d619ea07d50ca83a14b3000be6cbad699f2b67dea3c33a5d1948beba544ab5cb

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

8bde82abf53faaef8cc6d6ac80a8146c
SHA1

779592185cea6108392520f5a952d3d456bcc59a
SHA256

ff5bd60b64faf6951763e356f34ff833966c453a21bd414eaf17092dc23819a5
SHA512

ebeca14645f5e494488d41e9b726c1d8e2b289bf5deebed0c03e4db1f73ef51d4a58a00179cd2313620ad63d92adb6fbe6d1de17eed3caad9a13c0b7872fac9e
SSDEEP

3072:S4cPLDGXXmWPF1RyfkMY+BES09JXAnyrZalI+YQ:S4cmXWCGsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423220548"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA875291-1E60-11EF-88AC-F2AB90EC9A26} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1008	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1008	iexplore.exe
1008	iexplore.exe
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 3048	1008	iexplore.exe	28
PID 1008 wrote to memory of 3048	1008	iexplore.exe	28
PID 1008 wrote to memory of 3048	1008	iexplore.exe	28
PID 1008 wrote to memory of 3048	1008	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc11841edfbcd5fadb8e3e3bb3177c05

SHA1
928a16bcef3b6bb2440a71eb6c9d0bf34050de15

SHA256
72d7e211f628b7bf1b928655052065954ee2f68e222220adbe60444c390cbf84

SHA512
1b0249bc4a660110b2265596578c1037e8ce83be639c7c6f7d40a4c4817182a63585e611fcf246f7403df897acef7faa1d8e447bffa3be79bfba4f8764434e3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0b73bc44bbcf89b885219afcf727922

SHA1
7b750b879fc27e6317ec0d716c19afc660556af2

SHA256
d7be41ccce1c78a29ff2d6e6c97cfbcd3e4e2d1435b0873f6f6b2957dcc855d1

SHA512
50df6b7d39877991a6f21ffce69f7295b2e96642b1d516d5127748bf619171b9011d84cc7335c203056fae440e660a1ca2337940ea7928c620c3bb328c3501ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
179f81c809707493e6ebc0d6d7cbfd82

SHA1
39332432caafbba6bae285efcb719c253468fca2

SHA256
ff8973b68dd70c836b0dbc4e7887b503f7dbefbe4f8dfc5c47ff4f0917e5453f

SHA512
fde2b39bace2647986f195a223fec0c857e3d1f644ba217de8c5e7f4b4561e7dcbc736be3e2a0cb6966e5020c93cc8e79c2376c36106a1d7cb85e67fd67d1eaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8234a5a59e9ed49b22bacc04ebb82f34

SHA1
6fc1feaf082f3f0abdfa434e3c0db0f1e2366fc3

SHA256
a2bdeb37db6acaaeac6aeef39fad15e2566dcf9ca8fa5a8b6a4078b85e56fe3e

SHA512
0170b6e80af36c649f88343c70e3fd69e8aab6e954e188698b8d2e877666fbb19986b584e8c0163d5d91fd4ecb3d673fd8a34a21dbd0b36519f756012c2d4629

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c215762e5bd64e31dc70281972aee65

SHA1
e87433869d9cd087f7e286c1044e0debd6389e6c

SHA256
f5629ef23f0da100fdfc012e434c512b61d3099a84246bdcfbf3fdf74dd31b00

SHA512
cc274b31f260857170dbcd82bafebe60aa853c4b239f8a621715490caf10ab191b7bc64e5789239c850f888dc55974681ec132aab2a9d15cd9f188830be8781f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6dceccf92d3d796abb632c5aa9ec7fad

SHA1
fc994937c1b2a492a2fe4faf1ae93a04076c49ff

SHA256
a8e509bcafca4d271120ae39a4ea7899db7af921b8ef125eba3cf3a73246e117

SHA512
ee846a38576bdd5a3d0cb881a84c08b0c22c677722eeceb1836256e39e03ca67c53331425db1130770f56e5bd7945a871a11ba4b182227471b5c9ae5c8f243bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4928d3065adb7c65cc99389c8464a4f

SHA1
ba3a73f932ef0ff98bad3c6880264fc4284ed348

SHA256
919ce6458f34e80271c8db3f818e11c749e2bc9f9c53cb18044fb280a0246b9d

SHA512
2f2443ea88a3b1ba4ca75a506664b1c7470d3fa0b91b298d0fbe57c4eb7c64fb4ba7dcd308dcd6ecd7c02c2faec87adc89bc179822e4bcd6a2c19ba70ffb23de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1ef5a4024dcd814d202df196fcb9c2c

SHA1
f18a7b75f59f0c6c3c0ce3b7e87ba3732cb94e63

SHA256
a7b79e8daf96ab3fbfdc61fdcebdef6e4b7a5858b804ed1921549b4bcbd7c9b5

SHA512
feb2d2aca7313e28ebf0e7cc2c8b517c1f9c14f9b5aa518c22ffa3c5857f64cb36a81c7be7e4f84e179ea8c9e1bac56e0019b1b3cc7501993b87d872f708d3cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7c486c594679df6f80ce4cd9a9782a0

SHA1
c2f70343974e5ca88c1a496bf854049710de9d75

SHA256
7f4b0a8f8c6727c2bfda70f09d0dd882365f2de878830562be34c7e11cb2429b

SHA512
8faabe1a22d40a6c6ac1430a54187fb46e74d5c72a7638ba66d91144c22686994c7b11bdfed445e8a9109fd4544f173454e309b7615c1101219df3441ab11ad8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5148cb07ed52e26e5edf29f8f6a6f14

SHA1
902982a8dc96a490e906933d2809a1697f06c609

SHA256
3da76498983937c33c8dc8c610c51113acdc50bc321e98aa62b0900d2879fb8c

SHA512
e4e566ceb85e5b2cdab5b85cf4a3eae5ecf2a3a38d7830f7ee0cb55bd842622133905e0ec7cd0eabc1c33339945e822b4fdbc7daced3d8c6c6a606cde417addc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e782db01e5036a0c3a83149f376e01a5

SHA1
64715f39ad1b4ade41b063dd857fa9932a503f50

SHA256
5a7b7134ced46cfe4948ed079cd9baf884ec3af093db18111f35e4789f541ac1

SHA512
090a2180ddba63d0facd79994f9706a62d3558fed166f15a028114e0a0d4ca9cc18a3f3ee63d7981ce0960adc03367cab4eba22807ec42eb73c16023e7f283be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05337e38bee60dc7acbee4dbedb24df6

SHA1
a668dc912c3deaffa27f398e65a9ed6d21092e57

SHA256
e50e6b9ef4ea81a497f0c2b79ac1acc71bdb1c68675840340546b4d8ebd16be4

SHA512
451411a4b3b0074410286d7c090af0e295780245a0b5fc158cb6343ac08e0460e2c11b65c63c66ab1488360896e424f44d9e995e69c2e68032353382fda95270

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f8110c40a6998507d819f3ed7aaec2a

SHA1
7d440378f3098a8d8656770e4633717ba83c9b57

SHA256
dee0583675440576961caff1d789b3554c2fc999d4b42416abb4e6f415fa62f9

SHA512
aacf60a93484d2f51544a816fa4c482d848457a8719359f068b527bcdc38e09522673c70d90cd5087b109ba423e5df574b9e6fbdeeacf351a51733d3de121f15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcdd4ae00e6cf5ed92eec993c8004b72

SHA1
b825ea59a976395e638594e5d9381158698417ef

SHA256
f20280cfe9a99d649683f337e186bd6cb3256279bcb2f476b35c7aa1068c1252

SHA512
7f55902efd3b05fff15fac2ed37ec772c92e142bc3e56967ecb833eb35d821f4c5940538b51dd581f2c41a915c76f0e82e721b7cf85880345866027c29972350

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a9cd65db5ac0c2dffce803836611e4a

SHA1
fdf5934879b0e3f4106db9384948a9dcb1900a9b

SHA256
41c39dac0ef39ef62257ae273dc48da458e24e87133d0c1f988dd6d22b229649

SHA512
e2c99956707beeb0ffa5d6988bbcd691361b97a565c53f1d3992fc703068cf257bc48fee08d7822e0f5a7a77f37bedfc94640fa706496749460b7c6667f8d419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0873099b9efe5b52a7541c81b544da03

SHA1
2cb32ffc667133c33a29b3fd115fda6f9ba184e0

SHA256
006ec8a8266ad2cffeab4d38a08337409f752c9437a8306cc876c845aa98ae31

SHA512
f66ae2a586b797d921bbc706d520f8e6149b0378c062b51ad22c620462645e118c0cb7b0dd32a58b90c10c3feea0edcb153165ec8fc5df38e025cd4fc0c84cbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
756812e8978b032eb3a2a8db5adf937d

SHA1
c2b654848c0b14ac4ace518367e93aae88ac1454

SHA256
d938a3b73e34512879cca9d649146774f66ae07d5f75f5e2d66441401b2b81c3

SHA512
caa113b9300a31b7f9185186567ef58bcaf679f8b19e3464471b765014a02763b072115e4d9827b462942f99e66e489dd667597abf85af1fc3c457ee8e61647e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa8402e5ea2b05a54e205468670fea72

SHA1
2dc1755eb43555a2ce261ad58023a97d36dd9862

SHA256
4a9c6c2be6e82d729c867b6a159da3c625a1400e4e21ff7691141fca1b8b9f3f

SHA512
f97991a7857c2311f58ceac03fdbbef3cf7345ac8ad2402b6e257d7c7a96b769074d0a1a47b08e0843ad730118882a2ad0f91aacbf328ff79b14ad477e54611f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab89A.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar92E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit