de04f492f66fa606be06e850f4ef8d927876d1a186a41ef1bb0f19616295acc9

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

e0789bbb92aeee8eab05ccefe75979b3
SHA1

8e468dca28f98b73dc1d6e593097b0e210717b7a
SHA256

27a69b94ab202d7f6246a115eb3a471aadb6aed3a13ed4a5b35bda0dce91ceb0
SHA512

6ef63e48857cca94cbb564ef72729701e2207de9985f21cb9809351f8a50ea32a77c77e78ab7927814971cf700b2826f0c9c25c4aa2903eb8ef5fff410feb82d
SSDEEP

3072:S2vnhj1Iwr5vcyfkMY+BES09JXAnyrZalI+YQ:S29V5sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423346410"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E61B2201-1F85-11EF-97A3-C6E8F1D2B27D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1740	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1740	iexplore.exe
1740	iexplore.exe
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2444	1740	iexplore.exe	28
PID 1740 wrote to memory of 2444	1740	iexplore.exe	28
PID 1740 wrote to memory of 2444	1740	iexplore.exe	28
PID 1740 wrote to memory of 2444	1740	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
206cbb50bcb63ae39dd0f93d5900dece

SHA1
2786e10f1d247f1514ddf84be0a2f03b34cfce31

SHA256
b487c9565118b6fdc4d7190d7ce427fc4f9380b010c5a370c863264ab6e2dd1c

SHA512
1f706fccecb978a1a5706e7bef079beb1d1a46deb99d5c36049756c89c82a2acfe6513b46798744bfa1524dd868b4ec3e5bcfa91c1c7af6b08db2e2f4017a694

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be471ebed539c1b909f5e4f4162b764b

SHA1
1717eeef624b6942be04e2c9c6bb32e724126a44

SHA256
ba785024b18758e4e8e812bea2389d5a186353abbbf5ee89b418bbd1b23414e4

SHA512
e89e6b17b571c86a162c09f889e859cc22e7efaf747bcbbdd3381ec4de12abfb368afe970fc034138bb79999291cf8383d20ec137b8534cb2a8ce14aa1701232

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f98587d6352a19c36fd686b5b345e71

SHA1
981bfe0ad5c1f492beb14c9d81620a0074d278c9

SHA256
648d866568748556fc2ebca7359d4fcfcaf0e54ca73bc1cbf82d3c91ee41a93e

SHA512
5794b31b0bdb74737ac6dbc7068161cb15d15ed83dbe1d7b529a9a74153d099f9d17cf06fa8b476bffb4831ec2ca978019758dc7a6e670b8a01cf45b479bfbe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d64725d85d66168089c2cd26e080d38

SHA1
20b3135483ac6831be5f6fc98f25582fcabb96d9

SHA256
6f0836f267591da33f64daac20f5ffa05a99fd338c4e303261d41d2f29583708

SHA512
178e7f55cb8fd891db92e599fc2920b1709cea6284cf4130d0868c3caa940915a86d584b07a7055f080cccdfe6c53f42f5e07d5fced1d2516cb974e6dcdec5cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90f5fb875ecbf66a817dec4e86dc7511

SHA1
e7110192773c66f4afa8fcb63c24a8c3498a2c04

SHA256
4346a15ef6b2bd49d504716f76325e3f12b13e86fdd1a171bb950cd2773d2bd3

SHA512
626afa1c8f250ab45523e3487ab73a02627c2a271f389db917120ee5ee5e8a1ad188d02c98ea07af37b540b37ed4d6ca0a97044e9813d28d80afc9293b11a2ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45a2ba8213eac3676552bbcb93ce4ec2

SHA1
a51c25df6f2456105af8b72ae78c5fe81f9528be

SHA256
1edb8340a1e20d16aa3cd9b081e572796e862c04dc8149090bc245b6d09d6868

SHA512
4c14227dfa714b5fb63b028407562ff9bdb596f127cc2a2bc41851c8be8ccbc81fec3e81f008b9ed7f83e4c02465bbec7c4595ca813880b4815c0549c30167e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf6f9408f8c6e50b294a9c6a188358d7

SHA1
f184241c01632418fbf10f3de4665aa5a8292076

SHA256
1436d4d9603333c9fa4f8fa7948af60e1724ad7f7754b803cc703116c8ba2339

SHA512
c65ae3fba6c12360cf36418f46bc60fdc923d6c9a73ee49b8a21c6d4b1dc48ac52a1e4e8a8ffc8540495184d6fe1949591e24a7f059a35489a8691db63f76275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f0113e5a8f19ddf45587b75fe9a9135

SHA1
1fc25b6ff851e205c0e2a1ca985238ecda204760

SHA256
59afe27e4f19da6f3c390f5f7f6de49b789282ff19b4a571dffa70d3b162131c

SHA512
3ca10197b7306f2291d375a52a634de9b23188547cf3709ac983b8ea547cf9e6a7e3a33d95672a91d06af3505bca2cb0b194738cdfec86fb5184a69d03d0963f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4722a277829a03c7328a17d35c601710

SHA1
66265f8be77495fb6800890ddb08f1350ca0c371

SHA256
feac69c7b869ecb11cc4affe1af3ba0d5280abcba9f66e248c79a655eeea755a

SHA512
2b88d8d7c51a3caee7fae750dbc1f0d0e8fc78df66b8ff6f1795f2f4288a58d131fd1599d4f7a5043a2a2988051233e3e011faebd63163b24b9ea651a9b423f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f0c14c5da532d1b8120cacd6c9adcc2

SHA1
204fd53dfb9d0683d8702d7c376374f12f16a07c

SHA256
0212e168a599ec99e47cb8fac1af55dba043af22e4e2c63e5d728535666d0416

SHA512
8c926a90e409025b2ddf3cc8005d7c5480064bbbca6a37652f3b3671ca31c945be1b244aaa25b3ba2d689aba733256fcdb44e0cf2a48bb1096ae7bc037ad90e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e7c87552d1752014251edbb5e961beb

SHA1
a10d36276893788819b664b17a5ebf42e27b8ef0

SHA256
3c02290c13c9f9b1793e4b9199873eb17986cee2e872568138a5020dad61a8c7

SHA512
df9c3b59ce50c0d054e9a9d6a7797fde6318170d83bf1c479e45e6be60ec44d498c2fe310cd6c1b12cd816c25aefdadf39a92d2fa88f8dc4d5c2d440b0007bdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6eddb21f87e4ef6ee623ac94d8c0d1ad

SHA1
abff7a87baaa335e2df6f248bedfa9fb50b26fd1

SHA256
0b854f9d13ddc15a9d049326a888acfeda509209be7b4c0e6ee5bd86473efcd3

SHA512
edcdd6f1ce736313aa4b00ba78a831325fe11d6e441897ec8e10d2dff38fe2f3ac1fea2b18d82812537ce0053209ea8daa55bf86dacbd6abce18c17d211c8ef9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a92a82a83553da12c848fecbd5558bb2

SHA1
3966f1753380a358c8e5f39bae61505cf59860e3

SHA256
6eae90c1248519526ea4874e79cbbf0b5230715174a2f32f7ec0ec22d72aa1d3

SHA512
acd735e8d6a257ecbf5df45f114d0ff3f587f490481f08a0430c699f2b39a228918604cdf78f7d181732500c4d7d481bc08fcf58c43b84f46b315db91cb4bac0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ec66ca695a42b994ea315715af5b022

SHA1
139758fd7d16fd5af2f29d8c94b554cea5077342

SHA256
33a4653b7a28db6e1ff156f1562f253fa0ec25484c60960f4527cbac9f9525f8

SHA512
8b1938c07984dd76476519366d2e03c1713d64484e17f67c5fef89e6bd917fa3b3bc96a644ae97f76f198dd45f951946464741f41e7aad8d432b658112dcbd40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0299e83df61630bc4b1bc4cb0eaa7b2c

SHA1
0ac147b07ddc8928900aa845c04a290b64c3970b

SHA256
8aca4852f5e445231d0335f6a93b87ea8477a9f3f10746dbe5579fea16fcdc02

SHA512
1af6c11f44903b3737dd6751f069886658f897ee280a814574f06034efbf5a46536dafc2a956c6e6fc1d6e7f75290676cde876888459e0f54b24cf34123a1102

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3737348e9b008e8cb2a7283e38bc58a2

SHA1
704905603027bff26d71c417fc316fd42b3289e7

SHA256
94ffd06042dab582942a1d9eb7e0572a603dcfac1148c0bf8136c653b311f367

SHA512
171d733c8e2125ee6b33e74c52cd2f9067d3bec6aedd3dfc06fb1b506817bbf84f7e00d299adae00ad06923af8757e365c7e3a5073169a4ff4dfdb0e82f27cd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0af7e1f18c6533435bf440aec21f95d7

SHA1
bebbdc16f3873f04366393784ca2ce456a2ab279

SHA256
5c61a5bebfde1e4b4bc1d811d9ce69b6dec5bcfc7cdb661da54b9b056f21bdd5

SHA512
b635a140863caff5c045296c2360553185d27bd8e329b3e8f74fc6ceefb90e204140864683cffb25447c3c1a00cd428de8b67848591eb3e36f3a390f59bb6797

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1509.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar15AC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit