d95ac374af583a82f9ee1f162a4545e91dffe460cde05b2a2fc21cc72a06b0dd

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

ac2051b5d43f54524e4f8dc205b0f45b
SHA1

00d32a56bbd4846d04bb600a3f3481793e307412
SHA256

1df7392ab9f22b757d4f225c9e66dbd32dcb8640b925fc547d28cabc5b0dbd85
SHA512

c0c3c52a0643e5828f2006b36279751f45c14359aa83e985363214964be20f6e4b8db05a8c7115afbc79b07e2c5ea0b1b68cebc767b6e23793976b816786a9f2
SSDEEP

3072:SbZsptOVyKoyfkMY+BES09JXAnyrZalI+YQ:SbiUlsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9EAEC3B1-1934-11EF-A6AA-4E798A8644E3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422651794"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1804	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1804	iexplore.exe
1804	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2856	1804	iexplore.exe	28
PID 1804 wrote to memory of 2856	1804	iexplore.exe	28
PID 1804 wrote to memory of 2856	1804	iexplore.exe	28
PID 1804 wrote to memory of 2856	1804	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e383b1e469d886761f2711db058d5a79

SHA1
5b3bd4dab787d3e332e32d0aaa909898dfd557c0

SHA256
fed617635b8fdc455f2d7ef431761ebcdb5f35d0861db0415b8aadf0de7ed7b0

SHA512
28ebab23fd074c65e5dac736798d5d83597ba92db7230999b9b937f930099263c54492574bd3baa4382b1b1bb42949685c5155706c7cb6b3376b3925280fdf9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d903ef15e356e146638c9173cc00672e

SHA1
4fdcfe9495bfb5e9e740dd97bc84d594602fb096

SHA256
b904a6eef175203b5ecd46950c00691f60b654597fe16ce48e814bce92539cd2

SHA512
6dd49c7b4ef9c5c9a247ee7d70ce23dfa177a982713d4fba7f37fdadae4faf19de5e5eb4a2ae44d77b3fada2460498503ecea51668b95d79ad81e0ed3fca1070

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
942c387464d8e386d53fb7d4e404d545

SHA1
a0318db47ce5b44b5bac7062cec0ecfc8d335786

SHA256
47302f4331e584517adaa888a14cc6afe2d1ef1834f668219c4fdd90259b7564

SHA512
e30dc9320df5347a21f52319fc8aff696c8218efd9e6e6d1aec5c98c15d31f3c496b2d9a2878ec4c54fabdd54bfe922f41eb555c023629ef0f5b6ef37b54197e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5a00bb1f087dbf39ef0939e0065b73a

SHA1
d250bd726e775218211dbcff03dcbe471a740466

SHA256
9bbbd2dd67c6fe01ddd45c86f4c0be608cb0787193f7048d4b607452a94df39d

SHA512
c46afcabb83a76b64d0d93cbaaf8cd5c9d99ea4283e1763b9b98f48ff2c70f306674e8e547cef10c580b2966e886c97916a66a3c40591e6d152dab4d44422789

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b06b20167becd96e3b214544a0291ad4

SHA1
47bdb186599ff306d08d2b38e6c51a8c7f51cd28

SHA256
5e874f9e9caddf62ed85e49649ba78fd99ef8bc715a94b3f45a937a5789a42ee

SHA512
bd4dca6e4196590ac31a064b8313fcc6da8a745d6944872aa900ec0e1c51e05da8d98eed4e72dc4c017d9490c8965c02a3d568b76a7c8528658df4fc1cc86bda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fc045968197a43cbd954d5d156b2a68

SHA1
2215d51027f297db4bfff8a9cb15c054f060af4d

SHA256
02e5bc496de9526863032cda93814f0a33bb5f38bc141d983646b37811b5cc3d

SHA512
aff99f93ba63d285da44fd33c3c48c5dc4499cd68a1ec85a194e97a5e49d73025fa0c5f8fbe2aa09a4bb65b486a06018b4241ecb065af1518dc1f89c896b56e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bceba5129e62d7fb0da71c8a2319e6c

SHA1
9cc3f2f5dd0638cd52f97e6da6b1d914040dac5a

SHA256
d5cbf027de5e48c1e037c4514da01896ef5ac22babcb6c04f2e6b19be1fc46be

SHA512
a06d826a7d1150ef7061b9f181671ecebc6f9ffce8467501408374bcbea894e7162663e868377503fa66724937061621d2e5a54465386ee6ce81caca384cea9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42213bc2e1606b59600f37ab7c0a7b9c

SHA1
f3e52cd1443b7a7e2db86422fa4d920adf8b5f4b

SHA256
35dc25a8abf9c3a91ee4846a49056b88cdc148a63075b3963c7a778d79de81cf

SHA512
9fc34a21496ef3f08bcc7bbcbc1b843a74a2da6b03ed1bd72bf7b57d9082828be8d69fac1d18e784c12b33e4a18fe0ab1a5010499dc38876959cfdf39ee82f05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
675bb7a7ae05a477f20101f6a70b51a0

SHA1
8247edc4189bfd56b1af161fb2953fbf0770cb01

SHA256
3d422501193a5b13b8f3e9a5e31727670f6961a0981347e7886f79d21e1451b8

SHA512
092f04c170acaa54c3a7833576596650926daa29fe9b558d7b8be149f7173fc88214a185bab2931facdac1e10f64b4d1836277c35ea846aae7dfa2f23c12f7dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90d7a486ab18a5192977812359976980

SHA1
8bb15a108e8ffab7127fd78dd140ccc563487325

SHA256
25b5977c81715655c978567296275ee5627bf47a3e7eec41b88e5384e9805687

SHA512
370dad5324e2670b56293d76d24ba09f7ba916d6a863cbc2266d52410e2cf543853da8479d40f80b11ce809a69921fa91f44c3f06c7c605b2e0fd23cfb0dc5a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb2cec664c31acf5168c0a69c4d06250

SHA1
d8e346dc1e7148f5df8fdc15ce56544fbf3c0c8c

SHA256
1c41832f22b4c13988387c4daa982ab7e665c5e360c10a3b92f7bdf319beb623

SHA512
dd157878d843f4eb9142d2552d905411874b7c75103ab101ca5e293daeeff71bcef983ca99bebb14941986ea615a638f81c97309e84d00b1bb2ef6a7b32dcf7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f7c27ead1a00d3c17b3db1af74a861f

SHA1
69e23983fecb849ab1a9b07a21fb6996785ae541

SHA256
8cd8a6115415be5b0ab0e0dc9f4dbce3e14e684032764e9569fa764d7128e575

SHA512
f4f0888814989df113cc1f628b35bdc0a41c209cca021ef27bdaf866f8cbd2310ac116204a7fe61c5f9c80584496fdc3e0ad8cb6b052e1dea8919f8b6645b596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa1c70965c14a55d41e619648d95c3f3

SHA1
dc3bffd5e5d87ac00894381e15bca5125d42f08c

SHA256
edfa5bf2f7e79c12ac5dd0ea03d45573547afa4e70d4f46e8443b8e1503e5ac7

SHA512
a546425cff2dda7ec5f680c8fc70bc9a5d3c1f82fae134b1dd087eefe2b128532ccc6d9b37aa3046fed4364ea6f74b19a95c79d11eb299973b43e2a0b6ae3b53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1124183cb618903b2c6ce4108fdb149

SHA1
958f63d0f1f778f0bee5fd4515a1be338b06f03f

SHA256
35806b749ae8c61790c1ddddd04081ba4c0692ce0147dfeb9a39f82cb022eb7f

SHA512
7124205224c28a39c0a8a3ae6e35dd525726a2adee10504578947a3acb0f2856ed978c9f34957db09128429b1ba8c796b432200cbed67e13249f7025b792cae9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8ef22e5eeaa80d7f2794a00f32b7a87

SHA1
cc276470ff6c53117b4f1f21f00b14d3121905b1

SHA256
c76db5d6ba07c108a5abc22302c031956237b3a36054e6dab766d9dd0a193ccd

SHA512
4ba510689eac5798e66e1b7beef0c0b41f1f19b92e77a9d444d2e069efbcbb29424b8d45904d057446bb97e574d7698879dcf03e8b075280a92a0e512397c36d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7c09db839d91757995d593f8a55d8d6

SHA1
fc2916f64aa1b8a5727717fb9db473fcd5be5b0b

SHA256
01a417e9b49c89287cc1f08f4471a3d13bb205a405b91304ba2b343a896cb6ed

SHA512
efa748fce9946dd1baba91c48df1bc724d0d3904492bbcd72b5f7a102781f1594042d24de1b33d21b99f1776be69ff85e7559c75d1bc2f99994cf6aebd6d7417

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5f8f9dd210ebca778a37bd9b6243f46

SHA1
ce7ddb353f955f37530ee0dac754ed36104135d4

SHA256
6503902c622a1ea336135718d8056d1c2d75c7bc94285d11b3dd302b04868183

SHA512
2e589faefec329000648f9716f2e437af19a8a404b9b97cad2f1283a7cc56fcf33830d40e46744675310a58572086000abdde46452ea4ae0c6b7da553011e9b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c67dd3720762fa42065f7940a873d213

SHA1
6f47d1776722bf3f7ad957d169e4427e6cdd458b

SHA256
591bfd4b8c3d4eb81ebbac58795e991735e336e73eaba18a661be5f424fd824a

SHA512
f44115711d5462fe3ada0eaaeb4972a4565542ab9eb2a817d5c7a0f9eff32a5e307ab5a15cbe38322a42c3a3f675d5b27f6e2d944e3ffcb51f7e43ce6d455c9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bee82f0f391c3562739d8eae4a9e35f5

SHA1
222784791f0a248d6adc932ee700c6679b256deb

SHA256
8e994579f54930ee4f9e4cce28a761136e054d6fa9bac24b188fd8ccb641cad0

SHA512
5ed61973fb392c071ead792484f9067d7e8015c85910cd8209de2184bb40434f74fc8630719aa25f6113fa0c5f0523d122082b6b9a30d32ae0270d8e3903b112

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab879.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar94D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit