f2a8ed712e0a2c970ba8acec5151ddbf32a287574e9ec722e19d8f1131ce6db4

Analysis

max time kernel
136s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

221KB
MD5

a263045210b6f7455ebb34a7a58e32a7
SHA1

0d5fc752fd9ca1db34e450501c535623ccb95d65
SHA256

ab9e6ca9aebea697675a0ef0f917ad512dd1c904bbe4c5ff920925c8112a27c9
SHA512

048c3fc5d74f04324ee7adbdd3ad1f518056178e53fb7a457ed8c5665c415e898385d70f699e37ac9616524ac58d7fed6954913ebb2cac46adc2bcb8ba6d1621
SSDEEP

3072:SsgjYl5FnpfvKyfkMY+BES09JXAnyrZalI+YQ:Ss5L93sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422897471"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0D9FB31-1B70-11EF-989B-729E5AF85804} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1708	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1708	iexplore.exe
1708	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2700	1708	iexplore.exe	28
PID 1708 wrote to memory of 2700	1708	iexplore.exe	28
PID 1708 wrote to memory of 2700	1708	iexplore.exe	28
PID 1708 wrote to memory of 2700	1708	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd1b9916a05fa487d6ee2710331b21e9

SHA1
858e610ef04bf92a5dd55129e6c8cff507aa36c9

SHA256
adcaf4b897457590877d19c8033acf765a80cc8851d308adfc36cfba7bc3e9b3

SHA512
857d36f26c367c7dbeff34d34b6ea6d00d15a297d514691ea1e5a1927ba20deeb1ca5a10e050ea64daa93550d844cc12d61eae0ac0fa02df3723338ce626cf09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abf2c0c9e5e31d7ff80aec2c1d8ccf79

SHA1
84a5bf1587bf3b47747c59286dfbd44057e53063

SHA256
2b9c461d5836ef7a25b3019f32c45e812cb9ad7beda84c1c4ac8c99fe67ac0dd

SHA512
f056f26db430450fe4f48af0447b246c1e7eee2743e6dbaefc9c30edd18ac2e29c7ac96d9781b9bab560700423c747d632c075a9ba36f26d9bc50bfed52c1827

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea8e91ecd37c15941eeb2ed67cf66882

SHA1
455da211a185f7c9de48baacf85fb18a23f6ff54

SHA256
06ef0e6cc70c7f8c41492925bb831239a685d331ab9754c6636de938c58686b2

SHA512
90da2fe1f977e325125f70694c383f00f850f6ec859074042a25b7e1dc40f031feeeb5ab0089968138a91a2c99f2ba324d170c0110d34eca1caa8b21def35fa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12f40fe7bc3f0278d180b4aa036ca621

SHA1
d431f508757c35343952f12d64f27eb28ef1d793

SHA256
47ddae17bed65d33e68af7d14a1e7f051a10519b8f6b8653460ed228fd6d4d09

SHA512
8d164e8ba32b39792d21b69528fecea10b5a725852578961c96b21f8af850210afbec4d454e6ea8211c7f1a780f48942ec99fd1e77741872ba87528f12b23b04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ab49d22fddcc05312b7bf1966d4f3c2

SHA1
fb59093f1a0b7898beb894d4a8b739f2f4b36cca

SHA256
2bd032c7e503d550119f9af45c0854f8d5e33385c6b5b48f56df2819c8224f67

SHA512
bbeb759b2a9f7cb2441e7c7b60de132f8fef2c06fe7258f2514235d9250069084982d62375ac9407a3c6e62c5a610dba11f84bf059aee9ab684292c5b8e13917

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d17829ff385433a6d08ce8b235baef1

SHA1
b71459cec175efedbddf0e6d42ac7cb69e9a04a0

SHA256
08fc061cd06c83ca751e1c378fd9126cf7e71311e03d59ce71d6d6cf0b5c883e

SHA512
950c23ee9c58a6fb4e19c6858f5090667008f571a3d2152f8a527c306e3cb737f99af5c27300a206e197b8907b5bf349a4e5566c4e196f29955cb4fa5d8a2fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8183328602b8983c0e1b300a9998b40d

SHA1
23691d6cd4892df00b1ccbd3f0b8954bcd19ce79

SHA256
2dda19a49c9269ed3c3b4627e383837fe9f5c60ad24e338479bca19255657019

SHA512
31cd17e9c6ece0922c219b336f7dcdee08ce733e9aadc3aa25a781758d3bd599108b9498966382888b2faee29a63eb6f58bf14c1407ef1aebf85c4bb3bbeea76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d9e3b13cf1e54ed8e50478fd9d0f9c4

SHA1
8b3c99a8e6cabc878f118d1fd1c20cc8b829fe31

SHA256
c6990fa4fd36eff0cc6cf470f2f932bb6cca29e03a373a49b49252f5743e3e30

SHA512
aeb303a1dd2bd65a2a875d2799d5b6b9636950db8dfd73d562f596a0ae878a7f38a474e07e2784c335d07283920431ca620f4e1db44e81262e69402ad061b89e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9de81694123a485207eeb6cf7f6960b

SHA1
cbe52867fbce4fde416028ebf3c8c5b341df5eff

SHA256
e5d6d35b145d1039e78f460d9df1fbebf22f9fac19cc5ed556fd3d9392436bf6

SHA512
9162c15764ffc121719f1424d6dd417cc4b6750199e437f97c26f88e65cd3ead1d8dd3a4e8640eb4c592c851ff282fdd4fe9b30c692730b4feef9fba868ea361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6ad23146e2e9d8dae8286622e745c59

SHA1
93f4299b0749d9fe6000220b0e6a73693b4e3d87

SHA256
96ade4a970805a9ae9ecb137b56f6def090d5bda47418549d0309604e2439b77

SHA512
922537fff855fbba92917ffca94d56230162d6d3d227ef4066bce9021138318aed6748acee85a12e665f648a82d968c77be5825eb7cc1562a6c2423b530bbd8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0116f10b2476f6589b5d53bd72265966

SHA1
c072c120c0cce3a1218d011bfece017e18e1b222

SHA256
669ad5ebd9d78e332bc8798f4745d207b6b55ebc17a8a31426ae6e23c607d9e1

SHA512
0fc1638b8b30eb6ce85ba0b4666a25fcb83f8ca26ea771dd01da3371e7bb1e7c0eb6e6c6181e9f38cb30cef30de6e8a803f100a58722846e8ac211fec166b449

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
224de10c7a474aade78988de3c633b47

SHA1
b8c9a5469fb76b2db40525abda3f6b1ae319b8b1

SHA256
06cba420fcc0691346da207cd116d977f3e16b8659c377c42fd180d6d0012dba

SHA512
ef87ed2be5aa53ce35fa9597bc48ec483e930103cf8396c5d45d2a597493d1bdbb67417c5298fc134f02d91a5be707e9ad9359dd9de653c9cff01be2af7e5101

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
850fadabb012e0583132c656df5a215b

SHA1
574b1ad58db8e63ab92c46e34d0a1a2d8826f48a

SHA256
8719bb38a4e49ababf12da772d5e61fecde7916d8bb12a1327b70922d0eda8b4

SHA512
c02c072ff2a57eeb7a1edc565b1daa037b86c2f3a9ff2cb3c0147e030851769f1bd912144612bc30eea5c5e2f17bcc1805020e112b1180c83bcfd7f7b45ed90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d67bb6c6f63b33d2ef59940326f5c50d

SHA1
2e7ea07cf2c26d336f8ccf2e11bfcfb21929e01d

SHA256
f3ada9d58cd7c1fed2f4f3114fc9b7c473223e2ec434d322f72f43830bdab0d1

SHA512
1845507ac3d0663649bc9e4d0040782266e97a92292701ae4a4bc7659bcdf0eeb92f6d28f13597eb84c68b4492e5c6ae3f226f3844361387d3d4a095d97e6637

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4eddb9665fd4046c2fc4621476675696

SHA1
66562afad08f6d55b8e53bb2e750620c38922f8e

SHA256
5485f54b06b9b91b563932869aebce8434e2903ba349b6a4ddff25f86d96ebbb

SHA512
c141ceec31de3f926ef167011390ede1bd5005035a028a93d03d1440ed4ac6c1a0a43a27675d6c9d8bb67e13a8cbf0735cf8a4e613559da5f1db9a81a8b0af91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
036d8bb5706a1a6d83966b4480e16800

SHA1
a4d721e344281cb6b77aeb72b7552f70c9113eff

SHA256
c31caccbc994c22984a89b7950df74e38e0955fea2bc38b7034b6144b0b6c3f5

SHA512
70be022a2b02d0569b2ebf130b18105442024b464afcf87a944ddb0bc0d25b06708acb3648359ae47fb5312684e8bff93fde2abde3da4d33ff45d8d621296054

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b252dd498460bb84cbe9d3ebf86d27ec

SHA1
ff6ef76d9193165260035c285634d2479e071360

SHA256
d147c9183771a3d1139a37c242fd15a28ab6431bda9206f7221825795cb77157

SHA512
1ebc70bc270ea64d270ba2f9ffa911de74ac5056e351ebcae1fef681ff4eebf4f9a2236e87f5d15519ad724eaca05bc15d14b9214a6a9a7a18390c901ed49ff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1865e28e0a9a57277716dbd67ba5d4c

SHA1
14d69c22d7c7cbc82bb1f1ccbcc64055df4db7c5

SHA256
965f27080dde7ded3f82281fb319781f8204c617d5d0b76058985f2f2fc82eb1

SHA512
8d0acdb30fae9d34a0d4f08a013c90a47d535b67cc345d7c38acd379b63ada8a6d02b690d61ae8278dbd535d3536ee29dcdc9c68c5ffc3519e91fad48bb1eea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9197.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar92A8.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit