3400346026cb7e8f5c8a2dfd402f4e3160eda4e561330137d6801f67e6b1d821

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

f1a3215bb5179a08f66b3e8928d7af96
SHA1

45916b39cb7de74910083e61c3b50d9b030bebbb
SHA256

edda89b1cc770271f85ba8823b8a335c4a94010a803f6e5f52f1cda7cbe561d8
SHA512

52a27bb881f5a605751a3520a11d0d83a29c3a29c7ed08509addc7baccac4c19d58fbadf085eaacfbc31db7972969bc57662caed3a973f2d9c71c524d3907317
SSDEEP

3072:SSUz9+JQptSFyfkMY+BES09JXAnyrZalI+YQ:SS5C6wsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0BC1F841-1931-11EF-AAE3-46DB0C2B2B48} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422650259"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2852 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2852 iexplore.exe
2852 iexplore.exe
2172 IEXPLORE.EXE
2172 IEXPLORE.EXE
2172 IEXPLORE.EXE
2172 IEXPLORE.EXE

pid	process
2852	iexplore.exe

pid	process
2852	iexplore.exe
2852	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2852 wrote to memory of 2172	2852	iexplore.exe	IEXPLORE.EXE
PID 2852 wrote to memory of 2172	2852	iexplore.exe	IEXPLORE.EXE
PID 2852 wrote to memory of 2172	2852	iexplore.exe	IEXPLORE.EXE
PID 2852 wrote to memory of 2172	2852	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2172

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4149e933e57c0a294b0e96afd87f4111

SHA1
0d9916d0a4a2761e2716a90ebe8f711e512d5221

SHA256
895b67e0d93bdb776dab5a5012af4713131f62c8eee74ff63c10c3caf1158ac8

SHA512
80c63fcbab5283f00e7fcd1b1386d651d456ddcae5c238db7cc0624819404f46ad75d46896eaa0e87394516d81085df76de95d36b383227b267ad5b17ef52474

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
57a564ea5edbcd5fc329afa8b8debd6a

SHA1
b20cd3495694e907dca4dbf30b834e37f8e5de05

SHA256
8b531fbad83aec0d3ef5e19cee2c0a2ee28e7be2e4b6129d8ff36ba1eae1d424

SHA512
039aa2c8b9f35b4177f3c660d869b3d98a3509d7bef123d2e0c617841d46bc5d72bb782b9c388a6141d03881bff49cfcb800c42123c26deb19d4787f5c44cdde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e2dc93059565ffaccd9c429541de94dc

SHA1
74bc30b5bc361f81a4f1e4a55fee85b9f54be745

SHA256
905141e9a81253f0e218ce1c6b4e1a36d8d513e2bd44cb9bdfbfecde6dd1b6ff

SHA512
0d12e90a235fd6d918c8218cae6f621ab0a5fd509b38562288b442ced042f329a7a30e6adff9b9875c37304c4db5952ccd40f8725ebb6ad1514752c23b746644

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f8236d634626b31134b74eb1acd84de1

SHA1
937443d3e2d906f15e092622776a4158b7478c05

SHA256
05368c113234c183af4025d447d814bb0757c737c571a5715912f250a9aedfec

SHA512
acaff4022892e57c0022ecafd0c8d4a653215557f9d42b785ce1311c34a2bb40240de9906d5db6c9bb856a71f26978aa96323421424bdf565b8ddb176f265646

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
402dc3087b108c79719eca73acd5ba5e

SHA1
2805c4aa59183d9912b3540ac91fd2f232a7bc70

SHA256
9737d3cd328de82a65faa2f4c615890348d0f96872cd4f7a014a3c3df1669115

SHA512
a70e88ba0fcee9aa634c4f3176a48cf1ad599aebc9e6da219e54674b134e5cb898dc960e1094b3dedaabaecb2bcb9bedd69fe09cfb581150e82b344f853aa89a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0cf66481d3e4ceae6c18ffb340a1a8ce

SHA1
85af6edd7095894858fdf5e9a8a40206b58d6ec4

SHA256
c058183318b3aedae1b2480b8ed7f51d04dbcfed5a755376b2727f6fbe6ee49a

SHA512
9e4e35729f35d535ed7aaef0f1061ea743945638553db313fe0966362e6a8656d9c7297bddd2424c4a155d2b09c5f3cfa3458f45e43c72a71c2f437fbaff635d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a916c87ee55ab66c079449ea110a1473

SHA1
24cafe122d1fd0b3c4f86fb0a4dd18c8e7285afa

SHA256
6999a5d324681db4e48180bbbc15ab6b44b133d1bd5b0161175bb99110a36e4b

SHA512
96b5edc1ad250ad9e580962c712e70386d0827acf49bcece3875af250f4913a2420f7db74c860e50735d16d8e75a6b3fac97b070cafdb536ad369b6210fb28ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fc38986f8a24b65f27941304c31f5bee

SHA1
ab3dff154b87b14fc8e3e6e47d8c71868feef2fe

SHA256
e13d796f4a7aa34e731c52e0611661848228a497ec10099f3f753843edd9451c

SHA512
82bfa9da97e350c2a5aca3566852e011871c98715b8507f9bbebec7a5f31569e0918ce6b569de0c16cfc0c59d9a31b19dd2289960d06ff7380703f6902a7df36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0a1cbe747652f3fb396288f872dc1cef

SHA1
d44d8806998e74e5ef6b3c4014e84334f5095805

SHA256
110b91a999166846f9912caf64585d1436d46061a5a4c8f9d6917257b551e5a0

SHA512
99af977fb17388c41e40377fd6217b11e19641fe0b61b190636a67832dc9b06427eef35997d87449a864298e26d6f259711f2267c3df8693573760b013aa5590

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2a3b6bff2e064204a4170f84415f2534

SHA1
e9f9708e419200c11ed95875726ff5566a0b1c1d

SHA256
b3c4be71518f0f95afda29dedf6d79e83f42cd45ad497596360146873f25e7e0

SHA512
c36f6a94e8514495e1c88e12e359e2c3c7746fd674b6c6690c9674da757566eddfd6bc5a49b3c196762aff05c6efd9c32f0808e3cf0140170ab01c7f2342abf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c562a03a6bc2e639c952d4193438d7e2

SHA1
572ecb3498a34a7f1f4c2d5fe35ea5768c745c09

SHA256
71c6033e59e7539c1c13a7953cb2f1263f2352d01be4650a024e3426633cd521

SHA512
29e073dd9b79abb8d527d85b052dcd76931ba39f66bbec5f153ceaffdc5abb5cab53a8beca84e4c74610832120d3fa0867aa16113e194228c020760c43b5aec7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e2e2a2ad8415203db4a9f41243e6e586

SHA1
b5e60d5e4705e27fd50dc52245cf6ae234198346

SHA256
6ea218132c66219c73a1014703529a1e7e2bad9d96060d2d7ead74b1e729c8d9

SHA512
606c301ed8d8b590482d3f3e26843aaffe49f57d279f1abe26c3a3b4c5713c477adec85e822f9f868b4e1d3013d05783532e6d1773a688822830c037852325e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7464d3d4d2d664b2fd8b976e03dbe246

SHA1
d979e0ce1c1868ab0e76dec9a10d5cc666678b88

SHA256
43f08b2ba6aa158ddb1b4b8c24d9e2a05ac8c8d49f720ede3c765791b81abb39

SHA512
17077de901fd6884b2069450cdc4646e776961d274a6c9621ca3f5e7a1933d32446abc60199c796593a5e5a524add23c08666454e32e1f7eb261dd99989ff3a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
309b79df3a69f9b9d1ce7160caf58e6a

SHA1
a895ec8e82f5c6dd47a2709548c661158ef792d3

SHA256
5348035e2e2a765195dedc2f12b2f3aaf32f96e1b5340144063b11e10c9da6ba

SHA512
319542403d8ca35f700119d09eee4b0f4458189125fe53735ebf4f5eaf5a00ccbb68a620c344016b331a88fb4ccb5dc29e1029442dac02dc14640272af697a85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e504c952d04265e76076b5658898b928

SHA1
bb8c81dd3b4fdf2bd0009b3fa8453159258db607

SHA256
9d9a414cbed68aa544cb02753fcecaa68c8f18c14744f2dcd28e77e4cf03e6fc

SHA512
04656afbcd26c3badc4e9a64958ab416bacdf08ded50ae6d1a23404d0ef8d7118bbdff7cd31055088b87cbe10525459a84938612e93ed8fa12d1680bcf5b75e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
25fd8a4ec428e4493b5652b6e650ac83

SHA1
e3dcda0745cc51d903080321a2d0f45cb5420d9e

SHA256
2758e3b2a970d453816baf60ab4bd8801433cefb3aef40f4a66547e4ce940b99

SHA512
b5578514652f3b369aecfc5e0c5feed1dfbb6bc4c236e182b1dab09ab65653595581a245599e1d316215d8fabe986b2b2f234283f4921a27c0daf3c20fdc8572

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4e7724a60e3d4f1eb4f1ed3a6103a914

SHA1
00a7eaec9682fda786e7ca3f6af2b9abb718c9d0

SHA256
901130789898d2dd18bd18056c10e1f2e8c630d1abeace2ac7cf799179fa93d8

SHA512
ba8c0314b3f1b58d7efacda4f28af76697cce996e53116523e6d1f236b662f4202db5a6c462a443f0c97cd552862a47d6627e7719741baa7cf8124c2a396f3ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
01dd6c44c5881b9a972b68354aeafbc8

SHA1
e1f6eb6e0a5fb734d8a1195aceaeaee79d80e57a

SHA256
eedd9f7337fbf131a5c948e505bd0faaa4760269bde8932515c84ab8bcbd0f98

SHA512
e65552cfd6bdd0c2059b841a435f08b8aab11aa8a68d9e0b1fac3e63b42490469d90c0f91790b1b8829c599eeeb9a91b60a5e28659a29ec50f5982b39329e1bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1f7608e17aee6ccf43dcca7ec3da33cd

SHA1
588d2cfc62bb358bba0dd739f7a25e5bf47603a6

SHA256
9b38176669747687fee5edc83c7288152ca2f4a594dc3785914f239eb401592d

SHA512
52ab65ffbac9ceefc0c06eddc0ac437d58634e2709c79df9e062f0406c3c1b076761a8f50c9b84168679e0a8db130c863e894c060a12789c9e6d92ea96970211

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2223.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2314.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit