0651bcf2459aba483148bd58e56913d5bf5448e50e7818237d1ad84a5f3d7f94

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

fc8bc2baa3f127cbdc6c7bf710216471
SHA1

5e0ecce5d56704ac41258204b584301cf8b4b767
SHA256

ccd6a12e60c2f6f527bfa1d0d3de791618a99a5656af25bdca6626ac9ad23a96
SHA512

3a5f34d7d4cc6800899fc9d0ebece3b67c3b8fed3151d5c74ac82a69d1ceeb586b09616410e40083b4ea5e3e16cc7b0411d4aa5cd72789e425afa72f07d99d16
SSDEEP

3072:SfYDjHR0zxu6itfyfkMY+BES09JXAnyrZalI+YQ:SfE0xytqsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0387F601-1965-11EF-AB01-4E87F544447C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422672579"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2904	2056	iexplore.exe	28
PID 2056 wrote to memory of 2904	2056	iexplore.exe	28
PID 2056 wrote to memory of 2904	2056	iexplore.exe	28
PID 2056 wrote to memory of 2904	2056	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8cbe8823477d702b5140e12d61a617b4

SHA1
b6a1a5396417879b634febc06e910fcf322c658c

SHA256
54afaa6fb58d6035a13147861f00a7c9fcee659803cb7baaef52f4b761c247b7

SHA512
470df30c156ef5d0c403f200d3f7ea5fe0de5b72f30ab23200eda84fd43632bdb20c469c820d771d5332c268b5eb749fa30e80ca455e08f585e79f2ab913f626

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b844fdd80b848cf2759f7e700fcaffcf

SHA1
d7711299dea63a9b2659d00ee955debf44ab2b74

SHA256
953652f917da0ecb1496253adab21adfce59918793d2fdd092635c7bfce0db87

SHA512
a5038d13536f338a35b90bf95eebabb775f93159a4e064e09ad36fc17464dec4cc77fc190d2c3ad17514bb2682816cb8c475c5e37f8ac8aec3f1d3189e6a69dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a33fac919966c99e86588548b8522663

SHA1
aaeb5d4215375c639416d90c43b72810b0d39a13

SHA256
a4f75e09abd48ce1579b8988ea7a49f4dfc90c6eaedeeb588c48e0d4bdcfb64b

SHA512
c5f65f81ab12812eed15054b6dd3f030a96654c77f0907226c1f81e1d2d9954c6923fbbafc6baae73d0b4c841247c2884d528d450d061981f307b7336735cfd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c6a1d358fb7b9cb02352cf0f1fa4cb9

SHA1
2b02f5e6d7e9bdac8a099780af04b977d94657f6

SHA256
054ac67535adca68933b99bd1e80bc9674c88fd28e0406e3fea0e96e34e65776

SHA512
485a5d8d26b0195a2b89d162f7d0d5543ba697abe43efff836fe2e2c8a45567f6d03dbdd906e7f64b97e455d1337996bb8849def4bd6e48dc37eb88b9d04ceae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77d34b2b88c87b5a84fefa83e4035acf

SHA1
fa3526cbef4c3f49ff84ec4729154ef181119df1

SHA256
7f0e2ae8a338636b683e65274895c94ca565f38d554b972274380b470b54c7cb

SHA512
2bde06770b87b634b77e7321588edf5209c6c804318d29de59c3ad3a913cb2558d663a597b24e4de118676eef9c5208009ec6b85203fe76345a14380bf2a8e8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3973159dcf82a8b42608dc6963107262

SHA1
f46f217e569755520949dd1bb4593c27bb2220d6

SHA256
476e354c51e7315edab50440cf1a850962b38539220fd6ff657171174718fd74

SHA512
b29ea7b8d349351afd8c648af6194ddc5af742b09ffd13e13838b87fa4df8fea82039dab9a142a772239133b06ad5ddea9d57adf955c2845e5cc06457376f78d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20da221caf77482c6cde87c44c8e67ea

SHA1
26a9e7abdf435cc57d6d9be57dfebc65b6ace845

SHA256
5f41df3fb97860f1136e497017883f5f87247fa6ce94d3f9cc43b6cc7c925dc9

SHA512
ce106a5631c235a17bfcb92bb39a90bf79d41e06b5e0d7ff0da09bbed49dcf59ff57d938995e0171341158e3b88e43b2f0cddde3d3fb4657b12cefd16ff93e5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5ba46b799c0c110d4f957f0bdd06b0e

SHA1
f7457cbb5ecb1a73a3abb59df91b6116fa19f669

SHA256
7243bb2392df13954071281365d02b5dfc7224f1c6dd5e8b41e44cdcf359f062

SHA512
f34ecdffca7cee8236244bc4fc55dbf1cee8aa7b94dfb96964adbd12c3d2d2b5e27c5abdeaa49d2071eb6349d2ffb92a74d1e0ae01764e33e65e45ed73a88d43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55d7aa31b85d7fd2d467bb15f90e33d5

SHA1
1661a770146574b57b56732daa92e9aea47849e9

SHA256
aa1c286265475499ce48a2c5755cac290b062daf5ca0ce2ecdc4c48ae2222022

SHA512
d8acb7c63fa8fd8c12f4e0c0811d5e796c39a5d65ef25ccca8d36616ffc46a6b0014c52c7613773e91ba005e192808b50fe45c222b2dd6178dfdc52ce1261a7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e330fb0ea8d7810af85740380b3180d9

SHA1
998a70c74e3c74c83c0f7a55ea0c73f032d21cfe

SHA256
ce27ba798adc0bc8409cf040858b83cc882c87c27c9a00b03f5dafa2dc3d3b9a

SHA512
6237db2a4e320ab25eea3ed263df52b72d2860b405edb561d2b6767f4e461640d7eb3af531ab3769dc7255a7f593bdba2c9f326344321418067afb5a93ae28f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ba96aad72c2a3937ab65b69399c40c3

SHA1
8788af9a347145ff042727141c2490eb4f426e0c

SHA256
9343812e24c8f3ec0dc80c69451e288760865eb59be87ba3e5aaf54b348c4c34

SHA512
48c6457c3197f43600dd69076ba55561cfdf7bc272d2fd89cffec0f8be5a4edb7c8370a7dbe065f9eeb9b436ff45ee99075479c833a45bd8bbce169087fb71ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13dd6a90f9dd263462eb44356acb49a9

SHA1
86f95f69ee672ae3ab2e190ed4813aad396e1209

SHA256
5171cb4d5d4eb59fa1c0328e2485c32096443b6811fa5810adce5a6d0f817b16

SHA512
e7faa35fe2b72a6e3f4778855c48c06245222f3c70de0321790fb75edbf84994dc92ff77a4c3bf0efcc1d5bc18e9e504a53232611f46e808f32dd4972c8b50dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4724bbfba8a4fa448a0856db3fad4956

SHA1
323826ef917b3b61d26e968eb1dc27e86e02ff2b

SHA256
818192e81cab3b54aa130a6edd84159cc40d58315c8e79f50a5831c78172acc4

SHA512
9e135fdd124dbc62f331f20c06e574975e0091fbea8c4f3bcc4b2aa3726ce7b9b98488edb7f3bed80107fb3e04991f29c0e71d334a8ed8f3ddf3c95c71c1f497

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09e7e5e72ebcaaec873e2b16e78b1d3b

SHA1
d156320192dc0107af18025bfcb2b0b9df5d128c

SHA256
585376408560c78f2001a60fb97dbb4c8e7cb92991ffd8a279363732eb56668a

SHA512
37aaba8c5d7cc52ff2af956ef7c98c8c696625d595fe9614ae408b550c3c68dea40ba544d7520b61b6fd820231dd7a8dd7405c069dfdf9829361fa27eada957f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87bb67ac3172394d8566de3f8077bce6

SHA1
d76b36ffaa73d151613af69e61f8b2da61718002

SHA256
b1f6cbddf6546f86af3960ca5644427538475e839db05854da4e79c0e28dd43a

SHA512
9479d116128dab49da0d7880c148a9edf634834376201f253c7c3a9a0c978a855278ead8e572609a0efa936740c8db70a8556406b493dfc7c3d32f8ad8863626

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a11798eb1935f73c3c01b1c2772842b

SHA1
9ff981203eec40f384e6ca3d075fde0050781a17

SHA256
9c5167a37a23d13b38f4f922c5292e570330f6e4f87769430ca2f3d2fd2089c7

SHA512
3e745c4c48f5402f7fcfa8e03bfbe3409c108d854c35c0213a60871ddcd8f494e01223377ce67f657b75d0c3da6f4211129ec162c8af0eb73ec644ed35773453

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55f05758eee32a8eb49ee9c8d5c64aa8

SHA1
3b48c0384fd33bf2ce09a1b51aa74cb52bf5ef66

SHA256
b86aad49c5a04d973cf8174be2c22baf011be812aefa05d8f747de7692e3a671

SHA512
acf8ce531926a81cc984f409d891b59de7038185c6ad5bfe0a87d5ba73e8f26a47bf0975734187ca4c086446297ee0e0d0eb6eb792ba2f17b01fc60aec6e7154

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36b82e3fe00f36766e7b0350dbe219e5

SHA1
13a2a2dd5dd983d5b88e961b7015eea304e7fce3

SHA256
3673eeb4ee580520d41615fa0722bbecd1c1e7384713e9bb53264f09b816d56b

SHA512
bee3a5d1be39e58a8a841808a1aba457c1f64281297a8934aaf3ab3edb2bb24b18419f888afaebdc8f9fa70596145d5b47f31beb63a40cf2e3829fbd9b5c2b59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64b086838ea842509278014e4bf70d6e

SHA1
ddd961df9959c3fb2893d3d413d79b703ca4214c

SHA256
54c29e339b92af9fa3b6d7bcf439c8d8c0341932fb55ca328bfb3ce70e4a552f

SHA512
f11e5ee1f9a03d76b53d7e716d044ca785c360abd5961aa83036affd742f4cc6c7b1a22c695909fa15f15a8bcb4133577c433fbbc6e9c926f6493135b36c118a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90e151dfbbadc2c3d0e0dc4825340bd8

SHA1
9245f5b8b5385202138b3c167c2614b376318c2d

SHA256
8d648359098f639003893aaa7028dc0196d66626aa5e10e1185c35a666570805

SHA512
c92bbea292cb1b124f6c87cff66a7c19848cb3e893ad66c1b37e4bffac1127cd2df8ad933f86d50ee9f2cec2ec64aad355e519ebf4b5469c44e5d4fc3e0f1afa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab20BC.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar211D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit