476b08ecdc957d29ed749990f95db2b32455a1fac321a360b3be5ff027b7e066

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

c7e2278b4587b0d418af0c4bb04fa397
SHA1

c97b75c95dabb837c2a6d431753a442faeb7c1e1
SHA256

5bed5055ddd6ab250bbb9194e508842f01958f17ad5a768a570f9c7d074af46a
SHA512

6c520da6a9268994bf96c79e8592ea2e75575ae2823fc3340a18e3dabd7c4311c8bdafd3a96b7d1a2efd9cdfc8a98607322d35f1d32d7659881a430ace7bd3f6
SSDEEP

3072:SA2/0MXEP4fevyfkMY+BES09JXAnyrZalI+YQ:SASXD/sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{613C52D1-1D3B-11EF-8C89-6200E4292AD7} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423094502"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1636	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1636	iexplore.exe
1636	iexplore.exe
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2696	1636	iexplore.exe	28
PID 1636 wrote to memory of 2696	1636	iexplore.exe	28
PID 1636 wrote to memory of 2696	1636	iexplore.exe	28
PID 1636 wrote to memory of 2696	1636	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2191e6f7c05ab96eb7a35aa0def71e44

SHA1
12f6c14e0d472d91d9458800131af40eaa61107d

SHA256
5b7086b2a50b35b8cfc9ff01c6c701c8caed6a31a6b6023e3497b5ad9e33860e

SHA512
d5a03dc26f0f7fb11e24abe3284623316efae8a3aac3483caa0c06b997f4a336467036bc47c74fb1643179bf965073c3a9109c6bdc2b07ac5b2b1c26d66e6547

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f0e5de81229849b66182552632df931

SHA1
d3a7266e0ff36eeb38b6d357762989cd5af8688e

SHA256
875bdba894e5bbd92494e282912ceac4365611d44bc5029214cd5aecbbe39a9e

SHA512
0df9cb1de6c2a83ad1b467372e871f53472d2f237d9dae46be5220b3c4b81911343028a1707931f61649f3e8070a4ee92637a738ea7faf8479b95d5fbfdc93f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
707207b27ad6598f0b5d1b8a3f6d2eca

SHA1
51688193ecc1e65fd85a344513c21a7c6291d922

SHA256
5d69730424290c99c941e918a3786e056234a1b584f6c77df921680a307b2ae6

SHA512
599a18371c61ff6f08c52185c950b947b742a2ad2a1a93c41540579546088186b9eff1db415e56b7ef937e241c4ef8ad206ccc6cc5199982c40a3a0bfdc46fa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba519389ad184c46ce179cdf6b852731

SHA1
94a41a83cd77892454c708249446ce6340b45867

SHA256
4733d88797212fbf5f9dc594ec1c3b7eca5badef163b9b22f2be9f4f380cb3b9

SHA512
f3d20f4b1dc8eb8af371eab511d0ca2caf18ac97b9cf62c2b51dbf46d15c24173e31b7edd4c53fc8627e66da74b370039e58baced781ced8082fa09204d0529a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c38bd9945513c90ab2d099208d39801

SHA1
0b13893643c6c86fd3032712533e856d3e30b91e

SHA256
bc4f3c1b94c86e61ca746699a89f967a2b13a68440b9e3ac88a819340aae9b2f

SHA512
efc83bf5551eec58a722ada31bbe5976050890021918e049bb3a41c9fae3769e0b3f5b8cc3bd3c9ce993c89e9f2c9a8d9d0bcb68bb1bc9ed6aa660330eb65910

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
685b576e9ccf9f65a1a8355e28b20119

SHA1
35403f4185a703fb198742b48c8f05dad4151dd6

SHA256
9575bb78aa3ff9d963d3bb8911ceb10ac7df73e54323308fa4261726387fb875

SHA512
2656d06900aefde85d0b0611dfa4ffbd9c0e142e0bc598be17b362f42e378b802d2d06391c46fe12358143c3e8b4071c2f59186dc77e2e2a8abefb6192b70c8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5fe3fb4e19334ee44cc5719aa9153e1

SHA1
ed2482f954d620394f9a941d0361c29d5671bbfc

SHA256
669677d991b3d49da5ac9c31d9c092e956352395fa6297a84de5082a25111ba0

SHA512
d90e91aac9f0f08e37cf4c6014e97108299dae94f484b582a781f46672d18aa0c9c232e8547cbc676ea71f36715f3e5151079481836e3211e0dfec0881d0cdbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
445e3d706414914f881327223102c5f4

SHA1
5e3b5e88c8178e1a68c608b62187d08cb10ba846

SHA256
e8c6ac3886605c3c86c302ba7778999490f65efaeaf4a5917c13c732fec7dd1c

SHA512
79b682ecd4543f3c0a8bf8a8b09b4ba4cb1feb0e9167c7d70464d83a56258ab9b061adfa85ec20c6ce6286b2aa88b893bad90c4d64265da4c6d09e919dbf5e47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cefcf870616a5b37ab7672a26680311d

SHA1
1d305181928ac99708c8fb7e321d63c85320b24e

SHA256
f13e6a41850e3b56a546f86a2ed4793a7f1d05c6907c9a6b7c379976244b65bd

SHA512
9096fecaa15dc7bd80b75fd815114cbef43363670a3221d66196fd3e849ec497fe63469cbdba1c6a44c2f1fef67613b0bd7f1ee8aab8b20d6ca7c638ecbba992

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
043237903735bc152c67574ae5b4a110

SHA1
d98d57ef88e635212efcfe65723ff62745fe7454

SHA256
81468a8012e967ac675a5ffaccfed7c253c328cc9b5e037b514955c2ddd19cfa

SHA512
be09cf615ad52fb2abb33762000add6b209f359eeef8c1d79813784da62089f6e017a6e67aa4348739227cc5d00d4b92bb2864a6a79043133261baf484d792ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5766c0dcc00181ff0697db26b88f8aea

SHA1
2bf2d7c910c126f38eb9d7cd01e9ae15bead4741

SHA256
d2cedc5d3c84fa5df00db8788434aa7ac0624a63ffb3981e7efe0c48d82be835

SHA512
639a22e4ec882f8fc128affb6cea72861989219c793cbe25182fffd5587140d8f2cb5c824f6bc5f402ad4d75033b11b0eb932e8d4546432473004fbcdd836bba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5923056642b704025cadff29a49b1ad2

SHA1
cacdd9b9085935aa1779b7f1eb43c886dfc7d053

SHA256
db931f8e9cf9d49feb836b8c15ac44c52e45191a2ddc9a8bda6178f0064ecbfd

SHA512
e2c877949f73ff19b3b30f4401051b55f3f54bb26e50257d8d3c920353a03d93a9a1a58ba5e056c9f65447bd9b000ccf389fe1d6022f8c26a70c0daae2cf05ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6a85cbb8d827d6c3165d09bc8b4a198

SHA1
c806df6319af820766db077bfe53e02ed3083598

SHA256
45fe4cfa7f7e36b5d6b0fb285a1f13592237fb9f14ade6c3eef9c83ac5f19643

SHA512
4d0c0b21092232d1a4078cf8d54332758a0f2c3064efe26d462c3824599f1fdc94e8411f091eec859225f197329559d1f9f7ca0c4f85ac5000287f15120ada9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e30158c2854a4e22c1a110d479351a1

SHA1
8f92dc43d32c39f580d5c1507e7734d8e1c3c553

SHA256
0e4d82a5307b0ff3293ac2f6619fc542a2fc91e6cd1277f52c5b21b337020df2

SHA512
22855662a0fc66b355e02feab326423fab14ef02432c462da166cd036128fee784f6047ac9e9c273974bb26715f9f2be2ffcfeed15ee11a60516f86433592747

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73b7a8008c1d737b22941cad03c50385

SHA1
17f4801575abfd3509cc260aeacf4331cf43c363

SHA256
1aac8cfbda247312e0f86191f61db914d349773f4ae1f677be52177f2973ae3d

SHA512
c724b0a99f1d6696c65b6f88156d7130686cafe7ad3617419893cae8d26e587c1deb9daac1a0cf7486470b64457db57eee6238b5bac725b6ec13f5550e830dc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b08003e91b3c6b338ae9a5a9d00fc94

SHA1
dceb739513153063935b738dce811070d27ab3d6

SHA256
015b4526a504471b7b1fbaf1ba88720d9ef24de21058e164f41ead03937561c9

SHA512
20831b2a38bc6af5c3631ae337144fc948ac23918cecd228e369befd0a052a181258bd2ca468d640cf802d6b93478e404e8beb58e855755c159dba5b743b2fa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0c24e01475acb1e3f8a6789839aef5d

SHA1
02692a121cd246944e8ed584fd8327fd3714f32d

SHA256
bc8e50d10d212595148a79454ae1cad1a080676c5c593432a0758d26fde17d6a

SHA512
ea0945521a06f55b9f6aebb6685631135b248f55ab44bbdff88a36d30e63b921fa6a9c669137378cdb223e6b0867ffd7714bb9a699a92dd7ae08e085ab7082fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df74ff992d9f9f717cc2fb761d6fb771

SHA1
d08cf4475eec6da7572fac4a16c76733edda829c

SHA256
44e05df2a0a0fff77500ec46cdf26704807475e343dba82600bebc13f67c4dfe

SHA512
366389a58ccb0a22d98e75ecb86931507fa1e83e69b31332e2c940211d632eecaad1e67ae23a2c98d2f723d1586de322f053123e1e99dd85b6cb0d0fbaad6027

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4542109383991a76559a9cdbf9f9b799

SHA1
d35cfb1b27c2d6c7d682fc2c4b2d5a321a6c5183

SHA256
faabf0ebc3df653c636f50b32e44d420b8f1785c0b7221b94e33245f98ced50c

SHA512
c21ae42c81a4ba1ef463658cef432a8c46bdcfb4e145ed682d2fffbb4fac2aab8a98cf5286c14f90f7f5b4d7fa98f43200a6ba00ad6f57231a2ba4e661391a7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2445.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar24DA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit