3cb7c4eb14eeda4d7706653c28613d66dc370809d52f3524b73fe35f5cd12926

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

221KB
MD5

8fc0e7fbb78b7a753e3771e86ddf0887
SHA1

383d05e4470d144a7245a927629477b77d767be7
SHA256

dc49b989cfda26adc9c545273d2fc3484c4a75529395eb6b9018bf0edd6538da
SHA512

b5ad517320b6058f73f36fead856597d3c906d6657a2d4c53c00c6f3672180ba21adc6c0e88bf7e7ccb68636d85a678953bf882c79bb4d43df47cccabcbeee40
SSDEEP

3072:SGti9sgWf5hYyfkMY+BES09JXAnyrZalI+YQ:SGrdnsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424531552"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{45CBA0E1-2A4D-11EF-90EB-D671A15513D2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2344	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2344	iexplore.exe
2344	iexplore.exe
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2256	2344	iexplore.exe	28
PID 2344 wrote to memory of 2256	2344	iexplore.exe	28
PID 2344 wrote to memory of 2256	2344	iexplore.exe	28
PID 2344 wrote to memory of 2256	2344	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd42239d41bfb563fe01badefaedce76

SHA1
7b54a9f33d32d2e03b0772a018313dab002432e6

SHA256
ca8535817e001d55baacd1165b57a48349eec79189c9712d7458c5693e40dfb8

SHA512
5577fb180bb903332f2dd31d8d385510636f835869fd40dc44303dd628045a2f54dd1e1a139ffe9ed1273b7e6608f83498b22c51a2136843c79b05191d1b7c7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4694680df0d7d8518c63be1d5d239e38

SHA1
47d854263d6f4daec77261df16ee3bfb14d26e37

SHA256
c80a4fa889e89677968224589c1ceee9625733e97feecc70496bbee0d474c7dc

SHA512
0ab6534dde6a343c827b9b442b7dd61719bce17c6f7880675fe2d427a1ebb3adbf829b246aef65856ea1b4a1401be562a5abe4bd21b4a67c6a962822779e9725

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
748ac7c3a28134edf20ea951b361cf89

SHA1
14482e4baba451ab8f8020692a78aca5ae48f9ca

SHA256
49c13150dedfd5ff1a4eb8948c918c88ab25717a1e6f267e0f3599a892c583ad

SHA512
199425fc304d31523a35c117e949da862d8f75b2ffd2619a116332e75782db50a4a4f6e93838c93fee9b4cee0c3771c28d14fbc66478cbcb092c711329f2d0ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7844e70e02904b49d1d791538c79771

SHA1
a6f7a2bfd50e516edb6001359b2411adcfa8573c

SHA256
07aedda8a5ce9601f1096e069ff784e84b3a9867e8d5bafdaec7374280a7e895

SHA512
23ef834789d1971887a1451bff308cb766c5210ccf9ab3b85fb9c599761269482e02c1117eded1b941fdb181e4f7b4ba602834dacf2d41a73300b67ae228938c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d029f6d27a2f86939db1f527a2450af6

SHA1
18e92d0d25dad965fcf2b9126bab033a1d77f9be

SHA256
8604af6742e12b41f2b2fcf04eb88c9c1f40fb0018406dfbaca625e8b7f63291

SHA512
d7e79d1fc84d240462aa1c5df5456af530cfb845de74c72a10d6d6c10fd6344b24e1b076757b63febca6efbd482eacb9d46e5b30c804683d4c79fec3047548f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfa7b803c68562f3e65adc3fe1d83505

SHA1
ba2a9eb627412c5e11994a31dac9bf35c583b37d

SHA256
509a40787671c255b43393f069d86907b40a03627a0dd887bf031dbeea298522

SHA512
b81c35045da77830c7c94de5e649e4d94a5b81213a87e9e6341ab0218ff743d7f01ef4513e0f5e969511bdf7a39b26cb1599196ef4c2981b40e49066dcdb3287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
989230ad08759cce4e2000d37c30fa74

SHA1
9ae23d236fa17d9e269406c21bbff7387d67acee

SHA256
147cc9ab3082979502023de18140cd7c3d4a75028868ddd081ef5f9d286cd17d

SHA512
1aa10512efe8d46f7a64f9010909f85bc7c4df90b7c0e57744f0b72157512927130298da2093aad042d66a40868904b220cee9dc27021efa18a3f9654da1725a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bc212e6fc3739ca0813b8e8156e1703

SHA1
a6d57bc52fb82763fded430d092e7fae5b1e5066

SHA256
44653aaa2904de552141541f9c6f5c1a86f8ecb1ac06179b0e46e05f06f1eb30

SHA512
c4a9f4e6dd5f8a9ab8ea4c5bfe0df9561f22c42645f6f15cf1c0cf8fcbd5208daa0abfffa42f92a4c99f29fa635839835a79ce3231f150d3fc69bc40bd410fdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a780837d6ac5ad29ddf5a7364516e59

SHA1
b74c19bad2c38e1eade2c4bfe38b62b0b4b465ae

SHA256
6579621c59e25493d108ea5c4d3dc1e5fb0e04f8040405551cb2d652ac87e743

SHA512
c33bb4e2d63d6c81db750e4bfb462db11d198c85e96122a27c7a162efe1e9a011a07450c335e6c1c75ec2c035671ea1204696909cf13ac7448e04dcd1422891c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14556a2af9f2fadd926390bab3e37e75

SHA1
6ba96fe946aa6df756f3f02c638ca4a863948919

SHA256
ddf4f88a516e14593dc928316cb6e715a18a37f76a4ce2b8bbb145ff12dd4657

SHA512
b9c57cbe987019db527d61db6f1ac752ce6d8f60a1b50c0abad6f3b5c107ee56c71f9b0d7f963c8969fc07386ffa67d02400bfcca2a1d7b6ebe2c8cbba21927e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51110c40d9f1ea95c2e863fdda3dd2f7

SHA1
51509bc739abd99c296374ce7e079df408fd7c24

SHA256
6a8404cdbbfbb4a9f26d01f302f165db3117b8d0164ebcf9ec32d5c5719ccfeb

SHA512
a64f127ee198e1af37192a29787e34cf2d620b47f147dc3869054c8fd5a83c33a4532df1999127f380206cec508dfa9b29a6ab0f29a28df4a92cd3f31c97eabe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
723a0b8f08071e225c6e34a1c1e55f75

SHA1
33263d4b5db7e8846e21305cec093bb8ac2a0285

SHA256
306b70289f9e95e8c05ab09f4b4d57894dded172b300b91f522c49510070e781

SHA512
75c34d4886d591ef5ee66d9e207b3c87377d55152a27ea35a291a0a09e495968af8b954dd0f8152d11c5bc3d30b255b72471959961820180274b7b46a2bd14c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d91c753ca2a9354a5b6f01f407e4f0a

SHA1
da12013f6d7997e37175e81012f1d3b46d6cee57

SHA256
4fedd9641e5952d1eaba6b8c252490439845c3ff63fc79c1f77a59f55986e8e2

SHA512
b1ae0988724074e6fee9e1ded5e185f7a96b5b33430d760eb60d7e30c7ea19bc7cc79caa197e431e85cc8243170df6e71e9957f6beb1315debbb4125c9760c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0fb6af21d6a5ba0959b3ce5a795c944

SHA1
83c25f2d840237efac8a8ec6a42db6121a5a42a4

SHA256
4330e379e71a9433106d6a6b6282b2ac7449287dba9a1bfa0be7503fc4342e32

SHA512
5466f2976f550a7c2599ee18ae8c07507950542a6eccbeb6c2ae6851834da5f825cca688290b41da55dac304754dd499ef36c2c4640390ce9a6db85f53780438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11f57a022777ea475caf0533936859a0

SHA1
13e12089e89d1f73fc257a741517b74c1c575ba9

SHA256
9fff13884a1a1d6f3e24cae3a4c945e49f1dceb006ff41708af4723915dea09f

SHA512
4d929edff29febd9406015dd697a0379b49fa235a63666c3d6325c0cd34a94d6944e856cb305d773e7d5534accc2a862f907ab7c3a99a223bb581a565f6931b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c60cfca428269bd3dd3bca317430272d

SHA1
4fad4502ace69ccf12f475139c10a91eb430f17f

SHA256
98c48c51d8b4ce6676e225436221ba3e7d3998910c9ba926d2df2022c89d542a

SHA512
aa8ebf1e25d0c2caa93e4834fcdccab06b4a67f854efba436be010d8e40b7fbc6fcac089db22dfc0d6b27bfb9f34c8241fcdb915c00d80b65abb19ce8ca7c2c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbee022cd813412ac7ed6b510f449d45

SHA1
29fce4651f8edd01251930ba2b953e106456c604

SHA256
f90cc491b06f207f247541c563de1c7d1b73af23c7ce1b5cfb053ae9601a5a0c

SHA512
402fdb602e8b0fee0f129d51761a5b40ee8d3535d1186a5706f163835129a8d95b50c641e942e72322f15455c6a9969637a0a9a1bfd4322fc0ea1c469d6c88ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9dc1314eef1552353c3981f6b05a4652

SHA1
58364291dcb167455bf4ebfc6291d95fd70eaa76

SHA256
288320b42344bc50ef784db34e936afd4723231825e3d5a7546895d3a625d646

SHA512
89558186aec97079617495fa041b0a6cb08b8d13ff048a1ef0479f9ed5bac87b4084c1208f852f0b64946e6c93f6b100b2446ba939d1131d1f078f6bff5b4591

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc209151caac6e88bfe9b4e5550e95f2

SHA1
85a71cd15d6e4a8c70943abeb1defc49dcdc9730

SHA256
add869be386085b2bab9c4dc2d747647df501211d921f678ae5c27366a9d61ea

SHA512
c4f45cf9684687a39d5c2e9c1622219d7b9422ca0af77625262f04737b20896fef9bb339a729244f4aac4b75657e08df4cba670ffa10dd2afe527c7d29f91c80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1067.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar110A.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit