da9d6e68cd74ac793aa9a9100aa91527d0b62c1834c6a2dcefdbfa28b55d89d5

Analysis

max time kernel
133s
max time network
142s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

1e50e4d7938af20a8a480ea183d5df23
SHA1

d53d71944b41255a7d0335f80d3c4f6e62911f63
SHA256

6b3cadac3c1aa56eaf0beb0950976ee6c13b5b1e9ac976cb1d7419356658a8ff
SHA512

222b8d9389ef648f1bc433a734bf77244ba8468a03e57e1a177524260fcb2fa7bd592093601b1effa0d3729bdf63278ac1b273b3c2a467140f64ef73ad1ef78f
SSDEEP

3072:SGS7TsmEZikayfkMY+BES09JXAnyrZalI+YQ:SGTH/sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6199A231-189C-11EF-97A3-C6E8F1D2B27D} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422586407"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2436 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2436 iexplore.exe
2436 iexplore.exe
1648 IEXPLORE.EXE
1648 IEXPLORE.EXE
1648 IEXPLORE.EXE
1648 IEXPLORE.EXE

pid	process
2436	iexplore.exe

pid	process
2436	iexplore.exe
2436	iexplore.exe
1648	IEXPLORE.EXE
1648	IEXPLORE.EXE
1648	IEXPLORE.EXE
1648	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2436 wrote to memory of 1648	2436	iexplore.exe	IEXPLORE.EXE
PID 2436 wrote to memory of 1648	2436	iexplore.exe	IEXPLORE.EXE
PID 2436 wrote to memory of 1648	2436	iexplore.exe	IEXPLORE.EXE
PID 2436 wrote to memory of 1648	2436	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63c8f74564b154cc504b41e96689b048

SHA1
ea8c50de71f973d0b6002b2ac9078f6039f02301

SHA256
1c269ecfc9cb3e2b02e8ff2c67c743375d3a323aedbf736084c220de48df5b24

SHA512
719c1f8adfad04fe263ea02d3ed0d8de1b1fc73c9badf2884d54a734b7b3b49690b2d32db51dd91635fcbeb8d322a18fe6fe119c5ae9c5b46829ae368de2f06e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03a2d93a0c49082aab0ac4fd67026359

SHA1
f65a88e75caee84b45b4bf8916cd43d9aed6da6d

SHA256
ebe0b2e4e61e771b6ea8f004cabf796d0fe5089c4501a1473bb2fcceba56f362

SHA512
3346e063162f554782aebba40ce2cbeabee262f80ca130a7f26f776f46f8d3ff432de22c235785ceb121c26d9b71745e80f5e8cc351b4dd883be9dd41bfd5419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7caf912f1a1720540caf81b6058e5da

SHA1
9e49916b092cb6b81aa3e907d2d97092a0de6620

SHA256
ad370436b7dd58c0663745752116c276c01f86c564be36dbcf7727662c2b0617

SHA512
66640b8f1e6f02cfc7a40ca9515e4fe3e6ecdf17e3fce418286802ab24a92f5658873d30939c49c3bb63c96f8575774dcd32e0ab452dd8e2c0b69dc826bec06a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21004cc021afb902fd80d1179de610fa

SHA1
60605490ae5de2ab43eba139c0fa8f1fc6573f32

SHA256
c565a988b8813980007006abf2044b92936f2f4244b9e03b6220fe82d936fb5d

SHA512
05dc68554fa5a6b6cfbe5dedc87923ae11ded14a3781bb36baf7c3d98e407d92090a7eeaa4ba6fcb04b0f2b8d840016ca6103c5fcc188e44c214c09882d8cf6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3962d3a79efb2bf9ce4a976a6152277f

SHA1
1bc7abe132426cc481db3ae83d03a57cd1459e1a

SHA256
2cda56733b104b74fe8334448a191f2624eda0a4937ab9f0c528f59459b75658

SHA512
2e5e514bb72dfe28547fdc906e89d3e8b926c41d4b8e1729f894d4ccd9bd58aa9869c9e7ae4e19e1a15dd7c7974303d7afb793c0a992fdd9f8187a1562b19f20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f88089426b92c3de2818653419862fe0

SHA1
792fc5c70b8788ca98dd314c79751dc768bc3489

SHA256
430d5af6b4cc177ba6bee21159c756bb2039565e542ae90be4b717c68310c5d6

SHA512
9397d1b399e48e916663e211dcf9b9f941c42dbc9910951514f47c17e0804a74646e63c58735166d30b93b18343721ac85f087b3ac22fa80ec3789c0ef1e7dee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6731ab394397de695897af5097abb9aa

SHA1
0ce266a267e600f3f315cb3a57158c37809bf859

SHA256
79d32d2b6c60a2eef4e2881d7dd04882e424bb57e9b5fc858b8ea1530a6ff97f

SHA512
2d750ad63752bebc919f70a4e3898db3320ba0852c40946eae893f12ca721be5c995c1a3bb5a87f79be689c3cd2259be170ce3a04df64a997f0889c945873c6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5667f6f89c2eeb9996602b894081404a

SHA1
4b1a1777f7564a0f1657981ad1b4064e92be551e

SHA256
39cab17b02453404076285d09600563b6e150b72292de263ee8d93911956a8ff

SHA512
27a9a32f71a125270375b3d519ba242eda0404e34a5658f0fe68c7211bff352fbe05e678a6b94b8160527c5eba5ec6ede86c501b266f41530499b0a068de7c19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb5214ef8d533bd8267541e247831624

SHA1
f9db42a8889763bead0b57506147e93137d0c895

SHA256
e279a708d93e3f65996309d5e3e5ed1328d4511d98950ec186beef86a5fb895f

SHA512
eef5d7b24cae32cf2f533b8598f81f5e76d2a83d5f5c7066003b1159808cf885a537dda1c68a7776e5e1e4e104a128953b1b3b815ed1f0cab5ab9bff146fe473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
404068fc65750d0f1ff51420684a5581

SHA1
a0443a9b25e2ef748b9f634e4a74a5065110e07e

SHA256
5c6521167f5f005a03bbeda0593b9b411192d6a3cedcf695be3f518f84da76f9

SHA512
dfc00c62a1f3d854beed1592585758eec7d0cd796fd4a329c106d47f4f58c4c74581aa9ac5994d4af58b1cc826eaa0c8145611358067d9c1e874062f42faf38b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f5ef74c9b35580f441c4390aece4688

SHA1
0d0de562d264505c9ad108e80f04efa797b05c45

SHA256
817565f66dc672e5ad62f5b21a375b8f3592f068d681d82dfcde2f27a58f07d8

SHA512
c411d9c80e1b1244ac196426967969fb5963aa7d34923d2a18798d662864149cd337272ff9478c802a83c2db26c85df4634baeb8cd9ae0c15440a59b81cb982f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a67c54e7afb47b594c510167337f49b1

SHA1
2260c477e3e88b2c7225fef272aac08f592de751

SHA256
32c0c9f8627e76bb611cbded53cfea7c1e099a41eddcadf227ba53ef958c354d

SHA512
0c12c4ae6182166343d79d3fc5f6d3e07f2b4c64344fdac82d55e09dacce1f6c379ad6386c6ced291dcf38f5f52e9555a8aa5bb549deccff7d2717d37d8a6d39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3c5725fdd429b82a80810557b9eb4c2

SHA1
32560ef6236427f835a653030634e48d23d841db

SHA256
22217bd78e2dc80e21ccf52894d46ddd91f64b88ae964c144bc020642758f352

SHA512
754fe84888a909df83ba1e12085a28c5d90f320b1c1585a289da52e945d47d01c361129b7e8f0d992c83f852e434b4dc97bc165f79812c16d529937ffede4ef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58e43f9ffaaf0701e3f7c802f1706f25

SHA1
8d85e93cf4d1510bb6224a56da01626a1af427f5

SHA256
3c8b9da406ee978fc47f2eb256dd37e670f6953e1a2bd0b5baf9f3644d94e660

SHA512
c79771f3977e811307335de5b782569f8c3a9517249c41eb2dd361ed1fe8c2e4232f608f19d6b9d1d001156af51bff62e40ac0664521651248033cbb8dc315b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1d834992224916b0c816820deb5716b

SHA1
82d6228053a6e5d89dd4cd54191df483abdfccc8

SHA256
96afc6a0302c8f81bfafb7ad50e49a372c7fcb5da2403d9f6af10902109cec36

SHA512
fc76be25c8f9a353f2689cd0eb4fdf1b5d5c7cf84846381a927ad3a2f1d2a0c3a1a08e5834e289bfb8e4a682e9acedf2ddf6c042e45d4cdeb8c7511696e188d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19dd20466e49b5baf7d16dc015f0b3d5

SHA1
77e1d5580685458086457a4bd4bfb5fd4c4085dd

SHA256
6ea7b7ac007628fe14253e318c741023b387bcfa1e3bb64a489b692ff239acdd

SHA512
22b7b83990947e71d9eb6569ab1c29cc4f3a27dba871fd5fd9ae533a9e66343546121f0f951e0f8b3c075524b3a6a7ce902eb6faab6a64601b63f1804747b960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11b3b320b404c843b46f874714f8b70d

SHA1
26aadfccff9a0ab17f969e7655d86a96a917403c

SHA256
fa74ea1e28b242457a8eacd0124d1239d0788df914af93599e917605c83e3247

SHA512
5ea853b4da1fc5ca5fb5e82723bbf5e3e509966eb890ac20ba9cee856be06893da18a369509e79058cdb8c3b7ee6371eb09f1d16548dbc58a40a8d45a525e513

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab14DA.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar152B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit