7c136c87ae10f2404b92f1e3aaab483220389e7f1319cdcec2dadfcb233a6a5f

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

a4e076e2d239bb74c8b448b1f305d7f7
SHA1

c2e04911c62b4c616102cb16f0d7ea58178889c4
SHA256

4bfbbae45281b310ab57a1d6b01acf8c840fcabe37eaf5ba9ee6992767ca2193
SHA512

c18d979cbe07d94e32c1f4a0fd860b90ebed6ef417e1e58718e37c08d7ff647a5b0a52584d01b2a6919460b4b2a9bb6c2f9a4f4b05a58661a68e8bcd33bc7ce8
SSDEEP

3072:S/jPZZax5k1VdtyfkMY+BES09JXAnyrZalI+YQ:S/jav6asMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424627423"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D618081-2B2C-11EF-878B-CAFA5A0A62FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1948	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1948	iexplore.exe
1948	iexplore.exe
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1960	1948	iexplore.exe	28
PID 1948 wrote to memory of 1960	1948	iexplore.exe	28
PID 1948 wrote to memory of 1960	1948	iexplore.exe	28
PID 1948 wrote to memory of 1960	1948	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ced51ab9cce8a5bedd3680917a8ee2fc

SHA1
89de5737aede5aeb4764f66fa13e69f25b12b28d

SHA256
114c7ba60cbfb4447950f497b64c504058701f8024d1eab3d2fdb1da5658f14a

SHA512
f771940ea25a7944947e40b9d0ef5b5b668aa30f347c0a5cc622e50b42553da60b434c310b412ed10ba38d1db4863787e4a9383258f362e8698d29254288fbf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abd743fb18088896b56f3cc663a64f23

SHA1
64c118eadf7d6504a30de399fbea136a7ee97abe

SHA256
459523a9535151317d1e711cf6eb9001dbf89d060ff2cf2e0a22bdcf3cdff99a

SHA512
3fa78a725e0eee4d5b3d8e95e5a1b616c993808d4d6ec5ed56554f662597a057acf4ad9539be35564b495f4fac68052ff09830a9813f863e7fba6e15bc24def9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
062ce03cea46539d3cb71cf00d48943d

SHA1
b3c1004573060f97983a5dcba7f046abadea7e47

SHA256
62f0f124d79ba654ad3d192046cab46c4367a23553a4be22cd7ac43cf5b0b4b6

SHA512
b39746e0814763ba083e5f9a31186b1635dd4b4b635d1d63cd021aff5fbeae5437463ed70c45bce1a0bd0c429b197021cd5ab9f1f80c9c4f826f6055899333f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67ca624d78a4490053f5007cfeb8f695

SHA1
4f3c30687313ebd7d81fe16c8b807ebdb8374ce7

SHA256
9694f4f43c45e8fbcff51439663420d8847d214ec8f235a549aadb94528b65c2

SHA512
cecd58352c855eb4228d7bafd55f909594085531a7c4466283fcdade4115e22ba5656b5a945981a8ea781ea18bb10e8973d61946fa8ab7a199cb348a5744038f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29221990eb1bcb7c0010422c5ebc4cfb

SHA1
bd38a93c5483ae0d1f4f829b5cfbd82885cdf726

SHA256
121760fc92492812909cd5a0428e79fa8e76eca9a662d5189858d3667972e371

SHA512
63e6ac91da5f9798b660cde022ed4eb03513c942bd165a79981e770225c75e0db238736628d12226acb6a71359ba4a02d36571b7693aaf82ef06eae66e72beb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98bb4a6e4784b36d3d244319464176a2

SHA1
9fb81e2319ed555fefd7d4702b1204cfbdc29e42

SHA256
732c0937373b2523bd08ec3cd41005fa9e968f6f4588beb41a1912888d00335e

SHA512
159b6136a751134ae65b33a68babbf823a31ddcb56adfb0e5b3b56b17dfec4d003106b76801ae90e32b4a4349b565cfd616ba101d18bcb97f8e6ea48b29fcf22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c6c2c1c9b0aab899b8439911be7ca94

SHA1
8799202a87f062d2cb2ec85d72e7906fe4a28f5e

SHA256
909c9c6ba0e8635933dfde0bacb79144fc22074fdfa7944663b4d1a4f446db2d

SHA512
0b5d4490ded3064e181de9ba92ea997d726104301bff35c688821b549e19469c5644b65c889a79b21367ed0503eadec58ee71cbb32707adda1d7421142f1765a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5cffd355359b239bb3af938ecdb12b1

SHA1
8e16ec012aa8e029ff919918638a7cfa235fe7ce

SHA256
b0dba5559e34a09eaa76ed5dad45d79921a666fa6a556a3ee575bb86ab1a1b52

SHA512
ec0313adfa6780acd4bf7911aaecee99260e6b30d9a593b6d1696a11863024bcae210330a5d43e3982f548cc746d1041d58eb2f61693aa71bbdd481e6b9bc57b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ea0cefa70ddc249a9ae68d9f135119c

SHA1
f7e91ea309689db350de3e9c20a8560b06957b88

SHA256
cd328f3a14e11d844faecaf17400c3f7aa32b33ade65ee9d270dcbaa6865e58e

SHA512
4a8d29b1a74a33c47d2b57b2e01eb88b3d35b9139c5eadfd8700bdc6d3dc4cb70fbd1f64a501dcb4fdb85d0c3c561485d9139aa05ad81120ec68b3c7fe8aa453

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2743c599f47e19eb8a625c37cd43f60d

SHA1
d1ab69b5b0d71097cd6e261be98ee10ccb71c950

SHA256
4e72cece160f7ec6867c3cce151544aa368b09955271d7c0947fa20e1523122f

SHA512
ba4fac29536f0709b2e08a1848bff1dde6b88e9dbdfd428c288c2e2bd07728348ae2c6a34b9b32458094e0fefd78c98babd89d46840b43b8c1cee64f968eda1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9dbcd3eb7fa303816cbf2431fd58239b

SHA1
6a334c4f81073829c7fce448b7d75bee0e05cef4

SHA256
133c3aef317e6a47cc32b7def53bebcdbfcde623d2b766355b19179a6e6d44ad

SHA512
2e6c85d36ea2f3c6edcaee5a924d39e3683199c23773f2b99ea222a6f043d04a0fbb5135893deef579faa5c308f2e57a999b311e274cdd62fdea87b131be3fa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f9e699d9347f5d98879e9ca5cd9e8e9

SHA1
735973809822a68e3bea363b20c275693d3dee60

SHA256
51e1c8f789ffcb033c76ba09ecf83e69a11b884c5300c5b42b4750b5d744352e

SHA512
6596f1fc0f64c7b2eb68ff05954947fa755cc3e3214a282b32ff67b2abfe3c000ad7fb796f23471001eb6b7af3d67f8232a73c7bbe91cfbad2064a685c70bdb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d9a4cfe26a01bcfc6708148b2031a1d

SHA1
a10ece3942ec3f8bb4a67e7d6d8dfd94fcdbff55

SHA256
c7bcb55c33da49a36494021bf0466f19a327a299266f15df679b97d9f187af31

SHA512
6b6f4a689774c0c7e6207bdd916a0f3e73fa0059e8e1d1b70ba818f869b66585938826cb412a0191c99b915d5874ffa1e562a7c1da690f60d51c94d13076e5b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5b18bb724914914bab53bc7bbb271fb

SHA1
f30650354d7de82c24fc8fd50242207f85dd9850

SHA256
20fc69c9c98ae95461f6c211ceae6b94451fe009eec613b2287f28b6f27fb002

SHA512
db62a1c828df94835c4574624846277664a66b8ceab4b6dddcc7b50dfec590a71f8c42dab4a0e5a24a761fa07d68e3f9461d06f7cfdc5b375744f4f04d6b2aa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2dc15d5cf7c61bd6fa56fad901b43570

SHA1
c075673e7b74cf036baf858a51ca61814b3ddc5b

SHA256
bef4805e6afcde5632e1f94a5ae49d84ac3f782852befb78835bef5982b7648c

SHA512
c1c76543fa7ed84332fe440ce1f62ef262aedf13b40fc7b71790929448437a23afa1d5b176a3a8e32ead602bec778efb2cb8911738932fc6ad8713b7aab6eca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
128996cf6d43c93b9f4695741e3b4cd4

SHA1
637933ad9dc4b36651661829375be9073270fdb4

SHA256
7e71145ec15d0d49b2f6629c5119c112e42a83be61624165a2d98ccc78a106fb

SHA512
aede85c0737c26dcab0d25d033858c16ab0698f24803e60a62f15edfe943d1495ae78e9ef04b78bf71cb5002efd7752a74f7028e5661946ccd76e0f3c880f891

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84699c0c66bc6e8d28c02c86e5c086f5

SHA1
24b67f1f6e89598bdddb5c933f6d1f0c5d444f50

SHA256
2245cbddd341554867e79e1cca0a11347395c879b4b78b8cb4ed88ecc8047af1

SHA512
3b9750f4e540ccd33291346d0216c872caf199ec56d8bed7536a9537187d9cee7fedc66c8f584968b7466418ee0f421e13949f3be87a2d44bbc1990a7a311cdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
551eb1cae16ca5d129dff9da803317ee

SHA1
eef45b40f374b13796cd4ba6c87f5bc3f11c2140

SHA256
e70e6aea1ddce28bcc7cbf075a16f3cf192970b2b1bf80b4010cf7fbd12ddf9f

SHA512
4b7783467a8d256bbb5fa84c71ed195a0a19256b0b6a59eb3b336120f47a1d52d0db1cbcd7ab5ba350df16f96d3534298f53409d9c9c3ae8e05ec324fd335a20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f83c5afc5ca8a46b8f05143aeab3e33b

SHA1
616c6b7b8956f38820c5959ba02f771277fc9c3b

SHA256
0e96aa95396c00734e32bb267fe37742cb2b45abb25bb781a44354c10832b6c3

SHA512
1473e4fc841f5d1eb17026362b92191c4c436a54070cb3471dbb5b154aa4f3d2ac4a45423b345af786795009f36d2f7562b9caddba82f65cfe1731f00e256622

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab278F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab285C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2890.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit