755

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26ba02dae326e275483003a5a51e6dcb

SHA1
6a1ffecdd284bdc4413d949dba56def7c7913f64

SHA256
37c5b96a66eb8185e556c227c5020fdd6ceb9b76380c82f334ad2d992e9a2aa3

SHA512
87658a482f54af10a70b1c776deea54253df3d5000e64fa62d6e2f39e419b87e4b74f63373687a8431c8df983bbd9189387dbbc7bf3339197aa2a4eb2c7c7ff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34129d73dfd2f2057f05967797f027de

SHA1
628251439e799e982e21595a8185e2c21c6e581c

SHA256
71d166dc233d524b72ba52bcba71ad9633e170e0d2cf3d5fbd0c71aa707453a2

SHA512
111bf54f3057e3c891dbde2c9c3c0338a72a62f9ed473bff410c5011541f5373f31317857ae2270a9b237b08fa328a5ab5fa271ede6d9c31b87cb6bef5456142

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbe11d1b3e2ee551e5935af87a8a9d13

SHA1
a65cbe66789dd671280bfb7219dcb0f4c9d6adba

SHA256
b20606c8a4a70de60e746e8c944e45264e60614754b5afe4c4afe493f61c5efc

SHA512
e81bb666493c8136f569c5de98b17b0a964e5221d7ac9eb9871b1a3c6db4aa0df5a33d928376249fbc4703aed69d2cbec15bb85ece52b194bc5fbcb5a754580f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
631734a2a1838a2e0cea02e3ad665cbb

SHA1
24631b27e02593c55cfd31c9a1a734266d0d9a7e

SHA256
987c0e64a15cfd30f4e2101c4b20b8617db5c0266a7b34eab84a1838d68b34f0

SHA512
459b33a864eacca36a90358dbf3cd52fb4ac90e8041b4444391d2e4ea9f14c7d729f7c71bdb9b0f1e8c707ef13a0cbd22874740cfb465bbabd7ce7b0077aa0d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F15.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2008.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit