e1c3c11d08430b1c3c5fc9315fda05ab32cb35d3052804b094979dca02280360

Analysis

max time kernel
141s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-06-2024 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

d19f89692322e534792684a0c820325e
SHA1

dbca7d9a618446f70de3c15edb6eca55c7b25a6d
SHA256

6ae32fbff12951c57b0e29193fe8c7285f96fe979451196004cd9bac90280984
SHA512

954561ac181b03eea9aedd2e455e11db98715cbe7ca3a9a83317176e4b44b3730f105bb88182521dbf8ccb9f5fdb435627cba7a8cef56cd89aad2b9d0c20b76a
SSDEEP

3072:S3EXVsN6JTic3/zOF6Nvgf5pNbc06egj4l2oWks7BGjhSBrO1SkfEcSI0qvGp9EG:SmisDJsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424741679"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{833F5261-2C36-11EF-9966-EA483E0BCDAF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2528	2156	iexplore.exe	28
PID 2156 wrote to memory of 2528	2156	iexplore.exe	28
PID 2156 wrote to memory of 2528	2156	iexplore.exe	28
PID 2156 wrote to memory of 2528	2156	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
759d9c256017b017d2c849e6d14f1419

SHA1
48e37fa2068e0e95d326602eb9c8accbaf65a178

SHA256
463d3a7a0758cdd58db47f1aa09dee71485618756b91fa4ae96c878ec694080f

SHA512
5d20c39cba5a6ca63930ab62c1864b389370ce0481ea19b8b234e9e7769527e9c0f86c705252f7c506436fcdb6bf66788248b05bbf2eaf78098334d264d3bc65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30f940fbdfc5bad3b51d96a477c7da21

SHA1
731852e792b6615b7562b4e1ecd7c2b120e61d7d

SHA256
e2223fd8d5cea60016e15d6ea2fc9b40662ad4260d5612be8a24f8731b2c1443

SHA512
2140a8168899413da814d14cdf24ba9a4cd40a30b2ca3b4e8f42fbe79533320d46e2f3f8149f9fe72ef0775b90f4646362adb7542e3fd6d230789f69bed3cc2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9bac53c2c0780573b4dc0868b011ca1

SHA1
e263b379771ebb5c488190de1c329d3d124aa14b

SHA256
212a428671a75b93ff658ec7cc21d15b494834de8f951df701ca7a24c99c63e6

SHA512
bd4d23b0b9bf1ddedb99988a4fe9a3a8958240aa2d846bc625fca27a64305f6425de2156cd9596c6a9d3ad02964c84b549a23b05a98b861fb1bfda452d9770d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b3f1c6373235a7c86ff5b0dee324f29

SHA1
6ff8383ee8d16d5dcc806bda8a1f45ce246dc7fb

SHA256
5059e0a2dcd802997a39a64312cd7004ab0c4b4b97bc2a4f7d218abb92c0afff

SHA512
ab882503f2b020b04af5f111042f714e30b0467d6a451da7fc00705095964669a9050974d707b123399f84349db5ac45502af2116406ea71b234694912656491

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0ed58d38ce544b05ba28994ddf505f3

SHA1
3b2d1d6bb226ec8f06436571f71b0bd8b901e683

SHA256
1cdd0bc040fe9dc36bc16bcbb1e0478e28ce95a08d490c72183c350b133c9654

SHA512
e9b93b2a9135f3bd700aea69210e921c6342e7fa9abab263ae774b94458783a6b849365e08bdede6fa4d3295a95a552944dcbb30d8fef3c1e879721a9f2d89de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7992f288093e823c630af7bfe076944c

SHA1
9461ad2a661098b7ea6c9fcf5a8c04a9e82e6bcd

SHA256
ff127134ecfa42aa62f136cf687caa5c57199f25ba4fab53c4470661be38e0b5

SHA512
484133aaaf6ab5f707ccf1e391d92b65694a6143ad24548e3c2e799515cb167617e4e5bb1ec457b25348c1d0c1e5f1fdb154c0352974de5c55027f5c5ed843ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52d720797fbaccfc3eae0749abd452a4

SHA1
b5f5873878e54929d07d4a306b8add2238f0e00d

SHA256
aad6ad9e5cb6b1c4c027c70783aa67efdba9ad41af303d613bf2c329e9011f87

SHA512
bd0a4df2cdf40eb402dc17d88f7dcefa00aeecf922c566a1384e27176ffeb7c196b2a9bea07e02d980ad6124110a45809314fd091bea90f6c531ff4d361b34ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5542816fa22fee47403d8a72308dd8c9

SHA1
79987dd930ebe9e15566452fe8d960c782027459

SHA256
464031d7cf93a2fd625c11b34b3bf7d00367f487c1e91cc8c501604440e86a1e

SHA512
5bb1b00ffd996c3981c9a7a2acf9a33f0c79c6f0aa3b4223e8e60c64ce059ca12080284775031eb99898454ad905553789910750f292d09b5cc200f59d26a053

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce8dd92716bb0b5d955373e562e182fb

SHA1
fbf3c0527caa4b968cf2007e078e65c9fc2809db

SHA256
ec568fef6c608b4ea1833dd0c79cef31f7b97126ab87bf7487b958629b93b036

SHA512
7ba3afa01b3c71918d8712823ea9ed500545fe641569e0e284fc17e47b827b0ae0896b73ab35fdc1b008565c14f9a0c6050403653a2df8eee0e0d24978925ddf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
672e3bce451b71933ee2ba42e7377ea7

SHA1
02256621e56948d11235701fdd81aea193010fe6

SHA256
842000bfcdac40c029690e7c62d5eb2c0a46a0aacc6fe1663d6f177e3ee27da1

SHA512
f460a5e7bdfd24295e82d7955cfe85ed4151c712eb1b88723a5730660f26012df70a750cccb6c1b7861a9c2da6811a41a8cb06644c1135cab459b35b79789fdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aada05ca0ba0035e8b7becdef1360413

SHA1
f3de0f6c1e0420591d8ae66a84626d7590ecc8e9

SHA256
fecd4d180c5c87eaf67cd528b003bc6effa25a3c8c8c82e5829c161f7f7bcb61

SHA512
05c6917c2cb33d9d0bdb0274d9ff20bc8a2f91cd481e2534aea6f85b73cf3fb89486b52ca1dcee389c301b9f8c124cf21d58f92694afe4a761760916b2279973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
194ceb2ac2dee714e6b4ef8f6bb4b002

SHA1
222eecdb02ad246ecf79e0213103a3ed5818abb4

SHA256
0708b5397eb3efe519ec7cabc0fdacf24f239aeda60fcc53e9d147139c272b2e

SHA512
e75e63b07bb41540591fbc4267ac1579c6657ec48db30b352222ebd66eb9b5a5b3c00ebb152acb1b747ee76a153cb16266fd08661b1142e1ac7d2392a9f913f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1124a3b5699f66c3c0867b59a2709c39

SHA1
0f754ef0374783290045f18f21231cc0a8181936

SHA256
b9c007dba2e3f2d2f10cc260f8a3386255f29e1246e6764816ec58d90f0933e6

SHA512
7b9b1abe6b3cba42ff03e97e750380f4c41ed064cbeefd13c0cb87aa0048f6f6f6236775d421f9bfa46d9a826a6b9f3b497c8d0a6577477978488dd104454e9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c93a18f394e73a8306821c21c7a410a6

SHA1
026da52c2791c41be0dfc4223cdaf77ecf36784c

SHA256
9888430d54e597aa1727b2c5d5fb76207ff7ef189b24dca86c9b59e480bcbb6e

SHA512
13afb0e64ea5e0dc0221c7a6f68eb997541f1d2283facbaf81bee9e6a6ded2d80e3ac323b8dfa683c8028506d8f38d1fe5716ee2eeebdf322e2263769a5d5aed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17b99533a97a868e29a6150b7e2cb9ec

SHA1
458ded977223c3853e04089b7a8b8bf8d59732bd

SHA256
9a64069df9a150e2a45789475448a4d1f3bb6891c16e04819ca79a5dc9fea63c

SHA512
716aaceb83d63101f3730931bccc06fe2c271c0e984ad90bbc5adfbc00d7b18e78fd790c92274b77ce28844cc078b235625e463e7dcdeb05466e3208f4813edc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d62d1c2a28bb0d1489d8be949e831201

SHA1
da7024a3035632c0588438d95b8d68411a4e705e

SHA256
c956be1ac721cfb13494dd2ec36627c4bf601a48f0fe75d19dd9c1f7ee0c63f0

SHA512
91a396660a177d1ec019ad43e64a3ed324eab35d910b6883bd77aee66b5fa22a947f8ad943e860ec50dafe0bc24a891a12f79254291782a196be994d2a081f07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea4c5fe4188907143f01a945f5a221ce

SHA1
c9925cfb36016457d90f9b6157a80d5c72122243

SHA256
f047c70b058032b2cd6af516ea363b5dbb47f7b9a76a5c35be3c49106c44dd3e

SHA512
2e05a0f653938575b8e13967cf3c667d315ff7a38ebf8e9b49f314a5b685011c37854951bedbf0e72e450564242a245be35f2547f561b809380af65df3c3c53a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51982f2404baa0099e53b883ca2d30e2

SHA1
1e087f0c9de23fb76836f5b6654cd1b8d7001aa0

SHA256
ae19d5e71969d3f02d22fa4aafcae8a45193b01ae279e9c4ccc1069b8b9f6729

SHA512
6eef01f880ac6408b165b650cd24f85d67c1674842bc6b0129a068c019f1dfbf7e8db29f3077707399e0a08f11e1ad147e2991554a3477dd9d2746a0ff568f38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27a0c85ff16dede8c287cb43dce3bd65

SHA1
30e14da9ffddfb6c6fbf6fc5eefc7b396546738a

SHA256
843379a69e182ba47f3c43bac416b16840398c7f5abd400299befed0494ae769

SHA512
edafbac60bd79e05fba87df885b5bac49832e36c6effe741415ae8e79fa6289b2a3d5a3fab88d66bcf631f1fe1dd2c27a4026a8c4ba75b4ad20e0ae8fcc70154

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2405.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2507.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit