f957a8eba5c2669ffe931c6d5f8b58c28eea98a5b27ac73423602a5820e19900

Analysis

max time kernel
65s
max time network
135s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

817bcd0d157036b91fc60ee05f6d067a
SHA1

2f291ef61e8514b7f3f9cb7e2a65755eb4ba9f81
SHA256

7a1f1edcb25e422643af9ed85de4cca0b46a16a39513226b1345bf73b6b809ab
SHA512

278540f5e71f3617bb2db8a961d1910bafdfefecc4b4779ed29bac2b9cbf8df1786a52029e6239d57470efbd45ee594b1886fc6982eacc0740bf2b0dc01eb729
SSDEEP

3072:S/GXn100ziVyfkMY+BES09JXAnyrZalI+YQ:S/+qAsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3888F591-207F-11EF-A596-F62ADD16694A} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3032	iexplore.exe
3032	iexplore.exe
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2648	3032	iexplore.exe	28
PID 3032 wrote to memory of 2648	3032	iexplore.exe	28
PID 3032 wrote to memory of 2648	3032	iexplore.exe	28
PID 3032 wrote to memory of 2648	3032	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a59c8b6d5ec8ff65e2a5b3457a7ad0c2

SHA1
6b38c6d0d9db7ee27e88988f3a8ea4903661dd36

SHA256
c651b7e9f81dd1d44dc8b81bb184e6047bf19e7591b3b5f3da124185ade82cf5

SHA512
37ea1c2a0575f2fd534c53353d368fe49dca32177349483688e37ce761a0dd9dfb2edb67143694fda13a172bcb2ae3d33756c40f36fc2ede11895d19f0c9fb13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bbbede9e8cdab0acac980516da814317

SHA1
b465acda1c2f4bd07071514df6ef5ebc5992dbad

SHA256
7aa253ac1dd1aa44d58ad2041d6579490cb3bb109dcb197cd7f472135c98faaf

SHA512
ebc1fbb496109c58569537d14dfdbb44d0c813becbac813c264df51ed17e5dd3c7048d4ebcb832c4c99091f3de9bf130699dd18cd8444407ed71236039365be7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
adc0777653f2574e2afa180f5f3aac9a

SHA1
f06fe7bc7db02476d3cee7434bc586dd007e5ec3

SHA256
e659aa8133b4cfe26f4708b42c96b7efd5d1c91f54dfe5792b54c83d8c2a3a13

SHA512
01a2ce65e654d6747908103b9a3c6e40262ca145770fa73cbe435bab9cd2b376d92b1676c27868afba003f00834b966878e26933453a10fa292174086deb4bf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7fe822750d21bee34f29d9bf87abf438

SHA1
c799ecb77a7d21b4bdc19be492f5f083f88e51fb

SHA256
d156791005b2a918fe09a436d0bc78992040dab6ed681d71c5d05596cda3dc8f

SHA512
79dd4a4c16b73810c37ca0ec81e2be8c769740d5e20f2756f92afdd5a14d680963a998e20b080202475a8c12a58c8500dcf6cbec0bd57f1358a92cba50be3a9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9a935b827b6ab0c5bc1ecb9c4720a532

SHA1
8a2ae7cf01f70b4230b92417a38ade8ce9dc82c5

SHA256
a43a35081f21694925df3e6a4a471b200f4f2e6b7585f54534881086d78893f2

SHA512
f49c86cc42ab99bd8c1afe23526afad9f77b65cf3d193b602572f33984ca434d64e0dbda993e12398740894c4e9d59b7931188892d06cc55671df8870c9af5ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8786b07b8e529bcb56843e52c46e664c

SHA1
dcdbc9b4f804ed9b2ed50206dce4d44acdd1efa1

SHA256
c999f872b0bc9df182f2455ad2ffb08494ce1ffb8a5ab29689c0d34a4deb0b40

SHA512
8e95d2075dd4b80ce771a6f4fa19e5192d02ce1b7056d0aa03bad0c67c333806fbc351b012a3fbe918d382ef586543c113848a957d9ec44a0f9b84f624bff41a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6a7e66842b037c649b1ffb93928434b3

SHA1
d675327964c8e7dc0bc6bc39483685a25fe36053

SHA256
e0b094ecf5b0b9c723d8e4e3ee108ab9e3c13718f2cb52199fd14aabffbc3a37

SHA512
564de87c9ac6734bf8f409f82ea9fd75ef331a7137ef3584ffc400f1684c007f8f6006b016bcea0381bc64db40bfcd393c1b237775b2cdf6101b14925c1f3c88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ba2ea2ed1e44c5ae144963c0feb54c09

SHA1
9d705bc08471feedb64fe1643c317689593501fc

SHA256
9239ca0d700ec94b2fbd7ec86c8e53f0ebdf676498ecd387a962558a0330eeee

SHA512
faaea8dac2d8739ea86b7e526cbe9c83287450fd9328c2232f15b200a8b2cea95857e551fd198e99e43ff42513ab2bfd6411e1d0c317bfce36255c16873082bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1c3b2b311ab944958df13397c0d41073

SHA1
cf36979f4c0f36333a6fe75b8aebd37615f935d8

SHA256
d04e3232e6b984d7bc82e2e3b8b0ccf3ffbae60e8f87500308b422a1dbe85332

SHA512
c5c5fd1db3ab6b72643cb06d7caa9617422416b267f609c8ad64acba59480e6a18d796efd78c8452a46e3df245815fa8b011eaef338f6620ef7741618004153b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d4a345b19f78740ec4c0b8b177618b9f

SHA1
af5a293bfd1e1782b49ea29abe4457759d935889

SHA256
540df574e7364f5fbb596d2f2f307e66be5b9c9fc6373d75f7cd5c3521d9c42d

SHA512
a51e25129b7a8a5b13f8057f239384c5470a39127eb0668f7b822059f699719d5eb21a474fc8077a5f6451318254f68e7d760cf54bd3e33e3125c156cb57fa84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f3448819ad438cc63be195ddf5c22b9e

SHA1
4f19b41466e819d247ebca9c12ddc5ddec174605

SHA256
d27a4e2ec46ae1fccb97b9c06c8800a4146da1a243d9bd4dd87f4084d0d77ca6

SHA512
b21ddddff19dc374a3de53a1c482821393fdf6a1f9f56eda8ce77fb4bfcd31bff661814a6ba761d5e50ae01e64b5a23ec9d00b6cee21508543229aa07c3386ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c9602a7ba373adac37e2e615f222fd68

SHA1
04c31d1e50643a5307ce156b6efec6033dc50d98

SHA256
4d57f70ec2f90f42a949547096efd91f374d2f56bf59755d391d71bba19b5822

SHA512
251b754e7ae14aaf3328c2771bb123339c8431ff3b684401ecee3d367f75144ace025c98a5b0bcf22a9fb3387182b0c8cf1f4e07f8a56a4f913ef1c0c5421bd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b44c4e11e101c6c5982f22cbc1768979

SHA1
4bde5b665c6fe7b0d0b450891c2b5d58bc1068bc

SHA256
37ab485983b6d13afebd9ee5770340526c1a75d1e55136acc560b1dff31c3ac5

SHA512
03ed44a89feef09a4124e3c8df492705e8d54abc8949c3de82284c16411e480851a9b0ea71b9bec48af0f680b4b9789286991be379c916763c51076a19281d67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
52b70a6568d90f7cbb70417c9105fbe9

SHA1
95c14f6de0b4b5a679a3dfffca85863459963401

SHA256
c0af98b2206137ffd42addcaa02f5e99630c5a5ae4095f867b2534a2ba61e1dd

SHA512
0a8fb34bb512729c06081b35d1af15d54fde60e598f32c74bf8c11cd7a99135d48bf4748a768a15eee47697cecdaffb8473b01fa7fbfe93810a810c24eb3868e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
242905bf461935e45b8c6c722779c8d6

SHA1
02f09573be1cd726e6a5a985dd0a584f8572fe39

SHA256
e6530533f98befaa141f0902211e81059cf3b17292f079814224f25aa1fb1613

SHA512
ae35c1852b286c30e9d314945b34f4e23ccc4cbb68d25af5f49f911ea24d71a6988e29c0784575c31e524b9e9173967e22ff1c661eea7cb0087f0fc2e8dd00cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
68182b53b6bf7523bc06ff3fa0d39c9c

SHA1
f02bdc9abf63162f76450c002c161110e1557d62

SHA256
fd763d5af46cd0d4f6c3aeaea6ffbb56eb68a25a2dcf1e0cdefaa444478a274d

SHA512
d3d3619461542d88d0edbbf3aca608ddbe2ac9d7f011422f4fa8cc11d3b2d3fc857db05a5cf1fd5045c55514647c5c869bcdc2700cb1860c882fb6718eb3587a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
56176d0c1039bcac974c326f4c32aa30

SHA1
9bf52b4fcf78ab858687fc1677a6b9c3099800f6

SHA256
a76965050450829b9ae057f03f8a5fa26a61f4775df73c64991a405e4997ef05

SHA512
0d93717f14e133bede503009fc2eb60892db2a06d1f0e2f93151acfd1430c5004849f656a2ba02128157759c20fbedf82a64488aaf491b535598346cbf712537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f94881383a727661b762be969fa6bafa

SHA1
5678c20219278fe825450950320a103ce17aaa27

SHA256
d418d5115832929943376fa1cf1330c7e2e1ecc53395acbc92ac838d3a7d3208

SHA512
131beb1a38457b0a88996064d84fa6b94790cf54d9456e9e37e7e919e5f38a2bca03cc2e379a3aa5ef83b433fa2ddb021c9558c8cce0f67c7e9ef0ee7affa7e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
584253f809e7b451ab93e4f5f5ee5977

SHA1
b824d4877893c8a8c4df18ceb29f7b85a4866a87

SHA256
994fd96624a3779fda428000ee430a82d31726918648e632a00b1cce8086ac73

SHA512
3c088df92a6742e4aa1316cca1b18770f4e2db3dd028712d63514af0197e10899e25b913f2495ce8a885e7db826fd18e3e03a9784be1ee98b5f06b36c47dc9bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab83B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8FB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar90F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit