20955731a0a9399764843f6ba8cf2a1bbcc3c605eb17a9a74c490bbaf350bb85

Analysis

max time kernel
132s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10-06-2024 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

e716938f1d2b60bd78e80cce8150e17f
SHA1

2fbe442a79bebbd8fdb285d1482e1aee9e7ff815
SHA256

56f8a81e88bf7270033132c755d1ef1831d8c840c05965129e1d01106cbf7c47
SHA512

be2ddc79b15ede254bd3caea2100ddd50feda3eaba73758e2a4a09904980c651cb4b8847f6a9b238754976edcc44a92fc2f7f953b405de3b1ff4098e82cf1dc4
SSDEEP

3072:SJ95qAUDstXi+yfkMY+BES09JXAnyrZalI+YQ:SJD0sEbsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424152599"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F4C7C6D1-26DA-11EF-A48B-4635F953E0C8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2060	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2060	iexplore.exe
2060	iexplore.exe
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 3040	2060	iexplore.exe	28
PID 2060 wrote to memory of 3040	2060	iexplore.exe	28
PID 2060 wrote to memory of 3040	2060	iexplore.exe	28
PID 2060 wrote to memory of 3040	2060	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dce392a83972b323f787eea7697edcdd

SHA1
2671e16e0648ce581d28a6732318ff876e98f89d

SHA256
162e2f3bbf5f2b7ec95d7e16616a86fe36ff169872b7ac04025818e7d42e1b73

SHA512
ac030446f96d7af4b1dcbf7bca6329bdfe42138bd4ec21941d8c5fe0d9fc9aca1c617935e86a650678246a98172b563d20fed6aee8150a19196938d7ef20ab97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80bf2e65328bb1f80f106623973f4529

SHA1
5a5486996bcca718f3a427580110fbc1e205ce11

SHA256
493eb90bc9d6fa0989951d1f9859d1b5f161cab0dcc4ea354a731e8e425ad66c

SHA512
22d1749a62f42ebc3ed2b16c5bf6ac44d4c891e962dd40b34e588430bf1d37eb0af80329bef574c58b47053ca02a43132963502f4cd69854c6f79d13b497c5d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56308221e2cd371ac82bc46694cab9b8

SHA1
acd74241fd9551ead26d450331f87da0b5db00c4

SHA256
5480360e779727ea87fee935b025b6ab374617b4e5b499a63e253da3a44ebef2

SHA512
d5b112c2d6fc36fc2984fd622ed3292f59a11377e003b24458233a34212cdc36c958f86968726ef8598989852889e7d5be0ae1e196c50b37a75d2fdc269c70cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72518e2acb6b814a6b461f932cd9dd02

SHA1
40fb9e55da183af283d35ee486dd954287e941b5

SHA256
2daab1f02f6192c503dc50d0a7fe7f8859ad883655c321c1aed29f0d9e278882

SHA512
9a20be4a5cfacb07adccd91ae9249d0f007abed1cf8b7acfa8f6ed7ad5b0e8efdb6ec20d50f713e7ae108a3c6cc338fa29fb18a2191e8fb58a7171373d54fdeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba297e16256382eb74f9a4c065b83202

SHA1
62120655d8231f5d3087270d9904ec44eb411e68

SHA256
f96b47d903a4eb51d77b4437c20813501f17bdabf7bf8caaf7e8d53ec9d4101d

SHA512
05d6f1ae2739060bb0d0784172fe183bccb4f399e14dfe1d7244330f36aa172a984a72715fdd0514879c52bdeac18431d913bdfd215c8129de96cfdef84d1397

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b813220e874029153e7924adf8fb1c6a

SHA1
eb159c074722cfc574cb0b7e7bb85236164bef72

SHA256
1480af455c1e1a1c2f28e3b5ec6a89f99f0c795011755e03179d696d26f2c6e2

SHA512
f5d79625b077f189694d9388664b6bbf1138e25355d9db1818117b5abe7ca3687f4e2d351bceae0509a56834fa723df769099a6f75bc6ce4865ad5909bf0ab6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c478979c0efc55b5f18db12d0101f67

SHA1
93d209d3e82f36444b2e1d5599d367485d8a633f

SHA256
d2d7fedd22fd9a8745eaf046c51e5c70de733788b0a3efffd9d74c4934d242fb

SHA512
28a15fe0c9b80f67171d9fbc73a4deadc73bcfbdb381c50249ddbec3efe77801a270179297f2da5a92fefb91f39a1fffe34fd70de180bb74d7ac7ad06224de25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f69936c643fbfae1affabbfc8ef60e0

SHA1
6e988372be1331a3beaa4cd3de4971a334cdf4b1

SHA256
b4dd3447caf4ba2004a980a77414c346cfe38e9d53ea276f1d5c680e403a8093

SHA512
fb48c13e0c301127c61b5ed82c5b56added41d74946a3f6011ea0b833287b2ed06d4bb9a5f0ce90f583bee42c781ca13b701a12cf7a1942e836fd8e4a5f6c385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98c2de4c7ef2fae1f56b90b01c88d2ba

SHA1
3a6a488ad3d767a5e5dcb775b6cde66e28627e09

SHA256
2da054b1a9852ad246a0603ab15c30b209f3760c2bb979901e9e9a2511513f55

SHA512
e2bdf225eada53207cb15e9fe12467399f1c428d0f84ada87ec0f95880bdca446e3e53d77d3c59c7f7984111472aa457959354847eea8a906032afce2cf8f7a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7693e285e99ddc2b5b0d619a1f01eea

SHA1
639ee2a9fc666b847fde53e546e850e96c7fe6fb

SHA256
3a4a38908bc9ff952939712bcc054f52f8ee7bc5a3e8a719a03a2c07eb5507a8

SHA512
7ab9aa5353a4d60da1adadd718eec22a4ddbf0b5d0c0538abc54e6760af89bd86506fb7d85f2efb09bf6f9a2c4aaf4e38250d9f1d76097d7158fb6209d2fb6f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
855627237d4097a8a5918f4183725e31

SHA1
b19cb01fe9095a35c0d096751eec21f4c7c9d9ce

SHA256
427c51ad08baf00b18ee20cbde491f92d24c9ead8ea9003ed7081cdfe20f0547

SHA512
6c61fb38b1662cced65cd5e5d31e2ddb555f383a994fa87a7548317b0c5195876d0681446fb81214ec6948b7fd1fe46f6bbcb963d2f31c3be16c68b2432ef23d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbe678c560bf6b5a44ae95024c36fbee

SHA1
0f563d609a32077e059ee9602716b3b70cf089c4

SHA256
c8edc8fdb19ce65f4d8334112545ab72da746eed3d8836ca6e21c1522765bf28

SHA512
07132e0d6b356b68cbae61c5f821523a94b13e1a95c810ea92950ac681767b8ee4ab4b889ef6c9a774dd55d29bcd1752cc86be95fe68bea28123118d242da990

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fbcbea0f43865448f5cefc6e07f813b

SHA1
2ba5c7d9af3618f78b30515bb6fd04e6dbd2a729

SHA256
519af6f87df6f40d57e4642875c3e732190a011bb906876dd3ad5e40560f7390

SHA512
bc65ac32f017f9c6eb881bdd44ea461b8bff06cd654fb514bbd54be257e4cb783941362e331de0c996f5ca41b5693e1f3138c7f00db28667add49be939312832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15f5d655b5d6dffacaa10f056e053360

SHA1
e4001b9a229694fab3de59b11e80854a4fc45a01

SHA256
596e0d80ed93bfccbb781fabef2a58df4f15ace31f744dead4d4cca11ab789db

SHA512
87d48404492e0ebe9e75c79638d511645609bf30accca56982d68656082e9ca167e450fc15004843a7b00cfc327b3ed02acd8854d8369f7848b6d4420cda951b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88d1530c12b8ba793bdc23cf1ead771e

SHA1
64abaf37d9377ee3d9133eba9e48c58abe90535f

SHA256
5add062ea8dbf9a914a8b1048840cd41e14bf9968952ced0a4ea7f0ea3ec123d

SHA512
f4724aee910a6c6fe24d8ebcd333b028274cf777344900b04c4a9be7842b66328a31124bbb6088765e033cb8b87336c1689c016ebfeb9ad66c35b62ee6d4772e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
098b816d38249fce06deb25e1b956313

SHA1
cedef3b42e9ba990ef5ced6f990b815e2bbbfa08

SHA256
3655612e141de2ef4b4d3a39986c922972658cf7ba961363df0ba8d5a3102164

SHA512
3a809fe6b66810d41906eba51e91b9a2c760e2bb1a8e901cf59a6394fec9c37f662b187284c4d5c5e613cb7c4d5783a1be026e5a3c7c6987de0d737456ac2dff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2f72feadf414268ef1bb575bb8b3675

SHA1
2b36e9d5d73c8edc2c9be4d05738e9e56bd2ac70

SHA256
22cee6f7961308910b3bbb73c3e8c4850df168ccbddebcffc530cab046edb8d5

SHA512
97886e989e24f312144a911274364a5ba04c5349158e39fd0ebf729d922d53223f5737a97a8fe47bee705a566b1bca4e389de7ac011f23ad2a5d121ddce44df8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
198300325698836f462a5f8a3cc21242

SHA1
4de58af9da8ae3b902b435cf254a296d57f8f8b3

SHA256
1592c7565d7594551a1ca98ea127fe181bd77ac3a53d810b6ba554151197f5d0

SHA512
10db54684d29abbbc0d369ae27be88731a0929ae33b10a0604bedc04cbab0190b61a9d96ece233bf3c1335aa92f3324efcee993b9f7b41ce9bde7e8527872f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabED0.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF55.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit