dc4f15ba66eda1967dae36f877e77faa34e8865f6bbaf8eb70fc4617db8cacd7

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

79ad16ac254ec38ef8d36fd7652d22e8
SHA1

4a231d365a32fc2d6e3db86072562dd143f77ced
SHA256

bb1eb3585df0d67945ca5a991cece5c4a193f96d7a86ad3ef2229d1abd0532d3
SHA512

388be2650c547c985dc3727ff4593f6099825507c47ef994a3d0d30413fc7eb94e0d81da38cf32b81e7ef2455f2ee228531854583f71af86c8f1fffb82235555
SSDEEP

3072:SHBlz/IBOu5uM/5yfkMY+BES09JXAnyrZalI+YQ:SHBBxw1csMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5B70661-1D02-11EF-9AB8-560090747152} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423070244"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2824	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2824	iexplore.exe
2824	iexplore.exe
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 1336	2824	iexplore.exe	28
PID 2824 wrote to memory of 1336	2824	iexplore.exe	28
PID 2824 wrote to memory of 1336	2824	iexplore.exe	28
PID 2824 wrote to memory of 1336	2824	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e04da37461ede0eeef22ff5e5b2d91b1

SHA1
9998fd8bb1f2b1d62b16b8b2e85d823c4f726536

SHA256
567e2fbdad55cc28f0e18c2679aaa2a1da3cda939962750ead1221a4016877d9

SHA512
486fceef0f7c4f1b433fe58736014ab3ea7b2032c3b35f63502e76216559cfe3da7cb829fe054a6cb3bf323487af3d8ba18dd75c86a4160d36e63afc57033a2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe92cf9a056456adf32d1f73f597377a

SHA1
51637468ef7f27f3ebf8c647bcddf518d68c2791

SHA256
aea6dbc617fce66baa009ccee99599f15b35a14130eb63e177c7dbb83797216f

SHA512
ca43bad4303824737dcd9bef88df82ddf2d499a404694f157ac7949d4457420104e6c10bf87913a67c7103ebbd0b3e5a20b24baebdf5c201a0972a5cabd608f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ea6b399762f814b287308eb97c194c7

SHA1
0c97092a45dc4996ff71e34d8e42794f3be6f70c

SHA256
a656d41ceaf493d2531e6aba54765e5d35942672ec030996d2f8153526741ff0

SHA512
b2a0cfa8df9aa187c9ac38e91849b3cb45f45fcbc30780ae1baaf6ced249a47d53b46b75bcb1e31b9042b1e0d2955a59f1a426968dc40eb2c655799702cacca1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
204933a8a8e65c773bb172b9941d7e35

SHA1
812a4bbb3b64ff520c2eb708b26a22a6913cce40

SHA256
1b4c1175dea21fd1264d1e9e778e259432a1ed22cc2417fa76d8c78a5f69d55b

SHA512
6a2059f360b05a1fd9fa5963ee4e7e7f0ba8d7a901c08dc70b9b610fd5904cbd9aae1cac75919b569a0815f7cca574580b737e74e093fa9bd6c02c3c540153ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b18640970f854840ca8e7f5a7a55c57f

SHA1
8645496e5a1fab6c57112a9497efe2a51f853ff8

SHA256
c7ce213d05818b06f8e778402b14e1a86d5afba36c4bbceac81bd57ee7a14b0f

SHA512
2a9082bbf2926a238a121d14e0ce56c5fbe1cfa85f8dfb58ca9d6b74f04780e7e5a384bc7946f4516a82075440c795a065368872494dd816a9cd0193b36abc80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86a3d1a37ca27cdd4d230845eff52441

SHA1
46c26228b1cfd9e52a78541a577a543e3dd7a55b

SHA256
8565ac973696877b0edef91f0ba8a9ed740ba08cda2beee08fce01cdb2d7c71a

SHA512
867cc4eb01d6d3a1a1600e0893493389047132ade46d2fbf55dc7d3941b7be469cf125b2698667affe1ecba367d907a6c20c344ce4500e7097b2072959e7cb7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
576b914c0cf24685a1ca6d6ea82e3c6d

SHA1
d6b7a449938f61cf7e7f991b7c5faf259f658a85

SHA256
c566fcddd9bac9b696690a578952bf52fbe3a07e419ce79a8322a99a4ba9ef0d

SHA512
92b165523b2a5a4225fe3c35a842c6ced186f5bef9f0f89c74216dd53d6a0880ebf46f087f3d19d15305e653a5e075ca91ee12720686e632cb82a544144f8dbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26786ce7d3b84ee0c52b3da243e149c4

SHA1
ec4980832a4db5eac7a23990b7f45ae7994d6fba

SHA256
3e7ca853af264d7cbc03ab05095b9f976059d4f61a7207adf4a92c416db29906

SHA512
37e87d0d75c4623340c8b8b8d846e9e0a8034601feb4782d96bdc0ebf462b49faa9e2ae7be9f80bda40910c8c514ef1f3576b987d1a974e06906a547ca0b1ef7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f6be7ea8bf0814f57b60c5b025d10ba

SHA1
cebcf70c78ccde6b160b7fa24149d687fb94eecb

SHA256
8a5c272c2b29993d75ac91307ee788f4abf1e55664464b03ddc9c16d1a5ae347

SHA512
3611bd16e77fd8d7e51b3877ee3c808f0336059c439dad462b3ae23dff7dd9a9bd1ab1f8f675a15cb319dfa1c83f50eec639db60070639d7526f1b7b4800a4d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
941892e819da5b6282c7a49afa5ba6cb

SHA1
cbabd239f8c6b9e73aae5760ee73cf9ef610a81e

SHA256
32cdd067ea9673add3f7c3889d35964de83fe3587d9b7ab0cdb56cbcae4de34d

SHA512
75f6e53334fdcbe427bdb973d1dfac9c15128fb308d9c53f79745d5c3cbf3574302977e39ab144e9d291353524d45352a7d2c9c38c36a460214db30c575f7d65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07bb0492729e2bcb8bdd0f83ed8ac9cd

SHA1
44b3a33de3a905ec2b4828c8194407538c7c89cc

SHA256
c16569e0be07c43c964b90fd6898c2a66bf02a4329042e5faacd248916d71453

SHA512
c3afcde1356f22dc04821a2f1456ad84c94e4efbe44f2c6102c00684a46b6b0443187b6834516204d4a7a1dfbf7f8d259572e8e1eaa23c2446b4cb0b27b5abff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9860afaa6a05b6000a82dcfad26f836d

SHA1
cca0ac6359c6560d971e882ee9b6727ff876a3b4

SHA256
2e8e550ecb3ce29f6441559b7fa0dc3df699b7abd4468c3c3404f5e0948dc1f6

SHA512
733b97260b4a4994bd90ce52bba256b57733fade9ec97f0302501cfe04630b98542748cde0d07f0b38aaa6dbf2144bf639f4462e7d064e780a382d4915fc227c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d41b1bf736146ad3f7a8440e5a055a65

SHA1
c665aba0254aa380566d6c4405225d310fc0dc86

SHA256
befb0f5baf0cef21dd00331e229b1dce03ad284ff9c74d766bbbb2c5223ebe46

SHA512
d38779081b6e7d2b1dc192a0579c57d29ca026e533fed7357cabcf518e11fd6c52088223227c97435f28d29f6bb000a0fb68e790e85872e7b07d1018b6e0ff50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fe1da4fd080b07d497134fcdb11b4d0

SHA1
77c9a6fedce3235b70e2f599f6e7ce4534c0be4d

SHA256
5d8c33a3686f24223565348a17dbfd681a413f0b28c1a84c944a30b2ec752a76

SHA512
45b3855e565aef3b2b3321fdeda61411ed9394b22a990af1197fd14fe727e593601a7202670c6e23430d574b15ee96799a8736d3a6be93f4593c16766c0eecfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e039c9d057ef6be9a52b15cd059b3568

SHA1
123dc10ec4885f7c46bc455d629f19b581865d14

SHA256
6bf2070bcf784f3dbc8e5455d63a41dd7beaa69467b2cffa6554bf4e6b225a04

SHA512
946ff7dc14e72d773b31abf0ac2550feb45dd662d72b03fdc44919473d89b007053abb213023bb2d661db475a178470efa8e1613f66b6422b21c4c5a3515f851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1076.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1204.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit