a91457de42982b9c65594c4eb84c528506f1aed3d3d17983094fbc38c935f77e

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

0ba5ecb97d0b7525d1ae5923269857a4
SHA1

6364f0232b05db81a61212a216b9c68c7906651b
SHA256

2efe8bdaac5baee28fa3a0bed0d3704b569b99a8ec4cd80bbca79531ebcaae2e
SHA512

6e3a1ff56db44a24b8230c2ec1bb5a19d87b14c240bfdae5448e90909f9ff72c220e1a34a3235b7672822365ca3768fb1eecff2622931599ebb52c8fc2072330
SSDEEP

3072:SQvJZGUpGRoiyfkMY+BES09JXAnyrZalI+YQ:SQj5nsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C2D7E01-28A0-11EF-9542-4A4F109F65B0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424347255"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2380	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2380	iexplore.exe
2380	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2252	2380	iexplore.exe	28
PID 2380 wrote to memory of 2252	2380	iexplore.exe	28
PID 2380 wrote to memory of 2252	2380	iexplore.exe	28
PID 2380 wrote to memory of 2252	2380	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
799faeabceafbef43a9ac8f261ed29ec

SHA1
4c842f9a51aca54c400ad395a8539812a9ae732e

SHA256
917158657eb2435551a834b46f6b40a3391d8eb5cd66009dd242bf5a4189f900

SHA512
d514580c225f3f76b7193f72c509b5f7502920503596a1dc4af738bffa89a5dfc0f69d622c7f4b22268f268f29a86f436e410264d544582a3a65b09b4b798eac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be68aa0613db677c5e043baceee27b2e

SHA1
6d3fb5ada1a2cbf8b80c1d58e05a9c20edbb2822

SHA256
26c45e149f83aeb92942e6111a1dad91f614a015b415c2854539008e092b5224

SHA512
893b98b2d46a385b9de08834ee272f588786ab3c8d449c8e2062059052b97ca6257f9f0f425e1049b861f0be12ed1e1e61f71eaf3ad04b981a963c3f2b12536d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63e8d903ea703da046ab52f6e816277e

SHA1
9073fd74fe37326232e42af16c7b1a8765a4d8a5

SHA256
12e5f66076bc379d46004198fcd6c9d277cffea6b53938876547d76f5b631e06

SHA512
285073f7eede5523840f8f92363f7416444143a094af6f7e2be3fcd978f83a9a5cde796e64d5a9861fa96f4cf84f8bd541e6bfff895e84278b64fe97c4b53950

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
034e4dbc8e5f77ac11ba4c9169b7b3ac

SHA1
5c9ba4aa36eb305a6f230c0d359b696f39b646b9

SHA256
543898a25164212185c57475659119ae7e7a8bae4cee7143c2fda6f13ac9b658

SHA512
8e5f5238dcb37e9db8479693c5e6067f436feb53cc5898015dc65bf4da58b09c341602bf73d0b76377dc87bab6c57315a29ba8e7748a8ab289c33de0a038ee64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92f7a73efb7ea432c479502a3548ca57

SHA1
6077b7b5d69ad087e00e670c987a19add0d63749

SHA256
772494a46d6f0904c6a10278a863a9af13b8ec1280b2fac97fd14643b2651852

SHA512
83b6be6a535d7c697cfbbaa731f433d4407d66a35e21907aff2d1cda49cd6dd44017551bf84b5b74acbbb86d49fd027a00619f3a04e5c11742c086390c6fd1fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b7ef2617a836c98850d1d2ba7a9f577

SHA1
bcd9be3534b825443db3d239f817ab9954287293

SHA256
49f7c9701d0a3372bd71235af9d8814030d935747f9eb8aefb8108de6a466084

SHA512
a29fd6beb8fcf8f5fce373117e75b3a2185987748a906884a1468c984844a3dbee2402eb8310e864162daff2933866e31475458f5202c73be42c61ebcf612972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5561dda8750f795b13fa4cc134e9f30e

SHA1
05577ba43d8a8ca5d5f352bc66e00f586b3e4bb1

SHA256
5ce023d136d3a8681ac34c4cb0440d7ba1862e03824def01022060e5323585ee

SHA512
001b8eec756ae6909bac7ecbc2b4a76816a8e54f00b0d44f67f737d77c547d74cb6a13ee2ec4420bd043f7c533ecde73468eeeadc7e3925ec5473860a58ab953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5cfe7285c4c4c83f349defd09ba2479

SHA1
11b70f03a56193a8d0db0b0e48ec800e9540eabf

SHA256
7eec97b83ce0301b41183a48deb6b2c401c2104939f37a203a2e8b45e35cce91

SHA512
1009c2a5183d02facf69c80852b109ac83e910a4a3728058e415a9c811ab6a44d7f176e63d7794f65e47a479198fb81d06e834303e66fdc0907bc8e069375492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a340cdaa5ad89adc4e9e15d4d330ef8

SHA1
c544206c9fdd9e862882102a13a866b9cc3944e3

SHA256
7e7f7fbb03d6fa0c8c2bbea22965fbb10a020343707da6d80e1ec7155f60ba8c

SHA512
833f02e6766e474b198513da96caeaa76de22ad9c1f07f6821dcb8edf6d5383e84c5638c101a5fb0fd3641cfc1d09573798b41ac136c3fb6d61670da145c480a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a93b8c15f0959d68665d6586a5aef10b

SHA1
6b02986a7770b817e03b68cfe243f88f797de40f

SHA256
cc45da6f3fbc7787a0ad5c3134205b50b39503c85f44c36f8aee4e260b301deb

SHA512
ef3a2390618497326ee67260285efdaeb06e49a310dc3ffcf53f84270ba28f27c3e05ac6a6ae10ae308dd3f3bece710a429eb7ad2de6d9fa29f7322537caec9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
671c6ff0adaaea523934e74275652510

SHA1
5c3a79790034e1b43083a150747f3d37789cb25e

SHA256
c68286b506d6fe3be512aa5c6b9da9689e98e76501a16455bbfc4d2ece98e576

SHA512
e10635d1f4b78087b6060ceed393d7bba59671fed4d60ac830081be9dd7027c8aaa5b2c05fb5b5d53c62dbecb3cf70bcfdab2480688cc05fe03a0acee4ab2851

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b3bde8cfb5348237cd96106052b318a

SHA1
2bc50b51cbb5faef6fe01584c23b9752dd0ff046

SHA256
e0e04b72f65423877d3f4a5592c81b1165aea8e972196762c0394c9a3350c041

SHA512
62c094e00e1fe5d8aba5f9ad2bb5fe296d44e8ba0cb5efdf8dcb33e1f4c7620efbe9b3e08328cb2208f9b1107a9a02f6f4ec316a4237766f8c1ada84aff629fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50eadc754071ae1dced580e373391492

SHA1
983eb62d3344f0f728bc7f3b03cca57956dd7727

SHA256
0580a5283f8428bc9fe9cc596317cc7c7dfd814488bcce0256be2064bdc831da

SHA512
1401c9dd7abec57b9c674d608b4e429a5318d887be099de665558c4bfd7b45c46b40a47425ebed32d40b302401ff1389c0995129d36d7b6848472504b5ffe075

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbd43c7d22c385559a69f937138b976b

SHA1
0b3c44a302c7bf05b2bcfc9f49054a71e692a622

SHA256
57d8c2d1dbeb881aad966f1e584e7c16938e9cfc9e9504e3c9d808932429e263

SHA512
ac5b84fefced36c3cc0b21fd6ed21289c6914599c1ee6cbd336ada0a05134ef773fa08d876654e910dddbc90ef9f82d635d5761a3f82e3c713c836ec71d5ae74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a2bfb8cd331c91d9bc7526207379374

SHA1
543c752bd4070bb78cc53eb3465dd1cc70098422

SHA256
4917e178fcb4b2745ac0a161c1040bd5aa47f71256ebc72b8c66f14515294a0a

SHA512
060cd3c84da90b8c11e31ab2a90736500818ded3c11f4afe886eb1ebb56bfcb69b337fc1a76cf54ff93740c53eb8e2f2c693165c3bd24847799575778af0f4a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c02b22de5e21f32de9413db7884b7105

SHA1
2047322ed3465d38f1534b202bfcebf273660044

SHA256
a7d4487305888abeaf0e2f4ba939ec0bad0b96e08526002cb41dc4a9ec9bd12c

SHA512
6eec689d8a5d0a4e02787ac3d1f0193a28c8bc90570d466333ef7403e1fea188540c48b86d59da543ccb53bd8eddb4176385fc408ec8f39b1369d3a605e236e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fd71ceae6dfbdacbb2047345187f073

SHA1
8297ac299577ad397039b2830f3ed0c585f5651c

SHA256
9cbf54baf0f06b527afab342704912779bd2b18f83935a3ee887afac11c84dc0

SHA512
488e5714a0d09adce7a9bdc0718b04bc9918beb7022c740f1a6e8d74e1f0e6e4d707cd17147f6fb2655b05602a15483bea4b92e9b759da8e7120aefe52b28f41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56fb34c9a737a10089ac9d2eba0b24cc

SHA1
c8029e304c6ab6ddbc22cd1870486f4143e27b1f

SHA256
8e74b1f03a741b36ed39a32e2e768fc5f3cb5c880bb90128d6e187980cc8413e

SHA512
1ab88f53148cb39c5350a47b8be5d07b7cbfe892e1c35b2add7d2ed9c2e89634021e1f09e537b6394c1ace144f8ca8560754a67f2804b0d105d823e86646e0d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35ed3ac8e525b0ad1f632dc6f88eaa88

SHA1
3821a4a31ddd155f8f7939db0f793208402e2708

SHA256
bdf34b910a526d4378450298372db39405e9259df6232af2459ef5ff3fea5b01

SHA512
e401a6d37b007834d2b25670acf0ebf93f93300aa65b45182595e8d30a51ce159c764da8a74772aede1ba62ceb0edee59444f53391d6db214871d61b8f0996e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab13C0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1493.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit