45a05022c8483c9671cb7c539c07bf3b4b5cdc7bf89a487a86a61b49f73c2ee0

Analysis

max time kernel
135s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

221KB
MD5

4fb600f23a00301fc6f6a3a59d168933
SHA1

16f5fa8cb3e748524f556e1e68c1193fb070c012
SHA256

af6473476918551cba3a149cace8ca35f728a3dbad8744a0dcaac2fc012664c8
SHA512

61f6abfa6057806dc4a938e3c5a6a65d31c8b34565274d46e0eaf15cbb0c3331e97200b4bfffe82ce8234e89e19aafd3c5c15cab561ccbe4db9c4cd967f535c4
SSDEEP

3072:S56Xc7nWoWVPuipe2yfkMY+BES09JXAnyrZalI+YQ:S56XyBWzwsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D57D0251-1C25-11EF-A68A-46FC6C3D459E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422975297"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2240	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2240	iexplore.exe
2240	iexplore.exe
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 1748	2240	iexplore.exe	28
PID 2240 wrote to memory of 1748	2240	iexplore.exe	28
PID 2240 wrote to memory of 1748	2240	iexplore.exe	28
PID 2240 wrote to memory of 1748	2240	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
dbb78757321eabcb40e3f350240bda3e

SHA1
6381db73ea9cc19e1a6efe74f8d2ef0f951e14e3

SHA256
8a931ccf00f3bbe78810ae47da3d592a44570d187cb8bd85fad54e8210b33908

SHA512
9bbacee76c3d1bba04179a1b0709a55f46de00165db955362b1f43cfda6d77cf14aacbfc5522ff357fc80cbe9e9285fdcd04504883d5fd8e0a0eb7a5325d85db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b5f07181f1b98c2500e6ac747319ce6

SHA1
893b9cbf9075d981ddfb00a3cb0782e1964f8a0a

SHA256
465605afea431737d5d0f9330e91096efb3fd4913615f90a7292dbd8547956b1

SHA512
1d7676ee3916c86c9b5a0ffee3d1bff2b810bf55714a1003c80cbcf6877e0f7c836e2c825dab2302b57e563eada6da9bb1d509e3908f7e2d3139cf48a5d56993

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66726c3a52f10450dc68b5cc7de35223

SHA1
a4b13a29b35899a2161ed10095ed53fb020712b4

SHA256
96ef39e36103fe722db384b7ef4592daf790e24627ef043ade885754555ae0fe

SHA512
cb40c0af67eaa5354b8796274356897b5dea0880baab9d83ca753d326055f4966c664a9ec7886d24e07be7a2e3b4985c3f37810a3f61c71efbf6ad4a533960fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb502aa07da034eca0ab4416ce554f86

SHA1
0990b2025ecf20d4625a84c6403080bc168e5242

SHA256
594f42d7e5ff08bf93a8a326c667302135e93e3a975a235ecab113a9f6c11a8d

SHA512
9bbe8ab6c49823c93b521a393b698063626acb2761acf593afbe9d43646ca1ba5b8db0210dc6526fbb7e18f00e25dc52ff0d866d10c910c79c7fe06a948f89bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c52cdeeb4a4fdc28075c366887b336b5

SHA1
ca3d02bee22ecbee2b4be3bf746a437de7e6fb84

SHA256
f1ab493c483b57fa13dbb0b28663989007c0df36180c7d2d1a106236bc1fd13e

SHA512
66591c5fc723231ad86cff7e05964cb9061d212e18bb635f33d8e4c5d04c6ac5d1d5a384bc9c82e40c8f17e904c7ea60f5ecfae29f3a569143f3e49c2c8fc818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
469d6daa31e376d0d9387a1258d9f6c9

SHA1
ed43381c34641f76ce6bf964bc61f548f5773982

SHA256
c4838f72571caa6bf89a728dfeb4a49adac819c796e15f04740e6484ffd22d8a

SHA512
ad41958658cca28a12e0ac4f54fd3ef3cb4fcdbb2ad52122dec5d79c37cab2b550ee45d0722b7d574875b184295b55d7f103f0bee4a482533127c403a42e0808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9733f354b5f91a6e27cd221e8c1f4b4a

SHA1
e1244d7ea41053aec784089f6a89eab2d1204765

SHA256
d82674eb48b058bb66098e0c068a0099bebf1762260b395dfdcd8f4b545c5e33

SHA512
53e794a3a92a8198494e4db1b1092cdc8d516d3ee9925473156444cb22a77100fc9b8d239bddbb050d95f3af54b435f2a455487729d07bf7e868997fc1af37ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26f8f212551eb7a51cd56560d54a9991

SHA1
bbcde5fc3584c8e5fbaf70138a273d487b14dc17

SHA256
6ba77113b67c243dfbe59380d57a35c2c856e46123332d2cfa2aba521bbb17dc

SHA512
9405cb78c20595f6094cac5d592d04bc396c0c4b2156662bc2da358a27013e2c4a516bf0d53318f3461deaf5477a4f8332fa4535b391fcc2ed89a572df22ddc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e36f9d8b3a948daf565e2e430223da47

SHA1
4b490e65c6c3d7e4500edcaef407938fa7df146b

SHA256
e314276843d0ebe060ca5db8c620978bf06fb177a1f59f44c3110b324b51744c

SHA512
82a0198ac7c856a8f0d6887998af8a3e0d03f5945bb9a47ea9fc479840a1de6e1aa6210ee65d89fa663be2a567510db86e86be9d8c716d0c61a63bba1b408a81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2075f0840e1a481a32de98e63cca93f8

SHA1
7674e1678ea07de20f7402627f2f1f6bab783f63

SHA256
7e7490992a64a283a781f6956674c593a17071be8fb2c7d1c8182e8051a401e1

SHA512
90e0a89733247d97b7aa6b90a1c3f873cfcef1933f629d6f1adc97b4243308646771782e3f8664af020e2fa45c0b51fca418df6fd5422b286f5e19d67106cb65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06e70bd44efaa238a6682766f96d0069

SHA1
323c492fe8153873ebb79cd25b1a4f1f5c3cc1f4

SHA256
f3afa64a691c54eb6bbb48e94a9f7285f633ab0d0fb183ba44ca2c7cb4913e6b

SHA512
80848bbf8e5f730c83be437f6f27b93c2446df1fd36dc0e00424a1f68c72b8027773fc0069dba32a54b7ce735583c6e1250631fafb7b5ab9e7a2682cad6bae5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e16ab1b781715b2c70c95f8434f4861

SHA1
359eabe664a201a1f3f3d242fdebe55422fc18ce

SHA256
80af087f9a2ed8ece2f5cf32705226ca4426099f03ddc805ca5da1bde013ed99

SHA512
4fa4d3689d4735ac62ad33f75eea7b0173635315b5744471ce0ff374ef453ef10d1275e86018f40bd175fc21eaf43c4559046cb3ce9e92b6838878b88261ed7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9a21e49491c92b98e782e9259b4605c

SHA1
d46bff257426d599cb0b4adb6e07f6ac0c061f96

SHA256
b633245feba228c96d7fb26288967f724f5a4468cf8a2e23ad9eb7f5de37d985

SHA512
32f9a402968136ad92c1a9889cf7747e358e490ee9b5ca40a8c0ea731e6696ef03d60cbc8d393b746d3129fe0893c020ffe6f9a683ef12a8a2696016c82c00b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
917cad19777052b4e9051385714cb120

SHA1
583f69d2eab8fd65c6f43c0c6ccb7800775ee1b2

SHA256
3745fc1cb0d761f83016f15a896921786b0294954ff4d299ad74cfdd61e5824d

SHA512
6e2e3aa33ee07b021aeac7842878d6ee54999658cc73cf26679dc3ef4797eab12121e8e52389adac05491d062544074e75a92536666139d630cb616fa8d51099

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
08265099fb940669647cdd13964f9901

SHA1
f380cc41597b6f36bac778011606dc19121f88ea

SHA256
6d2fd7fcb9c1bee70686209788102b7ee227c648fdeafd0e1976f0523e002d8d

SHA512
4fd48e860e9a50df452f2f1bd11e48a1309b2ce9e5b228ddfbaf04b485bde3e38e00720c2fda2aabd8e964a8492a95c8518b331893816723a5f4f83f736c467c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
91cab71d6dc91171b4f46e073138de44

SHA1
d6d215d4058ccf868a1406eb2ec1defd86fd6c95

SHA256
e327e95bf31a6d3915a1545f4b5be1703a152d43ccfef4d80343e3054cea38d8

SHA512
76fdedfa64972ec95859b724df9a5833f47d2a6543b8f44a55d0704c8cf7b025a70feb8339853ea476f0bf47be111de8838e67c98573abacf6b89c3c47a940ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF0E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar107A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit