f815889cd05d1860d09a6f908fc1ebba9b08612bc490b044ce4bc9f4546c8a76

Analysis

max time kernel
140s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

4a847dd8fc882039942a8bcdb21ab77e
SHA1

e4ab645effc363bdf153d142dcd1855624721093
SHA256

45ff6b108ae2513d5098807b3d47d15c4e695c62a3b4b40f7572b26222396c1c
SHA512

b73c9f1fe758ce9d8c5fdf32ff1758b46328434e65f74737ab46783f2e5c061b722d21fdbbf9e279a2ff5705b732c2462a1400e1b7772294e0cb971a0bab8aa6
SSDEEP

3072:SqefVHSaqlaaUAfG+3TSO7FrvDJL2GpN/g1qjifbB5yTH43zgYR8JG4fzt4k6iM4:S4zF0csMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37526B51-19B5-11EF-B35F-5267BFD3BAD1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422707027"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2148	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2148	iexplore.exe
2148	iexplore.exe
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2084	2148	iexplore.exe	28
PID 2148 wrote to memory of 2084	2148	iexplore.exe	28
PID 2148 wrote to memory of 2084	2148	iexplore.exe	28
PID 2148 wrote to memory of 2084	2148	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6b479b3aca161ee65eb0af709eaa4bc

SHA1
e318ab729cbaf56bb5c576cfc98c9a722fbd9397

SHA256
bc6ab45057239daf38e19eec560bbf08b690695a7430cb4b6179327f2a4c94d4

SHA512
8a61481db42b5ef0157caf7ea20a93281c6ce000895bb43c187c3afac892de23d6b54814aac4a735f3c58925eaa4723b4e5f5058c113f4c7d94da79f2d79562b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
455c3df20bb0d98d376d3bca65d1e13e

SHA1
107bd057a79826b5b9ea4ebc68be48dabd90b58e

SHA256
018c34704480fa29109f3436b379986e1068b87e3801114783a87f919be8bbc6

SHA512
e6ffd32154a9dd05c0ba93b591dd9e0aadb4ad30d397a96224ff77b53dd067be458a0cd14ce1795602d1a3713e3bbb60d4f1be2c143cbd5b45be57c759f72911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da2384876abcd64707feea030fd44502

SHA1
572c5b2b86c397d06438470b6e679ee68a4aff96

SHA256
44485dcf37763d97a56125c699f954e6e6bae6851e4df1e4033c9b88fccdbcd9

SHA512
efad7c1ba2aadb55f89a6765b6ec73933157bff9388453930c8f3905dfa74b7b1c207142efcfe352f7a1e76f6ed712164883a1cc3ab63e50b0d8176557e224b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11b1581eb6547ee354229573c9a34d2f

SHA1
a67c9997c59e54898b80cbf08dc6a5748afab05a

SHA256
d1af45997b354b38c359f27785b4efdfbc0aaa8375876dba9d27faee365243f3

SHA512
f2f42e894db848aa7dbe4e55b6516cca0bc3640fafcba97bc9905852a589ffd8b088547d525de062a5ad0521d0c75ea5e6de28a91b14e3a720ac483d74b88469

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a8a3d43b5e64e85f5d4dfb5d646d0d3

SHA1
f9affed7c8f6de0066d572159a076b9d1469a193

SHA256
76bb22bcbe56a0b124f8a8e0d30472bb879543a03892ccc2331d0b4116c92bf6

SHA512
d73dd1b5695be6d695a8e2dbbbc67b3a5a93fb83e07de8087b5106e120efafe280cf1c57cab633431ab7683bf150df1c118b2656b671c1c052ffdb7354700593

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc8a6bc8320e0fcbc95af26448aeadd6

SHA1
b212ab88ef6b0d01957a07065e51882c5fdcf8fe

SHA256
9299207f94b25cfe3449d428e7df94998e3d672757b0720890cfb108358698b3

SHA512
8aa5135c15e4d7134e0a0151999a5a0825cfb140ae6785a313cfff29ea9c097395930a2885dcc53e7ed402ed20a32ce5a16f8416b8e560b4cfe8cc8b1b12b53e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1af567ad7fb29951d204dbba95d02a29

SHA1
ac41f8c5fcf4f09c48ea1fb73318f9c90cafbd85

SHA256
b69d27f51562324e950bf5c879a51886be722c7ce5ab8a465895b0f0e0c21149

SHA512
a0c8d4499a5c3a2cc9a0507be04c82065bbaf1b3f05fe81d59a8256c997fd381787752f674da74867b99702501c1f1e13116addb0d8c18da07b4d4270e3fa72b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8dd5ec69b5aacdfd8388bdbffe6423a9

SHA1
82e4e9bd330cab552250aafcab47f970386befec

SHA256
adc93be4da19d4462181480b15335e8fe548ef24c0ee1ace02f3b38b305da4fc

SHA512
1586329de5da0cd7d3b5df6b13b7821a63c0ad5d0252d56a8a4f3d1e9797b88115e41c7b787d1c9cb677880f4527c40330bb1f3de2560203fca66c9d6f478453

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5130f1a85c760ed221fc582ff7ad4f1a

SHA1
b96a0c05cc84a2d506b1765545559d04edfde4a0

SHA256
619e1610bde94c26b38f84a9107248dd79eac16ad7d08974a4b4ed14e2be75ac

SHA512
d80be9d541a5718ef5ef904ef3980842e5465acbe9dee44e25de2b654a74af17290bd763f82d2b492466e865db7772f6f874539382e790180cc3eb113d5b8487

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72900632e205121d795587ae158d6158

SHA1
e9699e2e24ee421e154fa1379f806bdb5cfbc914

SHA256
4696e451597aaf2fc38d3086fd642d3f97322173a4129e6f4484ea0986624ac5

SHA512
a6b6b90e6097c28212f423f49b93f67ac5ccca8dd23a6767a909ff561199dc6b0e39c04732f4b846692f9816cbcd24cf86541f4babb570770785f94f535d6106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77addc456014482eef13b68f3498d0f4

SHA1
0610c39ebfff6f30c64248deb299f22f0bf282f1

SHA256
87e8448caa2dd4e8171b4170dea00a636d950fdb690519cef2a188dbd0879a08

SHA512
d89791497f7d15aa32a1cef65254458b9002a3664ae0427201896289f23f966ac53a3f4a7959ffc0be73e33b2b9a20d4795235d99bfd61713b7e7a4d10f4bc5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
013be976ec7b96e6b42805b5bfd318a8

SHA1
4fee3f272566efb1179bbeae1dbc5ac49603cd12

SHA256
8f40bd39a3ea168a101a0f3b295f355a25613672ed204dae8cef38f44abedcd6

SHA512
fa4b731a9ebca01b5d878b60f1016e44c8e42a366b4b3fcd73c3a189d41c90bf621f9234597a013884aa1eb8875176e85446c225e72d4fb40a28032405cc813e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b73599816ce6649134c9cfd89718a95

SHA1
c61fabac3b9eb6583419d2f37c28bb917596a813

SHA256
8469748e25c3daf28f5f407b919cf730be2b7f5c34cf8b079f82ded297566751

SHA512
01ebae7c351c43cb5e979567ea03e455dd09826e15bda630dd0cfb092c04f72f4920d321c89a0712b3239200187d043720b58c4b8bec2f810ebab7c0eb4e87dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5a1915a6d6b7b18ab45867f738591b6

SHA1
ba965581fd872eb8cd9e72aef4751aa38388b16f

SHA256
464fcc9c4cc42515baf3ede9a5331bff84a384ab507aa9eac81a6f3181fd92c1

SHA512
df8d46e471bf5e7546900dbb50531f4a5d23bb62fd2e74d804d03fbf9a32311ffe0ed51efe8e905963930644d5acb44f2463ee329dabfeecb0c2de1a4a90e330

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab6f05e8b1f65f5cc4d1bee0687dca51

SHA1
71996079c99876fc544941b9e2bd14bae9d0fb8a

SHA256
ecfea648ba78c7d7785fecf65229fc436cf31b8e41ccf9affe897bf99ee20ce5

SHA512
f87af3af521f2a890e52eba04c6c6ec96d67772466975527e1cca5a091bc5042f8ee1e9fde16abde4d00dae0b7dadd9d7e3b584e020234f390227c6b9cf92602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4afe8593faaf1a3aa023601332b2d50

SHA1
a78884271ea902f0ddb644be60cd8be4b97e7955

SHA256
5581fa3867df0f32bdec3da62ee572ea25528146c0a93e128f12aadfb0c02796

SHA512
eba75b67518061d987a9bbcb2414c2a6967789eb1ce830759cdb70881bfaa6f934bae464b5e69800b97ad9962f0ba229a79782bc3bff69b4aacc8fef98907dff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f21728b756f896cb0d0fa4c4d234019e

SHA1
31e0f8649618f1d7775e499b34eedd61e5129158

SHA256
47df5d1444acc28f351fa066385cf817732b955e95053df9d8a98935fcbed8f5

SHA512
746b544fea9e35857e537d801e085a7c39b178c127d33ccad7fa4baf893a1b12ad44b122121fdd4bc7681f41b52772dc63b4df12eb85595df544b0583b76c709

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCA81.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCB6E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCBC1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit