ff10b17656a7750793ebab75f73de7e1007e7e9314d5e6758a73f8b20e6f03cf

Analysis

max time kernel
134s
max time network
140s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 19:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

31aa58715413e2630c29a71abc1cbe2c
SHA1

d3247f9e23794c9c7c73f0555e276d3e4f961780
SHA256

113e5c73c0174bf8569f19ba3ade543d140528bdea0aa207629b1f85a44f404b
SHA512

94ef54046e8cb236b30757ace4b993234074ee28aaf6fd0d2a9131e1b34bb2eb6f9c8f439b93f5db7327a32b168f26c3172757d8599ea8e8c5d2f7f513b4002a
SSDEEP

3072:SUAlkAhUKz5yfkMY+BES09JXAnyrZalI+YQ:SUO/csMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A1C3F521-2113-11EF-8B04-EAF6CDD7B231} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423517235"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2180	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2180	iexplore.exe
2180	iexplore.exe
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2608	2180	iexplore.exe	28
PID 2180 wrote to memory of 2608	2180	iexplore.exe	28
PID 2180 wrote to memory of 2608	2180	iexplore.exe	28
PID 2180 wrote to memory of 2608	2180	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28d1363d51e9a7a3cd4c5119ad6c883c

SHA1
d5e37c17bf0e897dd4a7083b563351f015c49c46

SHA256
a42b168468239dbc16414df2e80d1e0020d8dd614a8488b436e3beb9758b9ef6

SHA512
240a6dc0c0095450f170ed56aba7115b381b1e12eda79d5030d339eb76ad75869ebef6e9d243a696596ea83fddad32df535c95faa0a0d395ee95686a0dd239d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6d6748a9c4faf4d002510488d13ac58

SHA1
64df8bcd59b0e4f6d6ad5b2d7b5571f652f1873c

SHA256
6100b41ef8e1ecd738d2d1868b6fae51019a272e7692935864b0362df8f14c0c

SHA512
ccfebdadc923d6cd10b056d579b6b197dec7b699dc83b11386750e07ed79ae33addd7a89c2f7b504256ab31b12dd641d323976672fa64ef55c094e8106d850fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47c750ea00b265fd2cc7b19420b48617

SHA1
95df30862c84e3b1e12b01874d8ec79d4dd39a25

SHA256
40a3ce0792f01fcf85170f2b85160b665e5a780a5985c36de023a92ffe30e9fe

SHA512
4a7ef0b787e41748365418470a65c307163e8a1fdaa67f41443978284bd8124856f04b6cef60ce8a0e568bb5d2de0de921cf5bf20b5fec04b73dde1dda861aa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebd7f8e1103f68d8f9cef322f0d681d0

SHA1
51500952081fa6fba30bcccfbafbea27a6668f1b

SHA256
116a0df254923a87343be6797b4b3893146ea63616e1ef071e4618f2efcc0241

SHA512
1e9ee3e55193a19b3e062fa7c3e6f3295f737344ae4ed226dd3505b7aa45e034bf0d871d4383943bf3b43876fe2c44245fc80aa08f00c4549b9ea16036f663e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
697871c2b5a4f377e7e0208584fed5e9

SHA1
b6962b7e5a22156d0276253a72ed0e0218d4f667

SHA256
552e030d5a9ebb64c9311089b65c9e349dbb8aa241a63c7c87011d7a39124a5b

SHA512
36cce42c887b78acd0693e3942a4779c8fd52b874d223941f56d593ee645b36f79726db0e3a9be6ec7889436bf61028c448d2ba3c7bed944b11bb4fd222ca8e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79fe2ee34dcce5381c7134481e735f49

SHA1
32beaefa6a7fa6a5cbe1ea6980eabd189c41f0aa

SHA256
1fe59eb47c549aadd5eb1ef18d423414edc05a5e8abab8ccb848c7faf41d291f

SHA512
3423357af361885b2531a3d9ee318ca2bcdfabad806a1ede595bfb54d261e2850f62f47365a3c286f69f273c4a8b94c83f9a9ad144b872c3f0d6cfb54550e763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a66a7a586252a55c0eb40aabaa93f607

SHA1
f9dc32ff6a4eac84267c5def0f5b1822ddd7ac3d

SHA256
e9a97a50480af3f85217ae8e30afb9022a1b27e54cadd6e68b86941f2fe0d92a

SHA512
2f5763ef51009ad60eaea3d868b96e28e2aaa9c39ba10082ddf7d8d74c26b186877606e3632d9508c714ae4469ab6c753b493b009f980237587d21bca696c111

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b88d250738882ac3b85fd8528a424776

SHA1
95c8252af9f5707d870c48cf5a61135304020236

SHA256
6848803a607c39c56f1816f489ba515225bf63ebc857439fdcd5d188b26e7335

SHA512
5a60c271f28bdda0eb01096af3d41174758b5c1a59b53a6c06929885214cd7b6308f3bd81a789ecd96040a3f2aae8f0cb2cc203dc97350d4e5580c402d753304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5929a0794d35fb42000e224d0c556a99

SHA1
01e9699a72512459157c6ee93805c25eaa8be798

SHA256
807c959e7cc5f2f2b8458ca427363ccf4a262b5ccccf39c9ea65044ff1c5b442

SHA512
1afdf98697caf3be784d48c4b0dbaeafd58b677e27858c6b8adae07f5dc57529021184bb9def2db5cdc7d1fe1bce793d14f1d1eb6a05fe9cbafb945c540ef17f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b637291b2f8f84fd6e77daa73d9a57d

SHA1
663743c70559b8b0daba26a2f11e72f067a52976

SHA256
1c88fd928e098aa74952f110d8cc678b64252b5d93448b519f91ed9380049cff

SHA512
09943efcf910063a0d74727485f968d5ba6341c8daa15bddd612de87d6c9d987aa6e3007ecc4cf82b18f8fdbc607f5696011b9a123e25d5171d70dbc2afd953c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f73f04d9824d75e7244cf9eb522e0a9

SHA1
26bb4066533cd789be9d6bd3143640df965cfe17

SHA256
c8ab58d229f38ed13b05d7cb4d8d98a6ef7c820057802427d527ae6f41a35b19

SHA512
3dbe5df97ea03a69b7ea630aedb78754ab1e5cf2e229cd25450e7af477dfb41631b907ca036736d9a1e767632f2908dd9ce17e1bdceaaf5ef8aac6d81eb7bddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2724c6fa16f29c8cd41a5911b126f61a

SHA1
d520d3a0d1a8e91aec442ef0ed1ad7d68572165f

SHA256
22257901fa72800a2a86f5bd0d467f3d13e8f52acac4b5546aa6fb751e6c93c2

SHA512
86d7bcfefc5a20c043609bb429e1d32a9f0c40a843d31aa5d95a82f2d3435044fd0656128aea50277674ffdbb8e63cd6d154766c378e03c2ffd9d7ab853b8289

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a885ddd505f925ece4c5096ef86e65b0

SHA1
074e88413025ad73d20f3fef9c6c478af7813db5

SHA256
be5432b1a58e686bd480d475add29bed42f02dd09dfd81c4e80c2d7987b6e64a

SHA512
85a355951d4f0fbce9542e149f358cfcfdec4971218127a3c335e3ff09cf1ef2c80c97d12ae64e8f2957cb8e78fcfb8c9cdee0c1ecbb5469c19ab6919fbd619c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ff650c6e6b20639107e9d88eca93083

SHA1
a0a79cfaa77d23c6bb11463dc28c1b85f9ab0237

SHA256
7f241dd08c110e9ed246f24d2aa1224db13f9fb8626ba7b66fc2ee50ac2df73f

SHA512
454cf11152e59c195b49b01413e2f52f8db4503c7291e8b85cfb9dae8cb9f8e9f459d99d3da4a8aed55b9332cb3b05445031b75a805584ad2e3ca259004156f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a0c3b1696c2bf7a4544f575058eba64

SHA1
0a50c0da9e70fa89680c61ae20fabb1a7d00a431

SHA256
12e9194adb73dacdf13845950b01eb387c4c0928cec2709a9f57d54dc924a944

SHA512
7054035b8288c3663d40811e2dbe07198264008e504105c8cf966f36c228b05cad725ec9677b4ac03c97d3c32fcec81d4a57ce5b29dc5090fdd5695e84bcb972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a84d2d5685c6edb8d265dbd86bda990

SHA1
391fe2d3b5e56f7c28dbe2640f88a43330c75818

SHA256
d5a97019391a41705cb2df9d46eaf7a1e0005f2096c96c71dd5c6c84dfb1c623

SHA512
a7fd5804e29dbfd00b7f2f41811364a39c3b3e04978f51a13c4a0c53e1973cfdf6e7e1e3a2ede6893e0abb3fff154640e6643e2f4acfd2cff809b48410c65e93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbd266f578281a02b449ba0a393c7467

SHA1
f6e074cf2f1805327402399a0c261b379e91f564

SHA256
3d2c6ff6161e171799eb7ddaaaa027fd17f3b7e2e5f56ee35d8efb8230fc4de3

SHA512
a2de36c15f44c14a751079fe1fe9c7da940162387d72cbb42b70c4329d6f8148e84f998584a942c54730584ea3e54ce5f53506d78dd33205d87e9590c011e29c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af5c31c908b19912bd5638ef74e28df4

SHA1
a9b96e3584f97f5b30dc4482e47f5e2408921fd3

SHA256
8d6f889953fb331625908a80eb57c72c6f40c2e8528fd97a5574b454ee88e695

SHA512
239e2c3c2752b9396feb84bc89a720b898e1c7d855f5c7f1e31ddd72d0dfa0ca360f6d8172cd924f7c1efce64f8731fc9efa179fa22941b88e751d7bd5065d89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ce3a1146306c40ad990b6c6ed2ee996

SHA1
5f3a5a58694bccd0edaeefb1eb54c92bdd287b39

SHA256
22423bb3664a3ed20b18191c616e952929a98a548bad201ca4d7e6b5b036c78b

SHA512
e4ef2660d82e38d9c3d1ba5b69a2654a26efeea94593e77abb8cc8382aa81868c8c1078c4403276a25d885a54d8fbf372a2fd810e5e3135c064ca171cfe0dea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3890.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3942.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit