2e0f85a9c6c51978e2d68b11ae9247430a5b9a804f8aa4bc7009be7e913b2f61

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 14:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

ff853f9c5e5578fc65e70906857e92d4
SHA1

ba74fef1745911ea0b171e7d1fdc64a3b01091f4
SHA256

41228b4193611c4b74d0caf033d73b7c019ae0c73b83f06a8300b44d440f69da
SHA512

9b4d6b84195f17ad365c7185457b6c89f3b64d809e3dcf134539c992150eaa27c84b3d7ae233a02acc013c804132ce065c5fc8acd0894cdad04a54a6903b1b77
SSDEEP

3072:SAWnMF8S+GinyfkMY+BES09JXAnyrZalI+YQ:SAjHNsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423327955"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE1FDCF1-1F5A-11EF-A346-76B743CBA6BC} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1680	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1680	iexplore.exe
1680	iexplore.exe
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2612	1680	iexplore.exe	28
PID 1680 wrote to memory of 2612	1680	iexplore.exe	28
PID 1680 wrote to memory of 2612	1680	iexplore.exe	28
PID 1680 wrote to memory of 2612	1680	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6bbe59fb0c31fd5afeff18996b93aba

SHA1
5052b19f525cccf276b2d129be2b2ec751234d95

SHA256
fce959c1c37c86e1961eb5dc792261de4a275430283488d37afe51e4eacada41

SHA512
556025889990bc960037cf91ba7383a8a4ddec008f4ba569eb9a4a872ac7f0826797351fd25424924c1dc28f96b3af495754fed84460461a7b57bef39a65d0e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d65373bf9c19863a84dc19d2e1c29f9

SHA1
a7f8fc2094f515d66b42b9bd3dcd13fed0e4d9f4

SHA256
8714b6cddfd707a573a2357a38cb46a27442e5124b79280c5614ddfc26cb4bdb

SHA512
57848979156a6aa90088621d8d28b5f63c75c471bbb382b4f6f3876f8d4e37bcba0c37c02e46353e66fb499c004e1cfd28c88308ec9dd8d260bae8ffd7c6a2a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dae6188831b50fbc3b5907708f20ebff

SHA1
8a23728a6059c37d8b21a2b4d3673c4dbb855a8e

SHA256
495f0d6cc6e945ef8c5cc8245b026b66c78cd3cb5dfdf904396c83dfc4fe3c33

SHA512
915b78841e2cc8a13b1781eeb6cd52cb6fba89266bd5576fa319ccee3648baea1220c3c4d30e456ced25d2b7b8d1f941202ffbd953a70bc95cc13bfd4de758a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
325081b6898e2a6b7c2fdaca7d335a93

SHA1
84a2b4b630701f63bc7c93988fc6f2106051f302

SHA256
d681d9594bb676116e0d92aa23154805345198a1daa5b2a08ddf8f1be883bbae

SHA512
2327595347c5d840e98646c800544c1b050137918a7246e9be56d60595a31a44e9b3556308cb3f1a712413aa5f7561e4b9221c2e3f0a6101320a99b5f24e31cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
164f7d2ba7cdfe97008907e1eabe2adb

SHA1
e2c3524f72feb3d8765836fa1ead2f978b1e8022

SHA256
28a4397e6eab8fbaefb301acbfa347dcb8957fec79ef681a2f718c58ef36a50a

SHA512
a189e24c550820b554871a1da4f0fae177d338a81abc76340abb2a55d2f74a800a6ac932a189c4714491486f0e28e8bd1d2cd44c4afe821e60dc95a823167f3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f846d62c69627d6d3bb24a1d71690880

SHA1
ad7a1704eb40f3f13a13310ed1ce8d04ccd65d66

SHA256
aae67c69cc9d44a8919f15d4b02d1891e22a40d4dfd6ce142b93d2eab41adf9d

SHA512
a62a945d5312159d7a64d2fcc4559ab920eb740b436c63c2cdc5625a9675e12e4ad6fac56e6ce3fbb8a89c204c5201ed3a5d6e39e7dbabf0bf44bcd9e789fff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4534276d9ad7139c52859dc207ab6994

SHA1
43ed6c3efba8d7b37342bf2dd59a9749f536d50f

SHA256
82c93d1c0597a345d446532ba8542f389efbabf3082beb7ade4cfa025146093c

SHA512
cf56e028551855e896fea02b8e6ad69284cc6ecdfd7a80bcb557f53aa8d9c9fbe80855d3ae265d23ef66a0e36ec426cd26c157559cb83343e5f1ba0472131533

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a42cd8cfaafd9cd4de838471515906d

SHA1
dc3eb36759c4e9f0b6124b2b87a921691551e811

SHA256
9f2f091c7c5b2e2e23d4d8f3c960cfbb3139f70fc414f22cd63012d185640d1a

SHA512
c9e1b5be3f5517f6b04d12dcec43d2d8a6f01f30c2b9e7ae8df9edc6477795a938c77c36c708ff07bcebdbf8326a1ae78604538327c4541f72e65084d773867d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0ad5813864ffe9ba3e18f25c38332e0

SHA1
0fd67767599d97b8e610431d4b1fbf1cb99e37d6

SHA256
e6a4f09258f81d72087a4de7948f51176602f9a833854ebaa39c2e9416bad491

SHA512
d31fcc4bd47bff4ab573bcca9673932e282862c0ca94110f806b030b561538ca13784c72e1577a6ee1db9e238ff28162276787268524dcc06cccd0fa445b69c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a0be8b3e3e3be02f5a087505aa0ea13

SHA1
d47463d5e1e3e45035fe349e21e51461310347c6

SHA256
9007eed8f6b7fc98b5f98d3b9bd4a8c5f001bb2c16251d7abb068664bdab6d9b

SHA512
d3ba456f6db4cd79aed6711651f39531adab8b38e05b3c5d509af8a92d075b4b60db197948b95eb41a08607439736a57338a6b4890c9e15e41528772c8da3c86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b718bb71a01cb8f28c4ece7ed424ddc7

SHA1
45ad2cef699534c8fef1261e0741f5c9015e8137

SHA256
d749ae921614f9f97588d30c5f6db065df256a0dfb2473da11d9fbf81d3d73fd

SHA512
b38e07cead254497391eeda1547065d6f03eed0c65c10c4e2b1b75f684cb7da17fd6470507c1dcb7d4c22bfcf2b196180fd39ee48c15715a6ca31400b0b4f3d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
def7c5f3e501bf5b3cf05f1d02c10e6c

SHA1
44c684b13bb7eb9a2c8490e4e80b9e4168dd9c1e

SHA256
31a13df70a6b816634c4b23805e97fa2df3bf7b9e3d4420605a35382529de81b

SHA512
dff6f0e59a48384f80a7d9db354151233c6eddb6f362a302648adf8ce7cff255a44eae652d431c2f91b627c00c9b62dccf44815fc57f8a61736d8abaccdcab86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10069a3c2d5b8e797c4884144de9bf1a

SHA1
4690a75d9f01933ea8ba82d097cbcc3cf8edfc15

SHA256
85398cb8212dbe826d78a973b0f97cd0d2e8502f79815ac04c92517a070039cb

SHA512
bf206288b9b61bfc0321bbab71d2f57efc2c27e3ed91f33f7b7895534ca65dc45e4094075c425294cb346a3e340432cf0edb84d5878df226914e433d1b5ff6af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e1fd32da0451d2d79b9bac883040808

SHA1
e176ec27da31d8e366909130465a037520f7e04f

SHA256
5525f76acab520025fad64bcf051d0e509a00d6966ffb4775089a40ced657324

SHA512
78be1909cccddc2f2c955b2f35603dc26fb2dc3b962214cb2a1b558d95bce9b7e05b9e92d497c373d0bbdc83e3a0fd7a73ed37bf008cd14ac68737c42fcb1e05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb272b037395719ea4e5a8848ca10051

SHA1
bf116189ce4086f562ea5db636721ac9e8ca0a6e

SHA256
b80d9470b4f510db03f458c6361df0cc037b40fe34f052b96100bab018fe52b5

SHA512
45b720563f4b0d2a3e235d2b5ae62a7febbd40cdaefef092a353e05c9100a6835b85f14e1a6a8ab9c6837f069e7495393e58449dbdc1ac4e998d952573e41149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
647fdd3fdd7582eb9bac89eab3e12c48

SHA1
94a51f2965a414dc9c473c1d38104cfd56d5e6fa

SHA256
1188602008d99aaad2853933312a582756918f8fd85a36df985cea570bb40c63

SHA512
b08e741d2ee4a9ea1503e33fc65d0fc0970e4ebb8d0902b6821a0ed7834d66eb740668d49aa649edec5c4d8e7916748f244031e76f85bab57dda1b9b09b186fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21b189684ac5db608c9a6919e688a966

SHA1
997852a8072e51126738cc43064b4ed7f3ec9b8f

SHA256
3241f9f08954fa5f1a5932041b224d391a275b867f58c5e7b5c7df8a92280006

SHA512
6c1f3ab943a4b3b545afc3c0eb7d05333d20cf300d9acc52ebd31905504fba056cca7355b6c89710bd49b16461977917cf59823817a763b4b474a167d11bee12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab531.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5D4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit