957c64a9415540c546762dde82d7eb63205315eca2a3ecafb089416612a653e5

Analysis

max time kernel
138s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

80cb5c5b95213fe8f8fbf79e7a68f558
SHA1

77da62e50053531335935e6d1a9aede8fc4d2e10
SHA256

e577019773a4e311e7ecf0affa29b665ad83b75d550dfe03a05cf4199a0770ac
SHA512

3e54b003cabc4ece25563ef1494672296b042ee72c75fc450ac952986d1a56e2b578e1504e8de4d10f2cc7eeda070a1e3e861df853384e5e34aca0277e9ad11c
SSDEEP

3072:SWl2CAKlgPcc2ZyfkMY+BES09JXAnyrZalI+YQ:SbOaK8sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422592606"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEF5FFF1-18AA-11EF-AFF6-E61A8C993A67} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2696 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2696 iexplore.exe
2696 iexplore.exe
1536 IEXPLORE.EXE
1536 IEXPLORE.EXE
1536 IEXPLORE.EXE
1536 IEXPLORE.EXE

pid	process
2696	iexplore.exe

pid	process
2696	iexplore.exe
2696	iexplore.exe
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2696 wrote to memory of 1536	2696	iexplore.exe	IEXPLORE.EXE
PID 2696 wrote to memory of 1536	2696	iexplore.exe	IEXPLORE.EXE
PID 2696 wrote to memory of 1536	2696	iexplore.exe	IEXPLORE.EXE
PID 2696 wrote to memory of 1536	2696	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06a12f2ab3568b760d0b16df64655176

SHA1
3511489f9fefe2fadbb8a2e2dff29de015f589c2

SHA256
2ea9b3cbf145e88e98d1abb5234dea413bf4c65a74123d3aef7e0be6f968f61a

SHA512
e076dda80c5fd55e117b124e5e318e998acc1d0d2fa521e1ff404768e8ed99d02558530c102ede5489921a3109169773499c2bf6af956f84d18845d6e5270abc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d68951d8c38577de11bc1cbc1c27ce9a

SHA1
f99af8be3687f51427394d02b27ddb7e1d1a23b2

SHA256
518a7a0c6ba165427bd907865e21304c2e98e24885693a84fcb927b7d4a6a056

SHA512
5060de49de37c3836e269837b5cc00f38d0a2f99f8c48bab1f0fed4cc06c9d536cb0344563a4231ca0ecc9b3fcaf22d33447dacf32a738c3317cdabb12d786ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
275b16ac194d8caba6b8d9dee6d0fc2c

SHA1
b0505dc1519590ba501b7ea19d201d17311acf48

SHA256
195bf6cafa5b04cfddf642db4e19ca4743d5fd2bb6cbc816a9e8594bdb5a3d2c

SHA512
e8c320eb6f70837b3e042ad884628c88ce2b81aaa85e9e8d2bbea46337567dfc9c13f48fdd7a519c6d19d33e8be0b0731e711fa3af2a8a1a463948cc82b12966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99e1853ebcde08a746f0db30ad150a79

SHA1
a50f7b055cacb0242b02d44649e6bfd3c30270d3

SHA256
e04dcff11283ef750804697f59f52720430396325f1f8213cb2fb146354bb559

SHA512
5cd82841f54da7759ed430505b573bba673f2612bba0332dd0c7285071a86b51d8759afefdef9d789994fabf1311d449059ab58683a94b55583e8144cd960943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9ac9efe0ac242ea39ef3ae8db50245a

SHA1
e77320d8dd6cabde55957f0de8942b57c652d36e

SHA256
618f61c172aa6f11ff9ee313e04de37a7ff9cf1f6d01586a96a85c7221a43670

SHA512
2154fdae7632f5afb45fca4a88d5b806759becf3d7f9ce9a9408f2ce914cd322227c018dcb8030f1d1c7ccf5d07dcd58f0058fabf5f46140ac2e8171e43389f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b10c22c209d4c88f6d47d3c0578cd78

SHA1
4266b4e88d742a56f6b288005de1a0c3728190dd

SHA256
e084c1af4e63625ad4f091473fecb5059ad7e64a874681ca063f8dd71718aedb

SHA512
83ed2f34baec732dc10b56bd8a3b3727a83b7b408d59f271ad127c9837ba9e762600eaa783a1f9da70998b56b49136500ced9abc22921ee23b9a2f4340e2420a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3196c88a2cb64334367c807ff20cec0f

SHA1
8996c470f5695fe4341f10c76fe4d9c758378448

SHA256
05e47e4a2be19a49f797bcd485cbd94733083cb57c2dd86949a09e69a1503361

SHA512
8c09084b84e52bdaed6d5df05c0f78d8051dc8d83e1db486516e470ae9c6844c4751f634f3e0e7978765c9e0766819fc9643e8257c9f356c6fe8af141396746c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0444a04ad7abcd624e8a35ae661c2b3

SHA1
59a64bb4be5faec65fd366dbb2fbac20b102a1fa

SHA256
2121aab7a0bea0f86cd51041b492425454cf66d9d61179bc0cbb6af9a929b6ee

SHA512
d8d1d429798cac70c05ac04774517238d5a0f5125ddf9870a5df95c5e465b8ec09988867d903a4b53a523f7df65539d7b83e6a47ad3764c8422a83b618defdf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a985425ddd0a762e72e4a6d30614f3b

SHA1
67f7fa87fe1239366b50e5f331fc3eede7e11b22

SHA256
f3129f38cb3dc7f1075d5704077915ff7265ade8ed78ba3c4930f32f57370eff

SHA512
5b2aa040197ddf11f1c6329eb23cbad15057055027f322731ae260c0c8d588786fcab2b79ecef4921826e21207a5dcfded08dead73b2ef13c074fbff6e9f960e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21c4311e27cfb1b0461897484eb19bdf

SHA1
712b78c42dd2606dd64380283d19d3234fb7be12

SHA256
67d86a0a0e1e2d61b6401a53d38b0831853a9622c5471b2f1dff3739f17ec841

SHA512
a5519e5e699109f24616b99b29c0e3c43a5a1cb96ec1362f0d632aa5b2d0ba8f5177b5920bfe367cdf00ca51f8dc99a4a3dc8448b58bfbe7432309fd9c6c8b5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9c86004c86b8c553184686570e66eb7

SHA1
842e4fe548f9a851fdaa9b620ccad31819ba8b86

SHA256
dc6b0e6ea634b65bbbf2eb287f9665516580fe7c12e002cd314fca8aa04616e4

SHA512
b2b44423e6a8ddf5dbe8f9131709ab170c116d1c5b518857d65ce45f29137e7f6718d63d5eb46aa15329608e9e154976ba4ce4c905e510a28e69c0bc9bf92cb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6fa5107d5f1671db8d7163593fdbbcb

SHA1
71d3493aa902cc8a977113676737899f1685f0b7

SHA256
12bfa7b2f1cd30c63970bea46584dea35e34b8777be2317640d1dbedea9239aa

SHA512
56129c83e94f67bf354e9fd2764326555dd79742f644548164e386a18134e158f6efc91f49396da43e20e4b51a730974adde283e4b1ccd366e0af650a822fc7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2a15cc3f24c18bd2f1f3a384971a42d

SHA1
d8367c0c8c0093ad21e48d0e20b55839a0cb2752

SHA256
87396e2fd1b7ea6e181360d18256c991e9a38247c9bcd0a83b5d373ba5c7636f

SHA512
8798b7fe21b6c51717ef4d45b345e7e947aca5f95763fcda776102380d6ce3002501434e95b73a5db0efdd9c9ef268fe689e44a4f1d4aa07d990bd5b12979e92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6ab31814f4bea3a1ad6bacdfcbff791

SHA1
40bb1732e2a23aa11db9278114403e37c9df7f89

SHA256
abaf79eec3a0bcf46f03182168f9cdde532b935ae6a3912838768f9164c7de4a

SHA512
522f2d128b35f6bfb1591634d3a229801c5aec682cce7e4c13477586ec5d408e65eed14ca959a1e532aecc354827d6ec68acbdde9d58e2f435180839eedc965f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68137b9bba585eaea5bacf90c4244ba7

SHA1
e6307265d267cb451e8226169e3165daddd04596

SHA256
f1956819f56fdd8ea97b68343981166aae4471424f7f6997f9969f1276f702d9

SHA512
90e84ebbd817a4c310146c5863bee3c4b280fa035b94a980ce72dda363ac40e7198234bf5d558b05c9697e50091a8eb86cd2c5dbb491b59397c0c26ed1483f34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cb2c62eead67a498ca0ac7d7a8f0d84

SHA1
12ae7158df62e23158ef38d404f2437ea25044c7

SHA256
01b08ecef278924558aed6bf953b7c6a9373c07c7d942791b9645ff8ea0da93f

SHA512
e03ab71ab81280df8959ba98fcf5b8232f9e1ace46ccce1220e13437b8e4b4a7bcb83479f0024b90b2f5bd181c43e97370b2d7be23da27f20260b8bc3e541745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f55362d2e26b985785a4ee4a6ec321d3

SHA1
5c8dc96df2fa86a62601fe2b1aaee53e667a85fd

SHA256
5bd82b709d24f359d9398cecb250acec6e2c6b42afa927ee76c5667339a1146e

SHA512
d6002cbbacdc8cddfa967f9b8cf743b3688651135b507125408b83b0c17be9ec13dbf2bf86a1f0f331ef2d08138cd9748a3cc48cd16cb3733b19c6cd60e041a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8566.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar86E5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit