461444ddddaefe210d8c0ecd4fc6f21ee9a13d62da9b1ccbe29d00154fabd166

Analysis

max time kernel
137s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

52f675d057fb7162ead317b5b8dff3b4
SHA1

22f4e0785bc8a09992d081f8e97c61183174daaa
SHA256

a0d0224055ac1e7c73b1d828388d09d086c736235cf0d47fc6169ef4b7c3f84c
SHA512

6d48bb1e5940373831596184c46496ffa858bc128e60d04d913549aa7ecc4a324f95c9bcac013ec6e3f459838944aebaf79c2ef691becc1df88acf0ac5c4791c
SSDEEP

3072:S7XqFxl8mXTzdyfkMY+BES09JXAnyrZalI+YQ:S7WnosMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423770893"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37D88A81-2362-11EF-9667-569FD5A164C1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2724	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2724	iexplore.exe
2724	iexplore.exe
940	IEXPLORE.EXE
940	IEXPLORE.EXE
940	IEXPLORE.EXE
940	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 940	2724	iexplore.exe	28
PID 2724 wrote to memory of 940	2724	iexplore.exe	28
PID 2724 wrote to memory of 940	2724	iexplore.exe	28
PID 2724 wrote to memory of 940	2724	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9db211be9a7648ebfc5ef5c4518037c7

SHA1
64489be80b33894ce9b23c482157c9999b100470

SHA256
3c68c0909ca5067e9d3c4a2938760d5803e91b46ebf6439ebbe259a395889c25

SHA512
b9797cabd6ff29ba9121c0b756c5bab24ca118d3bba25c0ae4baa9de0346ebb222fd062e85c83ca64b671dcaeb17dfa959409d729270f38364d049ea18563ea4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a6e4a9a8b3f61163402bcfe0c763696

SHA1
a4ad4b0e8adcf10e846e4bf80fe8980ece09093a

SHA256
8852de138897c7e14f83d6fbff3a107419134dc2f1e3fda6c7cafdc452e72202

SHA512
8d36eb81ed486fcf1b324ef0807cb4fb19b57e2ce7b05c15c6cb5715ff9bea06fd96b7b2b078d1268bdb4c1527c25435f1a95d57a187c1d22adc86c8755b3208

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e38fb9b8ae40bbdef3bd3ffb0b27a89

SHA1
b6d45fc0a11ba8fac3168c2675aaf5d1d0ae4b90

SHA256
d783e8ef614871b381ad16a571c8789e5ad7afdb16cab8a909c98eb5a7f92517

SHA512
e8dff9f4d7ea092cda7bbd1246f30772bb8274ba35aa011d8aaa6ba4340598d16f80bff6b05fd05025579971a5ca1009aae82b34a313536939dddfa2f3ee3ecd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b673c40739f7be1a4821a3e34bf985b9

SHA1
01a1f2b5a9f295692bacb64b7fe8c36860595086

SHA256
775f3b6d96addd6b1e6021d670ed653261a49ffe35bd9e385aa0f2111b911e63

SHA512
cf26e23eccf536ba5145ee18bd8559d9c8840605d8de6fd7c93c6c9b71f719ea31a50658407ddc78fc82f8469c90987165d251ce78e4af4ff0290f0829794552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de251343bdbf17b2a4abd4ed8e86d791

SHA1
3b1757f353083c8302bb4198102896314b342de1

SHA256
49603ecf2bf967bb56a64274a3ce2c12c9d2244bb5b7e64ff1207574a980ac5c

SHA512
f3f3a6af964cff22a419c6971ce2c7607ac03ec3e5ec3b2113081a5fc00986fe822fb128fd6f2716ae061ebe677a26e48a93b1dcc00505be711e1501475e2212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06bd4a94ce4ab54ce740f5ab88b1e1d5

SHA1
a6a2de86acec5b2d22ea8abbc529d8be037f0eec

SHA256
0bcd6393ed22e6bc14f12a1b6c170fb55520e388a55fd2da88329800662fc8fc

SHA512
66062fdd7f52295d1349f54fd9e32996f637f33b8a3380f475432fb257ea3c9595c3699c7c7cd02711a2bde454e3aea83bcadeadbbe2315166e2cc65fed72119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0198054030d5ae6860e796697fd10a22

SHA1
b4a7f964da2246909de4fd3c5fed292a4ac21b6a

SHA256
c5c47e7c6de8dea6ebfa4048075599289b1c3c20241133a2bdbe9c156e962f5a

SHA512
b7dbcff848934b70950406bd43063581e7eca019cb21934c96f58623763292c477ac62576eeb8432558f0700fed129ba776a3baa419caa53845e009163cf58a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8e7d761c6bef68b8174f8579233fa51

SHA1
26d7e605cfdaefd4aa4b3a308bcf3400c4396b26

SHA256
e47667c391f92b23efbf0d2e9dd2120351c2a50df626f47e10260954cf67ca15

SHA512
6b5cb895491b28417893ccc05e5759ddd8bd627d60da3ef14d82cbf81c4e87e678db93464bb24a532b9bfe4b3b1bfd14b3d2301d070453d120a71244257d0b6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f1eb0eee1f3a10f050e6232e8cac582

SHA1
82cbba3eead9b2ff998055b1c6bde6c1274120de

SHA256
bea795566635ae260bcf6312ed2d2295cd3b10aab60f3de90254ff4194cb1f49

SHA512
18bc2171e737963320f776a138ef19913cd47461feda55b846059aa27b95b650bd64232091bd1bf285c61d5beb5556afaadfa9ba015f4a88d83a551737691669

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afc822b7f2e0d99d30ce943a457ba4ca

SHA1
1ed284ebc3dc6b0d358818682a27e64a29708da1

SHA256
4463dd0e170ded77f0dd51dd53260350e28b2c0e840ee81ba99e847bbdbdb1a2

SHA512
04fcd98d968badbca6749ae705873acb5f9de80459bc8743f5d14af8bcd830af0357c51a0854252de65d9328ee552230b7e736996d40a39166c00e4c8da7099d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77592c6e85fde23660679895ed3a8f4d

SHA1
6d42293de795ce662a4d5db00ee38810e51c53f7

SHA256
ac7e1b39847b6d0291f5c4222bd4d50c27adce9fb830e39e87d8b0a836bba5dd

SHA512
0c193f294742717ca7d52ac1e5c56267aa82294ef9a3dbe586d63f4258c7215f13f0f115de38a2725f803410d5020a3eb2750e76631f3830a33e275266b1efb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7400d9c07ebf95c3261ed40de6b11c6

SHA1
acb4db4701aa0cb6e5ca782e81163317defbc7dc

SHA256
82ed2955d3f9e179a89009ce1628cd03915986ba40e12c04a13777f1e36dcb50

SHA512
05b7632d70806e7180530caa975d269b465131a363ad3aaa7792061c220807427b825face153ec0eef02fb41ab6520103fbfef499d572e99253e7375e9b01c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4a111569dbdf94d1cf5269945a07348

SHA1
f44fa488bd889edbf69d601a4335ec115cec275e

SHA256
6c0d91476a476071e4ae789e086c55e0ce98094580cc43d230a78a6f0597cc9b

SHA512
ac4b5ba05667dde14f2355b8198b6bdaf132cf975bb44dbb279d42c87246c5ce6a4e27cc5e3fa16d682f2588afc5609cc9bfd6fa9a8c221499394978e20f1b5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dcb428648394ff284959160fc442a88

SHA1
2e0949dbfde30d83421cfe5166b46e562c1fa927

SHA256
27660d023049220b12c113b515fa8937a6145eab61c2e1592f5e04b824eced3d

SHA512
106da4588151abfd2ae7363220aa51e6833ab4ca088e3e56b1b39e284df9d53805b33387de8b3cd95de53b5d0f3bcc8d704880ce1fd10d62ad3f4210457542b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5a0d19e200feaf314bfb965e3d7b212

SHA1
1373272d62c84cecf603e61985446b76dd73ebaa

SHA256
63e4fcfe753816ccec68c98fe44791f789ea22e1415f712b3f91ee7d837c2cf9

SHA512
7d1d4330514699e219e4f473fe883860025c1dba3a4ba57a90ce8001243569eaec6614e48540373418545afb8842c35c9e6d000369c346a0768124c81cca7a8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04ea00dd349f5d5d92035a02e5f02785

SHA1
31b7a6804c9a3a332740e2b2a85e172da387b42e

SHA256
e78ccf9923ffc59d9dfd2ae3be94049a23a7c20fc37c6749e25ab35406395a0b

SHA512
2268049aea13ad6e77f10e439389bb29b476d57250408a18a2cad586dbc357c180e815957981d557fa6f23939051872c163316e63fcde7ba857cc788ccc25f6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a529918c4297b8a6a547447ce398ed8

SHA1
d34a8822720c52a26244f72ea7d2d2977054fa6a

SHA256
40be16d0da792ed2101327de94400c48d206e3c47c7ea975c4cc85a0bf6c0cbf

SHA512
0665596c84c72b4fba81a846fd309fddc234b133e68407b6162a58effe91b57e57bb98fd60e5cfb839e0146bfefbd02d6ee81ebc3933a1577e254f2b0a79c6b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70174deae8d35ee1b5a95b1b8e3b9745

SHA1
265623d62b189e6accf4518339268257193ad0e8

SHA256
811d4456e03c84e9695d0cf886ba87d3e4d68cfc8454956229962bf5c036d4c1

SHA512
8ad95a4a9e0f46eba542ca057a9d1c1e19b8acb8e93c8d575d020260a9c71f233382a91b417edbcff579d1819f256da564ddbf04b66d3058e375371afa180ff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79f0179f10399851be2bec466568b995

SHA1
963c63a10bf622523ef4527ed76b3e22208b04f4

SHA256
10014065992b9c4604597622a910e19ed152665035504e9283a458f7e3e96041

SHA512
a2191401e36225649386d2b994cdf5c533e9402ff322879a622e070316bf7149c4cffff156f595500c3511189e18213e4ef63813c215a9c288845da1cc99a40e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8C2A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8D37.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8D4B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit