8473f43aa0957d51d1fa33ea14b2db7550ae5a2a03ff21588ec2b2f0b2308535

Analysis

max time kernel
139s
max time network
143s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

2e1b43d6317b90ff9d66c596891d3def
SHA1

83484f5f14163936ffa5fe1cca5c676b9ff9ca74
SHA256

f3a45deb1f06f3a3e9c4640399cdd0b1e699e7f440eab73eed7a3f1e66e02467
SHA512

48047cdaa9d7c45b3572268d02d1cc8bf6b0ef9e08d0e85e9c18e3dc3c3d10b0738ab50e20f74ac4a61858a0dd276553e1393a6d37f89bc62b3f3821a768caed
SSDEEP

3072:SeEEOtHgB8KyfkMY+BES09JXAnyrZalI+YQ:SegnvsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{841970C1-2B29-11EF-AB87-5E4DB530A215} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424626148"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2980	iexplore.exe
2980	iexplore.exe
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2960	2980	iexplore.exe	28
PID 2980 wrote to memory of 2960	2980	iexplore.exe	28
PID 2980 wrote to memory of 2960	2980	iexplore.exe	28
PID 2980 wrote to memory of 2960	2980	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2538f6d98dfdb81e74c316f9c2174fa5

SHA1
f603df31aa62ddd99e98e0df3e31aa0df6348baf

SHA256
55c59f8bb36f920e9dec6c0038c971df7a521aef292e3ed9e705d09be397d8f5

SHA512
63af9a832e1221838f2429632036ce44f01b113b67aa44936d9c0c75594303c9d70d7c8f2ba87914f073b2a365735dfd96d8541fc17298e49a1b9cbf4b26a34d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1754fd655c05caf65713e4bb04733043

SHA1
a65c733ae65aceb95aa21b15e9792023bbd32fea

SHA256
42a1959611dfad90f1d259da2b35674c1c85d58e61fe71cb3da209d896af8ee9

SHA512
0ccf286fe7af351e2bc2cb4695dca83a7b8fcba4ae623274b6d39df1e310c15045db849bbe7bc4447f27891907e33ab6ba0f8e0bbad14f2daabe53a36d815e17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
527587d97f7bae28119777ae7f1531e0

SHA1
3961ec727389662b7b2131211e410dbef689f511

SHA256
ac5394daeb0572178e9963c09415442f5ee06b71f5521b2c5ac8dec8da62a23d

SHA512
beb888ef12906100827eb351f14430c305f2b1a7507bc2d5f7dfcf3cf4d097d44149a0cacf05fa0525881103f4d76bb85847353283b8e711d527d4caf8772578

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8c5aaee7de3d4ac15b4d9d163015ccf

SHA1
3674018c526e06b842cf101122933b7f110d9dcd

SHA256
83e565346411d2a272b11ae3ad63d581606d243f67eba7e519580be7897dcd1d

SHA512
5c076a99da7a3bd30621c36ce33ec7ff46b809c4d8ffb8122e735c98898579af69e13d7d2cb431991aa2468c133d18fe6ad90fe04d4b04598bb23752c9e9da5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdcc4fa03e9e252e7772b67896224ae1

SHA1
b8ba2772a4f3151ea2fec140f5db6281522044fd

SHA256
ffe5b1d5fe72a08f119d9d6ec14c365bc54b20862c994bfbd920b2e784ef5245

SHA512
53cf7b6898bbd80af5cf7ab7d79b5e0fc5143ac32321667680119414e7782e070b8cdb07c568c081939d07077cd228e11cdc314aba73f8b19d46c1bfa1b2d8ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d3383a65549dbd465219beb9e7b3b91

SHA1
7fc143ffdfb6fa4cfef2a67a8c7ca8fe8144a5c7

SHA256
c5eeac9d8484cf077ef74d68d93bfc6657e006afc64a0cc35ca06e1f8a23c42b

SHA512
67ca035ed012dbc5675322d53622a2cec10bd6bb9ecf89958f21a95028dd26cf99a67b1fdc55bcc7b31ec43cff0ad5ce044315282b78decd146f9bf785dc68b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a427d3e95f5ad41187ea920bc1c3f348

SHA1
2838809236096b95d9ddf1c6e3cd6bab0ae0ba7b

SHA256
4ee33939b1ae1cb9e58c4a3beea86dd4d6d3ff10bf90aa3f3f755a8af7736d6a

SHA512
1efb1d5a6e8c449ac44dc6b3e90f525e7973ee2251fe68365c5873bd6fb4d3b96e7ae98abef0bae6277a816dd18aaffa193d341cf7ab6673008d1161efcd407a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbb725c164c8f15a9867c7f0cc975dcc

SHA1
67d68ee003b1ba32ef2eb47d8991605f7230e472

SHA256
d31cfb2b1b8d791ab6e6541a0b779ed5b6499e35d77dcbc4e278cd06bffac2c1

SHA512
44aae5d493cb6a6a8d4ca7aba8ab9977ca6ea753b58d6a60677928a567af0e763973834958a975e876a479ac6f4fcfed1dc6367e4a4e902631f8bdf9a992d185

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16743337ac3b51d6cedf837cb1866b14

SHA1
4ca5efff7ad57fb2dd79307c478d0ba987b951c2

SHA256
64140b784c73f7b948559394f6c64c1598c63212145c24bf5496c0e406f3dfac

SHA512
c9416832942c62b2fe8d93b09c69d03743b9917e07ff65de7f352571e7ab1b05360a55a6bfe4701f85ffda97f922b1b44ef5a48e616995e37b5556abe40fa26e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c04be952de27e1dc8755f43c374a0707

SHA1
eb59861acdb73107858058c222568b0b239de3a4

SHA256
9f1ddc01fb2374ef47f457a3645fcc141f54231dacc151b698a58ba24ccf1769

SHA512
a08e3bb7a4693898b793d941b0c6fe69ed8a4bea1ed9ee7237ba3dd77bcbc72c1e16699ac8ab328eb8c3540daf475f4691089779cab58428f5f298f4e5f5fe1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82439e2d31dbadbfcb187fac89fb1afc

SHA1
dae9241dafa12490c21a6ad3dfed61c5ebc8a657

SHA256
5ec42af39448df6ddc61d51e2017bc9baf9e57c626ecb4a2e627b9cf2c31471e

SHA512
ecf7c9772ee732ec9a4b9307b4ab609cb006f55011529d59a4e7e3280eff9b88f33daa4d4e83a85c6ecfa2a8d67442946a922f722a8ea1a203fcaf08c2c75684

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5af5fea349adc14f1efcb9fdccc3cc2c

SHA1
ea4bffc56ec61f6b269cb0f0017b171bf4ebee33

SHA256
94c7cfefb0e10012e5b1f55514eed86dc810345570a3461714c291195b85ee23

SHA512
25e3201e6c7dc499a5844c0392b0d483bc9199bdc1c3ae946d767226a577eef7cb8a312394df797dd38cbff1b78951a45c955802b228ceaf65c30c845244d9f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68f1d66a901e81eb10c902c6868cdb95

SHA1
27f54070357182c5334074f5ea307393344ec85b

SHA256
9d6e1ad0f2d94703f9e9ea4079c7862a53f1e3ef4387c70e7294f82d93701612

SHA512
0df22d5290f11f6ae6a73ca9d694c7d4a1d759dd6ac065cf4b8a5249c745e0de76afb5980b6e056ce4b19043bf7767fe2b2805eb7843016e31db4bec59f5fbf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71b684aeafd93be14093247ba8588741

SHA1
731857aee1a41339c3dd702fb569fb574ba5d844

SHA256
c4a0cfd19c68019f2ab332e2294473fc2a9d2fffc060a79d2049c3de06f78830

SHA512
7c34f8b82feeb027b7b1dab7bb89b50d48fba123eb5609f5fa46781975b8e4b1064aab76adfa42b36daf14ab184bd30255b0c54b51d8b3b6820a0ef2b2e9829e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfa278ab13d7a2a5dc69b607a629b6ec

SHA1
4786e35f38ffe7d8f4d63c3d2844a471d141fd9c

SHA256
7ad8a008663d9b524c04ffff20a358a87a33c23af9b267b6987721b779aeda35

SHA512
8abeb9b4557d2eadb1cfe421c4d06db5ababa5ada71fcc88b322dcb6e323d921c0ca35cd301c903795261767d14aa942bf073af4427e498aa56971b7607d71f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
010434f26b7c93e7b81924f20d124db7

SHA1
82d96c3227f01d747cc669c64e36fd07ed9a02c3

SHA256
1a479c86bc80c71abd839ccabeb92e7e6e3b0dde7b6fab327c179438bbd5ad3f

SHA512
8e5bc86995c1903368c654dab3d487a42580f2d01c017f0ca3d84ca3bb238898d4f9fae2a8105235487421d2acda8e9c477b8d57bcfe6dcd9ae6d4a18f36dba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9efed5a63d88d0fbecc2b46a40859ab

SHA1
1e6af43224bc47ef32e9a00b3b7c57c29b36224a

SHA256
eedf31359a8a04511f9e6642f1fb6b4af7d11a48a9740dbad1aecd3313d6c6e8

SHA512
449213b9eed9264ce4fb25194db19a3b80d553835ca24537d25fb3eb2c84bcf3e0f85944c2a2cdf47cf06ef89a80460e49e5539172f13648717f61f8c824cfb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d806a85b460cbaa42074844afcb89258

SHA1
fd01ac78a5d4e7506c5054309182e9e260f0b02f

SHA256
707f280d05c5e72c28b3ab0cf9736983fcf15c616d7688706ae9442524944469

SHA512
b8a0cd37bed97600cc61b4c31a6202464e83f599632efd661eea266a578b61d637ba4272063c9a0851f206a67b2290981c8f09c6feee70cbe24095a9b3f81792

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5995.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5AB3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit