33b06ec67f0748dc8fc0765ae21319b8d9be582f4f094e8258209c59b07e1da4

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 13:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

63986b849ca4ffab510da62f2ef7d554
SHA1

b334f81ce4d3dd864b848fc8000e660630502557
SHA256

30543ba73d73ec1cb44da6708076017c412dec4b54676d9915f68bf3eaa9a812
SHA512

a1ce64cfc52eb8058545ea62e7c84713ba14083b26359497c50808e1be2b2ba74f19d061a3417532e7a10b039b6db8274d37977eaf43e9a09fc04c0de9e888be
SSDEEP

3072:SqeXDpwzQOPMz3PgEyfkMY+BES09JXAnyrZalI+YQ:SqemcOyusMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E31C6A1-21AF-11EF-A965-CAFA5A0A62FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423584150"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2872	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2872	iexplore.exe
2872	iexplore.exe
2096	IEXPLORE.EXE
2096	IEXPLORE.EXE
2096	IEXPLORE.EXE
2096	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2096	2872	iexplore.exe	28
PID 2872 wrote to memory of 2096	2872	iexplore.exe	28
PID 2872 wrote to memory of 2096	2872	iexplore.exe	28
PID 2872 wrote to memory of 2096	2872	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ccb3b0fae05a07045f308276846fbd2

SHA1
8f026d5923aadfff2a40efab8444e58663ffd962

SHA256
1f6f3ec162bd3d72c6144ede247b53cc902a3926b0aac5dd21aab6cf3f81da83

SHA512
d58e1a548a17153ada48209afba2c8527fdc2dd1d0e9e59742fb086b279e6897716bb9a1d03bd727b3c0b9d1388c2d75ab1fedf29157cb4b084ba226e515d5c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1c88e17363c0df9a519c4719b3f22b6

SHA1
f2a695b56428e66fe9e1b9af07650a6841121b85

SHA256
37b3977a73f800e35b51378388cd6ede5c2407da8ee54a4cb6ef7ff73bfc5cce

SHA512
0198460f4ab5f75338e122c8293315bc3f0b157f4ee89a41571fedb1d4a23fc64f7e057f8a4ae9bcdaeaeaa99ee3af287c018b45d7d67aa52b57b7150d26c1a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39439477710c51d20644486caaba742c

SHA1
4d58c2a35a648401c8b9095e938716f4d74eccbb

SHA256
80329ef4b30026a6e3da1d74de82cce013b4c521e7214c3ce4a7726c1db84c2e

SHA512
61ab3a82022435b8a6f05effeeb32e5bf622b52bf629a6ceb50fd96d10198498db70d3f324886c080dd366d00e4218b4d1ec4d2654730c171d7d934e6100a5f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1f8822338030f1d036aabbc70e4c34b

SHA1
4c62904239861bce9a10e40d22c5c8c7c160e064

SHA256
43b9ab8095b6c6aff4e7010c3ada15694a86062e3779302d7ab623044649d1c5

SHA512
7bcbb97d6c431f9eb1003e63721aa9d943ae37cc17a232b758f0df0c6c46231e500479bbc955bc06a3cf302a3e50d3370156a5e911f52a70f95860e76be160ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
610cc2b01dfa39c67fd326cbc34c99f1

SHA1
7fe1aee3faf6ef014fdb595ce3a1d44d16cc7a68

SHA256
1c3659dd78ab9e98fe4af5f390cd4a3994a68417047f5affb060402126ff2ffd

SHA512
4ac236503c0c6752ff8fd4d74bdea9e491a58a73a75e9953a46d1ebf92fdf5d8a3ced138dce62ac5448c0260b8999e017cfe32981532099608e4e024dae89ca4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05274fc72592bf35acf04b636dbc515f

SHA1
f71083b28a9078eb7b723b559e62828d7faf6fe1

SHA256
2f5813db890d781f2c0c8bf40e7236eeef769db160a4661ce9e4ae569d1cbab5

SHA512
1acfc02bd65f693ef3ee3b91cfdd2a7f8247929fa07f4eb6d236fcf96150b841fe2fe085701b3b6cc757b48a155656620d5db5579d55d1232c7bcb0c489737e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28d5d2ad2b931262903928aae4554cd6

SHA1
14ad8a3c1d0ab86cd89ed92dd2372597d639a803

SHA256
4d6f8760ec98648d774d5aac378ae354be8a5aa1e5b810fd2650cd915711d04f

SHA512
fecca93f9c3841f98b522747e7f33a7b0c60397f8de1eff196db8726c4455d715ee462ca8e91560c8f7cd7606e502dd0dfabcbb7ab012f006465677da9b3e8b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed59b29fedbde1c7232a1385a362d9ed

SHA1
ffa78ad61d0bae6269575827fc099e88093825ae

SHA256
c741978555ee1dba34a5d72d323f59b0aadcb4bb5d2148fd1e3d1d6aec188bf3

SHA512
50a8865df50d829c6a4afd416d7ad8ee9cb8402885f3923bac389f0c24ae88bd5c5363c1445d1e9903b7fc6541a0f123fde52a6e97a82051f32fcaa25ad41e5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0be35663956820acde15e370b681c75b

SHA1
ae6349984cf7396512b337fb967a91f45c9cd6aa

SHA256
8d4de590a18b4c2fda99ab81e949c201adfac7ceb19be5ec7acbfc3830bff95f

SHA512
51ff17238368e69f755817896df078bfb384fa926040d76e8101bc492dac0a3dc2f97b40a67704019a7846b994db5705ca9248915f9bada8ef33163e3d5d373f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76f0c2bdf31924ed4f12d8ee4b8ab41f

SHA1
a20576486a91ecb4bd60ebe33f5685d536b91b17

SHA256
d0b63368f3ba87bb3e74e67b9b71d283d2e8e0d5951f22e3f7754e03b9b02368

SHA512
f0fe7fe9bd0c6f14925022430fa27cea34dd8f1d6790fb27ba8e3751024ea2a9aa88346882fd09eb38fc0494a9812299d05ecbcc0217fa5f58f037e5168a8881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1666c82aea19d9ca3cce1b3c58cdddda

SHA1
b7c9d1b2664a49a9ff67163f30fc542f675363a4

SHA256
2fd5e14b27aea607f7d2480d10cdd2b4c118c75fe1b893c518b16f84242970de

SHA512
85fed8a08c5d6fa8c024b274e5a84d98e1f77a2990be2b138d15583768fe69473b227e26740515df4f77bdbdccd51022d0693c062ecc155f541a4282ad40cbf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7b3abc8dc02501dfffadccdaa56f6b6

SHA1
ec356bec74715ec79dcc555d2badec5cd6934cff

SHA256
2d7f0a1b3719e8cdda10f69a13417364cbc0f34d200a1a7251979d4391f61548

SHA512
6d6acfee02cd2fff836cf3b85f09501d6906dc116d671c8dc53d2e10cd122cd052caef619ec59396a697fe76cf100682dd55713f47a55a2e529cbfc6f6fb7b4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba51865b91cfcd20db7b2882646057db

SHA1
06fee21501bb1bd3d752056d9ceae69df5169ec3

SHA256
ceaeb0fd504f923da56a0abc41be8dae8dd82d25c3d13425db47cdd9a680cbf8

SHA512
d79f63cf7ffa3e393b4a13e28afce942b8d50b1fced335b565512db54faa7cf31ff059db048b0bd9dd8c6f585151b7871071255a45b29b6877c1315622f485ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f29ec5682259d2511f1d4de539131c2c

SHA1
5eb13131f2d1176218aca2b6fdfbea322bddd960

SHA256
62ae026a1bf1a391a80c5126ca03f8205c052d0ac60c14f9b364fef706062ca1

SHA512
d7d4929bb708c2e0b54a13542d31e531d37af39c369802e33ea88100516cfd704cb1c82861e527443dd2f09167b0edbf8b9f8e749a73ffaedbd95eb8ab914e3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb309f4cc31994e2f6dbf0c626678465

SHA1
c76f43ff17800b5f0bb72067315a37aeb2499670

SHA256
4cefe17e9fef9eca53ea08ca143d1f01cccf1a2dc1453f29c30e6c48ba5aad44

SHA512
1a4c2e2034a1ce0219ace7e328f795f88112a3204b4516a9572a64fcb9bd780789dc0baa6110c040ef0efa563bf5cf1ff131b40a1c0ddec1c53742428deb230f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ed2566f557c6d5169f5992d35cf35f6

SHA1
18b8201f02e6f5cf89e6d8be0b56137095c3b25e

SHA256
8ab8a24d08a6b17ed4bbeeca0282551e9afd5f02ff345ce76dbf4d412364b663

SHA512
578523efafdd6d5f3b6ea5d036ce63aeeaaeaf169e0e23a0f7a7970bd065defdb5f38eefbc8fd05fc7dbae21a46945889b39c88c21bf97b52936243cbef25a0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a27b80c49c1bfdffd83ffca1c2a45629

SHA1
4eea8ee0c164494cf3ff3d2d0eacf0d9315476df

SHA256
5fbc1e2762634a5e7ae5ed4ecde1976d1ccda6a6958fab2a7410700f65d2d7e5

SHA512
53edd04faf2792c62c5c270980e367cb581b75e19310a54b5e536b28c656ad291f5d223a8d275cc9065ce5d03af6045d251e5ae838f1a725fe965341b13c2e89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c9286d5ff20732cb1d0f35370c07d49

SHA1
4abea858b875f8846bc33580a7681a9864040069

SHA256
43d31cfc1b3efd5acc871c965b43a5df485ddfd92b58ae89ca7fec626fa1cd5a

SHA512
e74c1f6342955a72d704383a40f31801938acc2e4c578abfab4ffa6b790c076ad5d4f984cd2938feed66a778048a77cba92154cc20b93c19bcac54df1d6d1bdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05e0a3534f0cca7faa3e947ffb14198a

SHA1
6cd02cf202ee4db2a089ccbc1ec7b9674f975425

SHA256
a07937334625f4df01fbf2eb122909186da2e320ae8821e64dcbdfae96edcf0a

SHA512
728cfae423117a848c532883f20de151d9acd7c4d1492e8d98deaaa723760ba4b59ebc692ffbe065631fc8b7888f7abc6e97d1c264d97661e4dd3a926ef731ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17C7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar18A8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit