d3171a8f814f865ea6c5a298f1f6ca3a8a1db96b319a270a0c8d0619934a2482

Analysis

max time kernel
136s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

b114a0626a05e0e4e40657bf3d0e2ddf
SHA1

efe1985c6fc554ada3a6c91ed79ea70dd8258f8d
SHA256

7a56f486b463a7684223227304842454d0085dad50a3eae76a0367f3c34980e6
SHA512

ca28db00cf167feb12419dc2539eb5c2d6e71bce7d069113f2b00dcd23f3942176d40e54db4686907dc991e937f6eb04ff771396abb95200983d98f49c30fda6
SSDEEP

3072:Sm6pKiUyfsvWyfkMY+BES09JXAnyrZalI+YQ:SmgQvTsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B026411-1E2C-11EF-B671-4AE872E97954} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423197921"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2612	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2612	iexplore.exe
2612	iexplore.exe
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2884	2612	iexplore.exe	28
PID 2612 wrote to memory of 2884	2612	iexplore.exe	28
PID 2612 wrote to memory of 2884	2612	iexplore.exe	28
PID 2612 wrote to memory of 2884	2612	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a5ff2cbd270ef05e1696a3e887795c1

SHA1
db07a11f3777a7203561d638e8395c0e7ee41614

SHA256
a0fd5ef2b419aac5370273d06f78ee99480abd8ed166c8b08f03c031f6e663b9

SHA512
9d502708185877125097bf930d5440902e4d04df7c5a6cb3ceea628c3bfb6292b9f101c7ecd79faa0664df2168829f240f6adcbdf8f547bc8e2780902d0fe112

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ad3294841ef3c06e2185b7d0b708cfd

SHA1
6d923dbe502431b6416d36bf099d245d45dd05ae

SHA256
10b93278caf951bd6aae529a1382002df3bbb703dabd5f8dac08b09708910dfb

SHA512
6ee2993bb3296988876358d6d4e8b91e47c387619bcfca2461305d11acb7b935094fc162f7c706f418760a2bcf5591e047fa65ab21132b5662d50de0503ebeef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23a00c7b1c3eaaefc74376d66ef1232d

SHA1
8eb32f7814b3c3b9aaaefdf5694dc46f4ff72b6e

SHA256
11c6e3a2139bcb790520f8dda6bba2f3a73dbe195614f5f0cf3e2e461a8794aa

SHA512
f1f6d179a995f06797e97f0e07d733377f4a46f8fdea7b01ebadcff4305198d06c6f427d46ef68eff6a908b98905dfaa2806fca5ea07d79d4ea86c4283652e48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59193a2ddd1d48ee3931d8e67338a2f0

SHA1
d5ca130c30db11bdbbe678c03b1bd9fa09d43edd

SHA256
447b9c4976e8df642561da73e11310c089a934944012bfb839b80d690236a37d

SHA512
2923bb68888fe4033e45d1c71a3a00c0798cfc9227a3d025c0d8ace310cb58d8c7b1853d85ffde554f6acedca5a29ea5519542f862f5939d06ad714b68b9f05f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2269ab3fb192ed988bfc41f57f68e085

SHA1
05bc750fbbc96737f3fa4bf55a7c955feafc2906

SHA256
6275a5439ff6c1b797bb7f9136d4db802c9052d19b156c9d39d8601522a1c546

SHA512
7065e9e20bf9a7fcd84878d4cf7c00b50b3afabb716d1a63a6405780d5df5c8bc46de5b7517de93d3cb1a537e51da1463e1b339c5c4c56fe66581fe422529fdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ddd9304960cfcefe1a5a95d34180420

SHA1
05d8f91dc618000549ad8551ce348317c83fcc0d

SHA256
fd3b79f77a91ff198dca570d4afb2d37873653285e4b843d7f5bb11b4639d2dc

SHA512
b1b3099f472f704eba14d27f24709ba3ffce4d1f77baa767d2dbb1ddac4738ec4d6c223189ad04fd3e706cf9aaa0a7380c94750e555da7bcd8f2a8de64d3b73a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc48e31b6d3d4efd0e3b807ba19806b6

SHA1
6d9a6345e509de043ad18b9f2596c770cd5b75d9

SHA256
9370681669efc99eefa968083a26f92ed4a51fe60d19c9bf693eb2286953737c

SHA512
66ce260d687b764d53e5de30988dbca0fc5a65429ab6d1c20ac4931d0c97705ca86d0aa7b3bfc8f6a8ab172236d086527246836b0a5baa914c5deef760de0974

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f7a224a0be41b176a5b77aab6ac93fe

SHA1
ebf20f8e122fe5beb91d553176908fb095c36edd

SHA256
f0131232cd0bd5a1f08ead31edca27600bc71dcd9c3270ffeaa33c4927056546

SHA512
981bb006617ef73a6255b58159e054a6df59ac24d9dc4e858b99011d959540ca28250e2e55e27991ad1092ffd7fe87ced8aec890b951a14ddeadebe57fa560c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b07f13315a41d43571588a29141c982

SHA1
e7d8fbe58610ee825e4def429f681b417a2cb2ca

SHA256
7ab8b8f16631f076d50849e2f30d3a744bc4856ecd777c61ca5d081bac79e70b

SHA512
bfa1e0d2500bc14dc449f0b81b20ea1ced7c5770f6755271e5cb88fdb6be1f5596c545befdec7e3034e81a0473c44f505cb8337f6fee0c598d58be25c85c1d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bad5e0715dacdebb24cac04f8aa492e

SHA1
944b56eec370de148cd666bf2862d107433c830c

SHA256
a0c463ecd9c790b6c09bfeb1c9225967f30627fe90fbf670fbeaed3a39636b3b

SHA512
8e6745f98edd11ee7e7f2cded06f5949e5810f2d7b5e8b04574440a00aad632e55c221563a1b171e0193b56cf7dcc41ea729ec4cd8b99a7ad574cd3c1907a978

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93fed9be4ac7edf2ab2a867cebc79c28

SHA1
118672fffc36c18c052b6f5979b1c04e8e58c7ea

SHA256
c95fce2e731ab2aae956b15dedc6b413730ab0e4728ae119419ce9fba88131cf

SHA512
2dfcc24fa2f4671bfa7979daea789aa9d7db271e6785fe1fe9c6cb64cc3b2f50c6868e3db35b524ef0453180367c3041c47f8f6cc681238d0dcd790ba1d03333

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1a9c3854ab4ed85d7e4b638d85294dd

SHA1
e84752ce3812b40f5519b3ff278bee8edc85de18

SHA256
8a64017ef45ca9a8d54ed3f47628f11a5d2bf2259e6986f771722b97d2d866d8

SHA512
2b18aeadc262bc30a2dd2adb11ff8e8e4a4e2ab344a70a5b9aaa3ebfe37dce695d6b6330e9162bfe05ada3aa0c0562b18242b5786eb862e444a9b728872b0da8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e21fa92ab7da076ff1b07eb9fdc0ab8

SHA1
94f87bce7d1cde638bd031fbf29dd55e36d7e0aa

SHA256
c3395a02fa0e75881b7bcb8fa17e18353fa247c7887a62d9c84059457968eb28

SHA512
876cd2478fa037f94f46cd6c55c8ee1890e29181fc3e3c4b730e6150dc9a4854e5532366bc7ba0430ce9f5578e3211dcd59c5e1906ad4c595b7d1a443bac1e9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3c3daea8c2bf4f56f5ba033b668ca18

SHA1
2ea33b1f98bdd3a8781a261ab38c8665da3b4f5c

SHA256
ba36a167c0cc1501baa8eecb5b6590de163bb192dde173c72411212df441a281

SHA512
e8f69bd992a6f0618bb8a11c35d28b0e21070184adf254c3d1478bfc126a9933d34f3c12f7f3fa00b05329d62aa9d4275cbf2f27bf4f33ea0d8a79c9fdb68f96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe7eacb283c2d032920638a392b22ac0

SHA1
0ebb04f0c3175fd370344eccd0293ac96a92f21c

SHA256
c79945a2c7a6340d4a0a741da405b35d23458e246d6f6662cacfcda461c1470d

SHA512
ea9ff3d1c55020219f00a07b873f0ea44a7a7bcf0bb8425f9321d1759c4887df9d76adb1405df740f6b6d555ec0563bc5e1cb2f0bb0fe398c7e0a3d32390db3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e17cd698d5e2ba6cfc98ce325937ceeb

SHA1
5f0b6168e737bc2079811796020f6864e503f0dd

SHA256
1f17477926a1e37b57541dfe5267e47126467a806bcf735b92f25c2d5cce3ea6

SHA512
ab8975e75b1ad46d767f2ccd7fbe33f5df54af0eeabdbf89c087635b604eadd943fc41513f09faf2b6cc77a8c050ad0930f18f935273951134fb1f864cd89ac4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2209d5957936ca13e071185cccdaaa6

SHA1
a480f1c5600bd7f30973f1e1a3e10725204f1d0b

SHA256
6183a575e4809124b072592cb95168b44e98217bf3c3cae25d77c24fbbb87b48

SHA512
e5fc97f199210e4eb844cb6c5be233cb09e40c48231e90307185797fb10467575624dafb2240e34c6694711ab18ba3e43bfd75668634e65da09b55530ac4f9aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5010e6da3037a4b8785e8881ec4b7b95

SHA1
277cb0cc4147122f35256d5a7974e7063a5157ea

SHA256
ddaf6645ae65b4a99d161b4643a0f9c2988ef8adcffae7da234b5ef2a7eba24c

SHA512
2ab85a91fa5cc9ff78e01356dd8375c8d2bd102e564b51c07fae20378530d13c373487b14c35f79b33417d1d41c5c31dc1427274ccc0ef7bea26ad9dd6dd6757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bff080d629f5071bd26dab253d4d505

SHA1
2e19a4a665877bbacfe0aa2de4a0ff0ba38a038f

SHA256
cd8312640325dcbe30be92c2bc368228e1b4ab063506de27d9372205a1cbeb49

SHA512
6e19c968dcfd9bfd093723bbbbb74d52418fa3075fcc32e53acd4304c38878718f8ad534c132fa3c7d3691d6cd7626df3bd4c28d47eae3088b8286024c91fd81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8C0C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8D1A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit