c1b3aa640e20359372812fe7d5615ecf7c1ca7a7e986349809b9f9aba88d1a59

Analysis

max time kernel
137s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

bd52f2956bce7b5c901df94552e8b7aa
SHA1

adb4f408afa5c2434ff0b365a0817ee941bf6e37
SHA256

8ec24e50c5d33df158d8c4dee9d26c7b5ae4175deb490feb97d3b0c48096babf
SHA512

dc3b0b73f549f573f162d6ebb91afdf6efb2f99c2d293f2659ca8a1a2f48373ce08454725678cba420a9dc2457d8a79e0b827f8146306b2ce1a0c1fa31221413
SSDEEP

3072:SGsQQ6yVfq0yfkMY+BES09JXAnyrZalI+YQ:SGRb5sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422642955"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{097345A1-1920-11EF-8706-CEEE273A2359} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1152	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1152	iexplore.exe
1152	iexplore.exe
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2088	1152	iexplore.exe	28
PID 1152 wrote to memory of 2088	1152	iexplore.exe	28
PID 1152 wrote to memory of 2088	1152	iexplore.exe	28
PID 1152 wrote to memory of 2088	1152	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4224935f3d35865f8fc7d14a7cca9416

SHA1
75111a50b54d5ec9b6e81ae5bf8c991085e3d07c

SHA256
bd573dd8eb323c27d78c2fec7bdfb0cec8487ee6c67a549f9d5d9e311b67b5e1

SHA512
f408dc6cfb5619b03c0e63394731a135129ca2683c1252834990ec1610d8ed339a527b28e86cd06c54971f348ac51cba839d32cf02daa27309258c37b7ce6b2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee3ae5b2c20b388a3dacc45ab67a2e85

SHA1
0f676e229f1462e2150f933700ea1ba1b04de4ef

SHA256
291336d7d22ff163d75e77e2cead31d2d9cb5e0d6631c6256927a6e19492a3bf

SHA512
4819facbf8c580534720dcdac4b18ac4a4ae92fc03434cff99c0bf58fbe57af3fc62c2b5adf7acf0b98c808004323459e417fc0ada983a9e8e44dda5a058b64b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8066e65cfc692f94dee397dcbb9867b6

SHA1
f579ee3fd7f04d1c900b4d9735cd0286d5ae320c

SHA256
e7ce4e2992f3d13db872188d8dcffd11cfc985341f59d7701805ff702bed94a5

SHA512
19d6cd30127947809d08d65707089d0c8dca3bbd7a0bac6d9792e8073af522b3c832ad85ea039e396ea6e271a256550932293e6620e240dc66655f7dcee8fd90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90c33372f401665c1b89966b45326ab6

SHA1
9c6905f76c7700fdf4867509f834b26fd863fc43

SHA256
46774e767a673a067d37490401a5459294fccf2c9ef9bfde07862c04ad65b17c

SHA512
acc01828913826467efbd91ac737e4bc1e346b237812e5b75c2c1ccdd976e02d8f177dd60602b83dee3d28599b9128a2a6da64a4049ff0a65f1933ad3f491e15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8ae4b6578cd88560dd18e9689b60632

SHA1
6d65b566dfb3972b6e4b78cd5596a4775e010e25

SHA256
293c5f473235246e412ca937649c5e6bc60f53b41ae636cb1c5915d187d57184

SHA512
7dad1b950e1cadc65a8a40eeb39eb29554d3ef0ff868e0cba64e69402b603d35613e1912e56cf858e23a37e5f86cd07d777b97742ba4d98597a7c26b96986d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
925e6df6647807aadea3ef15a42bd516

SHA1
2c86abff15859b5eb0a660aca00ceeb1056d7bef

SHA256
ed58daf2c74f4296c538a1d71071753144887483209bad194333e38c6f68a176

SHA512
7b4253824f677903db7ddb9147afd55d1abceca612773f80e0bef2d6680cedfc4716afcb3f4f6ca9d151baafb1c6425b3319cc60adf44612a12399c95e44915e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
742af851e245aa350e6e5190596e99ed

SHA1
9ebc9ece83df2c0e94b7e2fc7b99427d9f960c6d

SHA256
8ee5b097f550e5765690463f49b36631ccaa7d20228915ebdc6a54da667c9460

SHA512
33da601a53018fdce7b86cf4c48183c2c9caf94be3fbce6760f4b22e56c88acf21f2da26e634b6f3cd48f0277619d51273711902125b01bfc96c933142b54a44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
146606a21ca9362e20a01b3d8e22da86

SHA1
9d36351ac9edb5141a98ebae8fc7f9eb4034621e

SHA256
cbf6c84a23da2dfba038b71d01a03338784fc1db5dad1d4e3c20381bfe323022

SHA512
ef5c64b99d1c8304a219fb46791f2d940cd6ab4bcaa1bb64d3b677e53ae00641462561acc5deaeb274bee1401304922f387cbed27ceb2934e7b8dcc8bd9f934f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
546af51b8313eefbd4c8df70c196f13c

SHA1
dfd72b9799a530f1ed30c16f480347fa3a37f859

SHA256
be37166d92a4c12016ad998c8ceef28a0fa622f6c1ffa0e1af8a71c26d26d56a

SHA512
5cc22ee0e0a81d76592a904726dec5ef5e22874e7c8c1754305c4197f10ddfa5313c17cb2b72904436966b14f9dcb94c153b54e43ad511e456b1a9051401169a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf43f02174f9a45faef9a3897a178ea3

SHA1
487feeab70a28d92b35133b0872a19c6d6a88573

SHA256
bfc2ba179f5a2934b8741751abf6a2bb38f3cdbf7d7ac60cb4c1d45517744f8f

SHA512
cf3d676ea10c26b0cb55e6ef3d898ace5d00d4b2a0faac4703bc18384ca57247ef8b58be974ca4c4d8458bba26ba1ccc783e63c4cfaef9ba80b05be941eb50a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e2aec7b9d453cc651bc2f38ebea4d89

SHA1
95be3d2d0a092660e97577f976f338a2e6ce25b4

SHA256
f40e401183f6c7db2381a026265179ce17d5b27a3207ae810f043a0b5e2d3cc8

SHA512
9669abb281c4b4418dde3037db03ef11a30c32becf33dfcf25130da83a58415d49724254b4c432045683a1254c082cc8316db821987ed335d58b0e23ebb14c1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
524f696f60a3c1e3025edec211b74fe6

SHA1
34ce6ad7863f99f4f03f3994bdbff7af1bb6db2c

SHA256
b8081c92a6332a42ca1a5eb48afbd3cf08360feb209e8f0acf38e9e5e175f741

SHA512
ae0b5e2bf079229a13df481f1253bcfe46cceb2dae1d535e5f69acccfead473e3575f19cef0f97d42c065376158e52c6321e75fb84d065e439c5967372f127bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3a1a854233c5e50ccc298cc781dc19c

SHA1
3a0129110780fb2fd6bdd7c8683fa461c53115ab

SHA256
fbc3fb513740e9e36b24627de92968b03145bd357eeeba06ad80b34f13b6f956

SHA512
e79495d90a01c45f9265be4a860be7a3a29e6c61e6fb0d40833d49ebfbc5aaef97437b31698f33032ffe08d05358715d9bfd4e23aca7f8019121457be4c89f1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ddc417c4f63bf7335cdb0caea9dcce8

SHA1
7bc3fd100e484506286dfb6d87f341b2a7315954

SHA256
d013bc0d55ccbe29c092e24af4668b34cbbfdc7dcf38c4cca799cf62e2ce60b6

SHA512
4d510673d6dd5052d18b477459391eefc54f3495d449451b4bddb8d3ace7314bec4bd11cbd8c937baea91f2be9e9a390e024592e5c1203a8d9622186ab1f0682

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8973dc954866be2bb2ed47b44a381f9

SHA1
75d1c2ed262e3cab4b17adb20701ca2b87013a0c

SHA256
1cf86b448420095cb2a1d4c03bd28bd4bdf4aca7c29769ca68bbd5c214197000

SHA512
75cf8f4fcc4471a0b59577bffa145db16d72c7f8636043e25ba3d7fbdfb8552a38a693f07b52068aa1ad1940f834ada1008f396e8ed1b2e0d23c84b0e56ef571

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b24164aac472b116bf4dc61b12cc751

SHA1
ff4ec890040b2d7d4fc2a7969ea4792a01647f5a

SHA256
a0ae17926779cd9c8dcd2fe6da872fddf071ad2fc29ffa8072ae0583439391d2

SHA512
5dd6cb6e1bdff19f7ba112df49cc3c6015d279cecf171d3b780499458124e4b930ddfaa3ebbb9c9cadc3bad08b7479ac6e5b0de97b2e2c34622299ed6b4b4f24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
644682c0837f04d7b734ae01dfd17579

SHA1
7aaaaf990ce2f9327adae81885f671b42f431159

SHA256
75b147c04ff932767fac8658caafa4ec69aacbfa030f6f62bfaf659f3f62ee8f

SHA512
ef3cbbdfdf760853e4473ec6341c37484b8aed4fe53c6eb53dc22bda67010b88ca5a64aa9cf69db9c8ab18a29054a42b7808579d98bdd55db727cf9ae8fe649e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
261336a8a6c8616a3e5e2f22b4dab524

SHA1
a5382fc7ba6506d61b158aaa542073924dd6725f

SHA256
ed9c28a76445860b096e74999e4e6ecd29ff49bb9dfd63ab2aeea4f459591ac3

SHA512
f538967fa571a0b9ba0b6c03c1ca03643b218a435e884525c1813a72da6d6f07d0fab2b06f40e3f05bc068cc0aa73e5c6547cae0170020e3cbfb3d267eb76b91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbbcc24d0e1e9434d9973595b09307aa

SHA1
b4bfa149641270b98e13953f6068ccf713b868c2

SHA256
6aa9a7d8b5e6129db17206259770563d1ad740ab1ccaf175fbb9f482208f3b0b

SHA512
148619d7f05ccbf761f6438b1c1498eb5aa711f97aadde6718686ecdb4fe82478126bb0d081d0b430693d0da5b12f09be1679abe9640fd74b4c6e1e511d53211

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab786D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar79DA.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit