7de80dffae2968eb2678e6adfad338e633637589762faea5ff3b181c166d08ae

Analysis

max time kernel
138s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

6ace11e7bbd101d3c981e13149029ff4
SHA1

712957002d05b6e27b92426e049f2c7b0484e9c8
SHA256

2a6adf03e3d274c9365a9342ef62c4e96c0bdee8f9fb894a58820e1d68c003d9
SHA512

220bf00b8dacf1b5c7070a73e7f040736b59501b298f6aa160e5c13db979660d6746516b392f932e2ad6e0deec2807f2fbc4db1c5656f039640e27d5ff623fc9
SSDEEP

3072:SHkdKsnlDHq/nyfkMY+BES09JXAnyrZalI+YQ:SHMnk6sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D88EF321-27DF-11EF-9511-66DD11CD6629} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424264652"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1152	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1152	iexplore.exe
1152	iexplore.exe
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2316	1152	iexplore.exe	28
PID 1152 wrote to memory of 2316	1152	iexplore.exe	28
PID 1152 wrote to memory of 2316	1152	iexplore.exe	28
PID 1152 wrote to memory of 2316	1152	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9981f37dce467af64431cfeaf04218fd

SHA1
cd5e7036bfe8e3350b7a28e386f9768235f58433

SHA256
e21c2c62fa22710fa0e26e83bdf9c37dbe371de669d09035980b0b60978f7a16

SHA512
b8bee9abe5672c72d56063f96e79c0eef0892f1ed634d638416e8d8d1338dd52803fe5d4dba09e78d26e1e2e370281f37a306d1ca1d949788f2add15a3e8672d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9d0262c51f99e759172d63add3f94ea

SHA1
48f7db17f7b571ecead26775ee6a5dcad3038795

SHA256
2cb6771e1b364798ee84fc61113d135994f6f88e1cda36882c8933c0e14dabe2

SHA512
665438dd6308671e2a2db196d10dd9ce8e30da28e30dcff5da9ebd891791cb48535cdcc29e7aafbfec3b6b6655756081036a73fe4df7b4b0361d185e10ac738c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4442fa2b3aa0e58ab0d0d82681192d30

SHA1
66c2a53124ced81178dcd53bf2c841b4baf7a3a4

SHA256
ce5909829f688813a0e5e13a2e01545ae8046fc84f4fc0af0c0dcdfc8291eaa7

SHA512
b97bb5269a44ef369a03b8f01efa8bca4a8f6cfc5d2053521d22148f56b061258c7e00cce0fc84941026e1553954f36fa6b5386f6564095848123e0539cb1c44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b346915eb64d3ac2c9341f5d8e058996

SHA1
da56d892ababb1e4569782d9401accd395e50f6b

SHA256
880f50842aba53b1f64fddbc1daa18efe992c29dabfa4c7223b8fe84c0e64d30

SHA512
f2414d71ba3e30d6f084c50ca4f63f7871d576661623e4a25bf93343797e750e8fc0e054a4382cca763a23231c1a9e9a85b7b7dd817245384dcd7e01fda059d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4039c2e807de61170e292060aa6f7359

SHA1
eea304c71a9e906c5422acc0ce1fd7ceadd9e074

SHA256
f780b0eaeabd08d611f5e92243c290908879c9c7bddcb94ffe0a31e3ce042d8c

SHA512
3c79a113e515bfc78fb16296caceb7e6c4573302586684d716667c2daa01d332982d41cfc1096eedbb1983a45be0a34ab180dce1372322ad314d64f7d1ce7ff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01bbef00934edba697a226d5c7704a3a

SHA1
72f4581d9528fcfd89d9e52346d9fb3f487395d3

SHA256
698b59fcb30400c0d1c1b01c46e97ed0286367635541ff7d6e6c42e6836850ea

SHA512
e0b4a39eca09352a66e795ecbd9cab08ebb3c81e84ea8e07d6746e8d0b196b6739368f4d7a862af5dfc1346953eb1961ba57be901d755343b22b32a26764b171

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a95ae60a5145900c7c5c1813a652526

SHA1
12508e0b96a76b7fe64f8c668cbfb65e3fa6022a

SHA256
77f67595c470028c7a8b0e2e830a6ea8d004513dd1173009742270e99234f81b

SHA512
d02363dbc0d47c837f7ce13770cde458ef9014f29d18fe573150263179373cdb8e898e78854711fbd2832d30e6b24f28b8b7f547215095fed75badea1f1cedc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
924b8d74614457ccec6744b7c681727f

SHA1
f6b08cc0ae8a61d0cc0f25768595e3e705225cc0

SHA256
c9020c9a7a7385b6bf28ac8fb46d2630df5cf3d8653a52d5297d03f1ed990b68

SHA512
022bf2bcab569a62193e3cc46185a4d19dec69d7903ae165b227eba7e78555f3a0234a3f8a36d41760e074943b3884b507af62e74508a78e783ba66241672c14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1710b0212e97b127eac7fc51781b4899

SHA1
24f4f227d902d0e9609e16ab41c1abbba5878e5f

SHA256
699166489eb951f85600956132e36ee2fc8a068ef8af34b9f25717fea6cc0512

SHA512
2b440755f2a2f47b1ae666983fe1d132be5c8e566c1909ad7caf6c972f1574cc31d5ef9bc6a0affd2949cd4cdb757ed78cf0915dc1d31c46103e4c8883387b82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1365593fc2e53f8a0da8a7463e5dfbce

SHA1
e0701c5b210d204bae0010dcdfc4cbfa402789ab

SHA256
8c50fcb9203ac58a3f8fef9d28c9219b0942717fe6a03a370d72a0a8a4be5c59

SHA512
f24100a915444d8f5e618c2209df0e28f08a5afb73de127232808acd5d1b57097fe5e85b6fb87911f7d538b3fb1beb1b4389e8cc71a51c51627fb0a2f3d717f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc5f57c20a1c78422826e309b6ebc7ae

SHA1
14518951ad5e8965845c86b75c0b397f127a9a1a

SHA256
f3e504261976e71f990225628ba0ddb33aacb24e9a60e94adee158c136eb89d4

SHA512
5c23eef8fbf0a7b216251238f9dfdf38c57e449122d05cba75aba98e26818a65d8374fe92717f8c9d4584e87099767b1c8a6905b48ccac0c34ff58e6001afc61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
645b296c208f159265478e07208a0646

SHA1
b67ce3d7b0a765d81bd01a8063a28d223a39f7fd

SHA256
d6aff594829e29d0323f70eea8c34ad26dd66c93337a99307991264fc64f8592

SHA512
51c4ab6963f342739acad7d3f6278ce97e8a9fffe9b35271fea231954a9122615297186d1cb8894c78e0b4a3f50a6faab4c0e98aec04500cfbfad1aa0cf7fe43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b555f7cc7dd3a3ce33bb9cf00e7e3bb7

SHA1
9ccb998103b8dd09169ee88ec9a9f94798b2a6a2

SHA256
d151c61ffd6f8916a63e302869676d8de5933e3a2b336fa8f0311f9527d624e1

SHA512
8a0215af83cccc64f22f9a18bbcd71d6a826ca8bb8397d5e284e84066782865302be7e10dc580ab7d9d15aff83fe02088b4c15548b61f87baf6e7eeb6c6abbd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2d27fee491fb4072ea3e5de6de71ec9

SHA1
9231ab802b580174b6f907dde71f4f6f948f3291

SHA256
11b174e7ee1dbd7e9a4c29d30fd833c4b335bbda276d96b347e144d0464b696b

SHA512
6fb9f430293405ab63d4d148629f90da08944f62370d99e5866ef69910525cc3a98bc83eb9d30c13fa1ff9dc29c8090423d7c39571a21f71d6f3b7f13ed11ed0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81c6cd9101e11e7f94e869a4fb830315

SHA1
f98f0afec7b2a5dc41624961d2e8d1022968f6df

SHA256
d37d7579eb9b7fc44e0715a9c119f7ed5257423e60dbf5ebb486636d88d5e6e7

SHA512
51a167e808763bb66b0a147196c8a25522eadba6b41bc01838be03da78d1a7b8d9004a111ff7c2e333f5248f044b8de977fa1d8d368a512efe1915593ef20bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6ce6710b33c1c74e396f9f233251ad4

SHA1
bca2667f4806295ebcb6f8eff25a971480309d61

SHA256
0b46d939ec153b46352cbd27946f9b9ecf4fd62eba4114ff1887d3b3928860ff

SHA512
ad2e7d151bccd80055a8c4a775fd5d9c76dea535e06c15e997aff3502977f75d88c078c35dc3ef0bd3885b025fbc163cbb3083e2bbcbef8983cd2b6baa9ca5ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96a28a8d56f090d067fbdccf1dc95f7f

SHA1
2e44c64ef66fdbde2d4f929c03d0f5cca739bab0

SHA256
aecb6c0ce8303df338b935cc9c5025561b14034ce7e50d24ec580d2293438c5c

SHA512
005aacd6d12a216bfe88f6b37bfdd33fbde6579f7f04abf43bab04deab2e27b6e30e934b4654774b61971ba1d227a58856e179aaf73a362ccaf9259c890ae03f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abc200b178b9b68a4b098dce20601848

SHA1
f2c0dfdc568fefe48e6270f21e339b7dcc262dfb

SHA256
5ced7d4725fa6d59b08429a97da4a0aef7db47dc4033c52620eea2f84c98fce2

SHA512
72150ce64a7361ba8d39954cc7984e1e29007451a131d29a3fdc15804fbc13b782bc57d52bdcbab1abc46b8df0d9148f8004436cb232631d0f558cab475ddb15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6face5ccb88a0b6092845e72a8bf245d

SHA1
2fcc5679910604e5466c91c2af8487884843e23b

SHA256
ca448714442b4dca674c4c67648db0f78cbd443ea23a7cc59d33b456ca8efb96

SHA512
70ed8133624bac49a5bb6992945c34fcaeb93be18ff344262adb842d8d061749d23492ad499afd80d7b0d79ff31fb0b505443f8e2bc5f3ed083ec2083035ec93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7547fd3b2fcdc480406b51f7058589af

SHA1
df3306cca535d966e5e0f8c5a78297682310e58f

SHA256
4320220d1a332bf00db1a24b22f21da19bbd089658ae4c07a4b0d178f822971f

SHA512
543945854cc11b395255e3849a90e12e08d6f44e4dcf9468d6e497b44441ec851a25061786b0733a8fc3229adb2782ac0f56bf86bd4fb8fac200a87ecd97b429

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA778.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA906.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit