f3b846ba73b01bfb2e626621b08cc712c7e5e40335d33c40522563f43f2b7df1

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

885043a90cc1114b937e41ee68478226
SHA1

d7e7cc067292f96cb10edc735cc0fa6e342295c9
SHA256

40e343e41e40ba1f1b4c60e6e2bb8b902867bd96548a486930ff7029ae433bfe
SHA512

74f073fa5e46c4d30f2b2341cd2328bd4bc4c35a3aaa8ea99c9919e980e21d319129f8620064748601e43989ad43ad988caf910c9a35772e16360554cefaa8e8
SSDEEP

3072:SGy4jRcHGS5tyfkMY+BES09JXAnyrZalI+YQ:SG1054sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424567032"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E17756E1-2A9F-11EF-9FEE-EA42E82B8F01} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2856	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2856	iexplore.exe
2856	iexplore.exe
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2740	2856	iexplore.exe	28
PID 2856 wrote to memory of 2740	2856	iexplore.exe	28
PID 2856 wrote to memory of 2740	2856	iexplore.exe	28
PID 2856 wrote to memory of 2740	2856	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bafe914505f974dfa072b78743a3af95

SHA1
a6f98e227e6b917a0ea8ef06962f760609f984ab

SHA256
992feaa37a27e687f577b44987839d325612dd4a26ba94d13612df66870e150a

SHA512
b4174717171912e0e196e7b5da7a0770792d31b5c8195390a3d3a1ca95b3d718d2cb5514788fdd80168b3ff93897e0f5f9d5c880c861ac8d4c4e526ecbd54382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfa80903a65a85ba38e8cc4436086fcc

SHA1
cacd0f8b5c5f0ca8e956c9a84bb92e9ed61a34ca

SHA256
ba1d036085ce85560d7c1673a4f0fb2218b4a8ab970e93b0710fc4db516aeee5

SHA512
a3526fcd6601d6fe7e073279c83dfd7bc9bb86b56c494d2cea60c1d3cde0893f3949e81e6736951e2d7c8ea642f6bdca06c61e10311ad5c0c4fe507d3bed4333

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e18173507a2125b038b96366ab8b5d70

SHA1
cdb50d9bbe7e17cf33d5a8ac50965959b0e87d76

SHA256
0a5e2f8f229cfd8be38702b573079257d2aa4b763cc661fd0726bec2e8058083

SHA512
8f3f41f09051be7a1db42a8d59155f89411c21a343785e6770be8513dd308dd5479837adda55d16c6e1e55cdc549a9f9c32ff9557d1b052a62d1422d46a44367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa06f180b7c3d934defe8b8e7ddf0f8c

SHA1
fa8967fa8ce3fcd7364273ec88e80ee59601f137

SHA256
cfbc578d616f6ee8c55d6b5a14cdc0358c9396f43952190c718c9d53cbd9583b

SHA512
2d3f1af31b2516ff99bed937143218487ee087caaee7189ef53e87ba924de46c88f8aaaaee07912659bda218aa28b837fcbd2fa36477e2fc7f68f0761a64d5dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f09831f59f85d04995fbde43ff6c290

SHA1
422a3170e99fe6841c43e9c08d360fe474c1c62a

SHA256
0bd0033ad0bbbd12507b20c12835fc8cae4dff48d60a3eb3ccc41ff018defde5

SHA512
a2baa8cd89132dffe295d9aa820df973cbc4594ad086985065907383e86a0ebc7c360fa119a8b062bbde06c5cfde116491087f9d799dc1a310d71a9118b4c695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fcc774a98764db7a54315b6f761d0e7

SHA1
c587a674905ef24f313bfa9544f7ec91381e145c

SHA256
fba63b4358348a58af8ff71318418810694fbf83eef40dd71ab36e9c9c454e0e

SHA512
89b07f4f39436f12562b5adf16e70844f11c25e32070f5b4bdfb29cc510131e4f23aee58e2ebd1fb796b7752ae6cb4166b4ef4f29cde2ba73c477ef516be658a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9829dc3dd904e3f95709f57c5b2c853a

SHA1
b7548581c2236eb07f7138a4292d9754cb9c2d2d

SHA256
b0df9f9775fb094d15a2fb57e43959f0002b18059d51dc882b6e1e9d23cb80b8

SHA512
b2a32ecf18868b0056df80e55b872b4858c0ceae09316a8ddeefcb7d66563e8e3ad3ecc5e8c2719e16f101f312a2ecc4e8ceed673d67b01d09260f4c8caf4555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4d41a85ec13137c27e5185bcb570d6c

SHA1
4d5e8f2f6089af2b86d407353ad6278efd93f054

SHA256
e59b14f4043b4e0a939e1409c2d5ed661506ceae5d3429d5ed76bf1ba9798a68

SHA512
70ed44cb7f2206e6ff2b862ca6c844ec05e5a818bc68df3dda3192a46ae29f66dfd713067d1d95460162e1b8d71a7f2ab2a5ae075f01c98216f59a9a59eb2465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f06bd41a5880b0e94d9fba1c82611821

SHA1
0dbc35ec4d77fa93a258bb370fc752014e7bb4d2

SHA256
38977b608377ad09e0d59b945c849569fe58e241988ea5aa1eb88fe564358bb9

SHA512
a9044b152fbf954f27aca315e0a391b4e3203f1155f5d22b8163e66f9933b71b5e8e5b15df2205d8234aa08eda14e342fd02eedfe886a318d1b55e834b097556

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
194ca854e3f16db137f27fd1d6cfd919

SHA1
8f211985aa99290c500f591fb70491f16c0cd6e1

SHA256
96a89758779401996e691621460731960cd751fed1b567beefe256439a5eab5e

SHA512
d2bb8106f7435124407a7696528f4e1d9d27ea1c10a1b8f343ba077e211e461497df8bf5b705ead4bc26ccc9f71be422974b55c4fbe1a42d283757d34f57e300

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
273cdd71edc7b173a5c328728cbd9427

SHA1
f8b558b03e5c3a76a85714c7e527bc0411387fb5

SHA256
0d2da9ae160b29b72c098ebd22f149794d0e88fc8038e7a8ae6a5ce81e2ebbbc

SHA512
14ebdc6bffdd80be02c10fd7ad162598cd7e43d2fe435135ee45a918bf02d8ec67e49b13eb0c6aee8d06194920294c78c807366a68712fbb62491457636360da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27ab3a940b46afd1a56fe44ed8ace7a3

SHA1
51566b1038dadf39060b420797672cab69a3124f

SHA256
bd4624ccbd9d1bcd52201c2c2c7802a4aedd0692685be2830d7eababd56b057c

SHA512
1135c84aed5a7a50b057dd117ac416fb7f953f8344a97ad2590500832752ee83836826c519f19fb568ad2f5b42be8e230efc59a76becd97bc60fc0da6a74d211

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3801c3eb866631ddcf50da1c81b26f77

SHA1
96b0b8a1f254319ac01bb53467a8bf5044e8db3f

SHA256
d7241a118d1519e5eecea188bcf311d3b9d374e925da63ab3757221f54542b2b

SHA512
c398fcd66c5d01876878a492510596669e81a04c24662999090b034c14136e0c099254f675584587d90c058aabf65fc9c1a8988066dac10c244205d9e98fa541

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d11f79a4189cf8503cee3b451bcf9c6

SHA1
568644bfe8a9ba63031e79305fde7caf044c07e7

SHA256
16068f67813b0268174e5a04a6ab72c1e6cf020ab3cc07cfb38265da8e809979

SHA512
5ee689de9044e0081b4aea412291bbdc4ccc1a1b7624aec83658a410cad49bfafcadc35aeb1eb96340cccca1fb4e65e9e1c69fe82d58d5c7064d0d6ab7676d30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a36597ee23453f3e8834ec1b3ec9a30

SHA1
36b5785ced6501c82821462e6f31a63b3a3aa51a

SHA256
bd340357275f257f619a3e59cb321542599a8c1e47d07466151a40d5f546ef96

SHA512
8d5b3303299fbc1e8d40abb36b93a9987395bb84c2dbee3927e4a77cde06e7e11e7d0ecbdb8d6f26562fa5c65d383b0a569267b49f1435845ea9286678bcf0b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae139631e8aa81cab8aea924cb7df34a

SHA1
272336070d45032114006bdebc9de44766d23536

SHA256
a840ba4403717dac25e73ed56626a5734890d1c3d96dd97c08777316dd29f3d4

SHA512
04f72781ef2b27e808633568a84fa72e05bdba2459b0e67425ecbcc81420d1d3e8f85c10de8c1d5b2a2d874b2f3b7bf40f921b0d013d1e6aef6f7a6c4eb76a39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a761e783ad025ac402f2148c23dab262

SHA1
fd319d36ba0850d50ddfc9ca0c879edc612f2f51

SHA256
8c87dd8d312dce6d467013674851b19062848a507423a53edc8166c8eacd874e

SHA512
8c7459151dba501f84384545c8e2c0796512d963c9d2bf7e1505baccdd9ae41abaf83bd940bfd9ed690254eff1f8c1f54b4c29de07de41f3b1cf2cf1927d55a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c6af21a046ae4d3a3190846db677c7f

SHA1
814e087f2e1a0549dc20341dbafbb618bb221139

SHA256
9fb4d873771d3e563a5a80c48db53d734f870b715dba7523f31bc3959a61b7b8

SHA512
86222281ffeafaec0eced2d254871ac36ea841261133a310e68b969dc5cfc0d95272067df1b2aefbe8eb58e98084b53ff769ac45fe8143836c3e19a51152d626

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab13B2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1493.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit