0b925bdd0852473dd2c264778cad29876518ac810fa4ed601780f36f024427c9

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

dbbcf0c9ff8e191ec858f294e9f653dc
SHA1

119f541f2c50a5cbdbd38f1433f07ae8593fc136
SHA256

15c7b7e457306c9889c79d2b2acbf6647aa0be3e22cdd3eee4dda2051969cd81
SHA512

ef6c31aec922e45b3ef599b1887d17ad1c2255782bced87921c5b9cadaee3733ed7541ef075f5c706537e74daf3fe53ce495b417694c140c3cc7e6c2e92e56ae
SSDEEP

3072:SZ3tisHGpfxOyfkMY+BES09JXAnyrZalI+YQ:SZlmjrsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{44248791-1F42-11EF-ACD5-DECBF2EBC4E5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423317361"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1620	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1620	iexplore.exe
1620	iexplore.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2336	1620	iexplore.exe	28
PID 1620 wrote to memory of 2336	1620	iexplore.exe	28
PID 1620 wrote to memory of 2336	1620	iexplore.exe	28
PID 1620 wrote to memory of 2336	1620	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7dc7412507d7e6e072a169943434d500

SHA1
a4c30c24facfc00f64af41f36e37384ed20139b4

SHA256
3d334cda7c7c5814f07dab067b5112096f1cd5ca84a14bad6ef9fe1152024e38

SHA512
6f3c0111bbf2fc8c9ce73237201e4e75f6eb5fb9c753bccca73444f7918228079f354915a593f780cc26cf3d8483c4033e718a2ec7e502e80611596289e69388

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcf560b9123b263c9c6b3036980cc61e

SHA1
51513ac17fbf845ef2e74bc2f076f0b1a640d77b

SHA256
776125693880f9aea51fbba36a3b14854ae66caf520e571e657da1ad11c9777f

SHA512
a398ecad6efe89cd5bd74525f3529b937266a26fa36f9fe6dd9001130169b40e1056b9603795e7a0e94be5ea91ede6c93a3b452193255215cbf00cc44eaa97fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cc52d26e0d6456bda3e9333a8738ce5

SHA1
2fb3aabed5e9227757b8ee97e86d99454b457e18

SHA256
d0fbca52c228766f1d16a2378091efbb9ad2ea40d23a46b69ac0d36cdcc7b10a

SHA512
af9ba2798aea74a08c5be91c31c0a4df2c2c1223f9e45540b721d8482102521ddd5e8f3e4a25e8a37c225eea39610b09e9d75cff29fb5405472a82c6b6aa1754

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37071bd87fcc3da0fa8c71df743a6986

SHA1
e56c9250c34b7778ece442983c0536ebf15f4f0e

SHA256
b0363be5a1d6fa2ef6d96870df5eeb2024e1d5451e0a7f9def6a5b41a33220f5

SHA512
c61b1ee0709499e27d3ff1fe4a66dc17f06a5815f0d60670728cb6078da2bf28223faca5c058f21b1699889a8aac56fec38d05a3927a8a82af50bf2ae9d120a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10985d629f26bc7eade853348ce211d9

SHA1
734544077f33e52f171e0bb4a075ef5eadb8df75

SHA256
c0a4e3417a921c87d68f33f3c3af921e569b7074a096ec45c477d06794b8a040

SHA512
ba366230fe8f72f3bcec509cbe8da5243479e848c539f4460c9001b225f40d042fcb95f924c896a1be078f3af0495ef0302a9b0522e411181fad863714dca146

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7608f900a83aa2037326a9521d40707b

SHA1
cb21f73792dade0dd849266e7c64af50f1f56ea9

SHA256
6655e1f84e3eb9ee088dfa8b3a08315b681516e3ab76f3b87178bc41a9786023

SHA512
d34f90d253e2a32cb002809edca9625ec406073e6b204e97d15ac604d93d5793f81728bc93a5cf6097356e98e000da78dc960b4cb26b50bf64ca1b5cfb1cb4da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62fdc76ce9968eba293d35d7d63404bd

SHA1
75be03e3ce78bdc04eeb99a8cd7f91d09d51d2d4

SHA256
2c0f321afb37424432bc9a5edae61b2b09a9986c42f25208570e69e50290511d

SHA512
20eebd0d374755a8b5faf8107458b7a2a11c60bff4b2241ee3af41fc0fcb0e57d44232eee44545636e6d458deb939c17c59bf70a9da2ebe184783cb280dde953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1136dfeb15936bc08f09761353c3a83

SHA1
2763fdfeac4d9b699d2a44a0cb29375db0f75edc

SHA256
e89b60dae0b8a574f31b2410057e39c9c02e852f7dafe53ad11c6deb98eba18c

SHA512
1a5d2733ac217b43d2016bc33bf97e3f9ad196376b233113bdee08968bc826b9dd3fc6a45f1d0ed6837c5b8781fea487d505cfe625a5acb0299f4871a7796c12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
213eacf1df42bd7eadb0c1c3f48cc22f

SHA1
4c92a8adea59c61ba0c69c7f3194f24ed5db125c

SHA256
937f1b5ce806ed76a58b3e5becbddb7712bd7a901f00db74160086f742521491

SHA512
09926b5192b2c2e0aa12deacd59983201f8eb47cd3eac67ba1d8c00533b9cf93bf6939ce71d9b3290b43691d343f7b334d70f19ea5577f610064085efd3507a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
801626edd4216092992a7054169ff464

SHA1
6ae07c35b635a767c8f19fe1e0cbc7653d59fe51

SHA256
d917e81075acb762ca920de97b79f8802648fa30e30d7b658bac16c57d0f3be4

SHA512
c6ed564697eabcc856bb6785b0ba101933ae73b09fea0a69d671b392bebd26d0c2b31e7ba6d7072ab813d79066aeb7e175244ab8abc0ef06ccbb1ece11006418

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdddb5d1394eefe5657ffb3f5b04daa2

SHA1
422244e75010417bdc362d4d067ee6266c2975de

SHA256
1a3437a1fa5a1769f463dce978a84f3e26c1fa9e4d333cf7600102b6eb8410ed

SHA512
daf7a1729f030516774e6905f10cee49924a64f141f6b55faa1fb526181d3a53592653abdce4bfeb5b41c742d30a31fab5358219fa25ea711147d5b62e69ff11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6344d2ef93b78efc62bffdaa6eaf2101

SHA1
89af98ad9ea736f44fba595e293a089e34f28a13

SHA256
05e5598d8e3040dfd16cfdc9a70779a4e4ce19cdcf45e0a9bd0ff70a3185c558

SHA512
99d5cd571311c6c7f7500c2ba4d27f6cd77520a4e866bb8d64afc2d2e1a6a5a49b20f083805309f919619c79a26c21f2af4feb5f36e9500474efc98c63eb0bcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c03fdb0eed05042dbdfdcdd59e094fa0

SHA1
b83a23aca4223a3692dc0c48632b54d92f68ec1c

SHA256
a53bc8d893de33c55e07db43e3b6d9b37f85f3ad2182ec21b3dfd7920a3289f0

SHA512
6cc44a9ad931804db0791593fecaa2c5978bf0c4cace09512648d4a8ea9be45fd1d68a9bb402501a00f6c190c736b3c695e899d3b78111cd4bd53b4d3cca6ee1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48909d6b77fd92bb4753bd623c9d2cbc

SHA1
f3705789bcacd9fe5ba79f5d848bb20884b09c0b

SHA256
0544f505b34fe8dc82bf129305973dca1605ff32e08b1722b8d960a814acc7e0

SHA512
08c3e83a4458a65b71ef19d55cd11c7703ec24a321570310b9dae711b65930c889079f67f0f7b8bbd70831f28a6620790810c7d365f766bbbebe5b33ddd164a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8bc92be4d9670422b5ab67ec4684396

SHA1
fd9e1d79240b84e28240151b8ef1876de59cbcea

SHA256
ada817bb11078569a65febb558ccc1790761d1db38dc922afda2856ab7385f6e

SHA512
1a8c31a64918bdf048338b3d64c9e730e958bcd6d63343ba4aaedbe5e3ce555109f1565ba9c2c764dcc0921ef4292a4d12cddb2997ef911476fa2d0b38c7928d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f752d38c2b529cba028a762ba7ae069

SHA1
9ae0f04680268d6e79bb2d91d80fa73503ff2d44

SHA256
3d4a51236addfb37eb576fe90cd0536737f68bab86bc1450d64c6fa76d457807

SHA512
9c83be665ae8b5f26bb1c48ddf3a4bc86066390fabf2d1f0f218c3034ae983a6c5a7963dc4e5b392b046c45c48538fc13c41e628762027abe3715a2284eaa433

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd6ff8c1d1fc7a4a2070516db18748e2

SHA1
9b8bbf1eb686a5bab55d43e6a3834e8df9af21c5

SHA256
dcb31859fd561afbd9423e2262896dca853d886582e2c692d87cd7be3a5ad661

SHA512
3e74b5d0aa84581dbff03ab3626f23453f264b684b9cdfd64aa2ffdaad1508da373f02d484c97e0a0c73dfc458ff93190b900d5c7c4e8bd342c62e4c85a86fc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78097487a7f6c4957724a05e8ae72824

SHA1
fed81f3611b0b5ab7f8214926583512f78a82df1

SHA256
eaa9075f033c53459356fe301d226875a197ebde3e952721698014e4a2b377f9

SHA512
c0022f323603ad6913d1af5f66a30373168c400a3bd052f7c9fee4dfb2e50bbf06652b002d83559752492f5fa366d5df89c2c48699652c69796a2e3c110bd8b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
388fe7499b5402debf543200b0d8e758

SHA1
6c18354691be0d0f4f574aa069fc52930e36196c

SHA256
419cb1040db35e0a2262cf9e580b2754dc31e96e7938ba236d5c11335045dfaa

SHA512
84fb85e4be4383aabc45edf493f44feb8a89dc4c2e55fdc67e9b8fa43859c891b1675e2baf6b2972fbb7322e974ebdeee6e4d55d0f48d0ead1142ef219e64537

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab170C.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17B9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar17DD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit