5f7eee1cda539c436f51b375bcbdd2738f9c2f2c66ba980aa39b07479cf1011c

Analysis

max time kernel
136s
max time network
142s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
17/06/2024, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

68f1e029731d5d5cca7cc15ed450a309
SHA1

bd9e7e0aaa5646a93b491bd7700ed98385cf9ef6
SHA256

d51b5bc307cfbac7a8a65f44b4a93f57b76a930c3628e7707229a7a6a3edfded
SHA512

0a819441fb778916747d1a303ee9dc1e31cf568331532ed611a03af1896a2b3668f6f1480d3d7558c43d80271dfaaa34b40ee606b49c0018bb295cc24fc561d4
SSDEEP

3072:S+P/rCTxk5yB2yfkMY+BES09JXAnyrZalI+YQ:S+XQdzsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424747378"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C7E48541-2C43-11EF-B98D-FE0070C7CB2B} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1672	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1672	iexplore.exe
1672	iexplore.exe
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2668	1672	iexplore.exe	28
PID 1672 wrote to memory of 2668	1672	iexplore.exe	28
PID 1672 wrote to memory of 2668	1672	iexplore.exe	28
PID 1672 wrote to memory of 2668	1672	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a587663d6fec75a21d62f46b181bd438

SHA1
d4db8936ba69661717d2cae732026451e9a3f4b6

SHA256
19379681b2c14cdce864217d42081c9d97ffd9aeff0c5d9be212479f60a8f4f2

SHA512
44cd98374b119dccffd13595625e14e1fe841fb06e072f2af4b31f52db14eef3d670e30a1dc8fd49b665f4c117866174ed02511dddbaa8425b7a0cec919a10f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
493d56758752a733841992157af52237

SHA1
4eae70658936eb616f9b627859859fd40f61f51e

SHA256
e02b2ce7f31ac04e7dbc1cbf64406f748cbeaaa5939c407de53f82e2d1e26485

SHA512
fbe2580c22cbc528f612e85e248b49bc2c7b547125611945272396fe81bbc9c2e23d37ed8f179ce946888b49ae7c9e4d1094da846ca4d080eae027fd1ba15069

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc0086b4425515fcc9c36e4baf10a79c

SHA1
f293334954a8cfc0c64c2f04623cd7a2dc2d50cc

SHA256
821136eb8815432250da05d8bdef53334678455cc198414a17d5fd9bfc4a920d

SHA512
de84c7ff62283da1e71b0caab33219bb8886373650c810f931c382a7b59caa835eece0dc71fe80b02351adb52b1108d9d5ea64571953d8de08c7ea812fb8042e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
039988bf19ea5256d44b0f58067f8fa3

SHA1
252fe8b1ad6a99fc4ced56d05e750ac2f416fd7b

SHA256
092bcc20db601dde7652c612c38cc5fc7935903b21d4f6e017d4a0439c472f84

SHA512
2825e2d06ea175059238475d16786117bb912fc406b2d22db822ed9a2fede5a9ecad4b5b10c2c6e993d1133bd15a120c2f8fe18abe195e7335c608aef021792c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
759164fd303f4e3b436c5968fe3b8da5

SHA1
0e375ffd934a173b735e349236df3145ba2e8bd6

SHA256
302223772f0c90e1bd2629a1945ba2007bdf7c349782b55d67cf81de15f2207a

SHA512
bae20fcf4adf986a651744c2fcf782093b09edc132ac23694d128b78769ac463b5bc9d240c29d2feeeaf5be63349df5a67382902cb776dc458774ffec96a87f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e98914eab8d1f2a68f61a8835d3301e5

SHA1
028ee37abc5acd0bd00674ab755f84b60cdcaff8

SHA256
38ccd53027409f8ef0286796b5878a8af6bad7a128c84863de07aef69190e694

SHA512
eb0021d54d07a704d89df10b69c974431389d020ae53494cb42d023f8be03112e836b20f7547bd4c2bfccbf537250b891bec2e8fc7e02b268f188554ac8c52ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27981a653c28caa2be8766f2690701be

SHA1
a3c2dbd86b98c687dbeb3b5b855402f00725abba

SHA256
88ffbc194b1a851645213df3ecf2e5de3e0dc6243ce3f85e3fafb6a8546ef4f6

SHA512
27def692376adbabf5580ff7cc9505d4cdb44ca677a0a2d232ae0d0101da2fe9087513de6b24fbc2a45e014c424c138a2489151e81a88ad98c9e2658b073d682

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f66585719bd917a5300e0a7dcc138b8b

SHA1
68e81e30e76a1300032ec41de32d94c99f2d2f93

SHA256
d6fd18d525670d960c5bf20d0dd93dea91c577f6ce22fb457af09e75e08d3b94

SHA512
cecb1df3852271ec14ba07db99d529ce72cfde2d9eea8a411e5844b24fc4ca938f24f45c0947cf8e3d31107d59e5929c8c6b06d2a185caf9fad7b8505c418251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7cfcd59b71733aeef87ca1bba60072b

SHA1
3ca9846fbe122e81d85825662e139dc525f23441

SHA256
c9d8ddf134089da944e564b40a84e4242d467bfce041913377819af1845c017d

SHA512
01956a81ab870b331f3ddde19aa488aed22f731ff2c5592dc214edc2f36ab00db5626365bbbae981e5a4914f9bc1b1c1dfe9a821bf66938135dedec0f6aa0c4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea61ce2102fb91c61087e6d196c5cc1d

SHA1
434f40a80eff50b402675e61ab6bb4f1b05b24e1

SHA256
92be0f49c98c633653527841aeeb66bef907475f6433b99d81e4df5d3f6ce152

SHA512
82735b4cdaa3ed47ce8a800a660a6d8da0294e649bf65086fc5aefeedad031945e834105c860df5ae12f3b4c731b6dd42b1cc7ad14e9aa3216a5c530b33a80db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1f2e8f139970b9ddf70a74ece8c2cc8

SHA1
7fe077fa7d63b43cacf26f425ad9297a96b51a37

SHA256
f88f5dc51de620db3fdf43ce80bea4826bc14559fa8890991f4d615d680d7b27

SHA512
f18179886d244af81d50a0f14c6b91dea1d8ed4ca8007ab33846f77d14607367f878213251629b8e727e1c61cb858d040c3c33a8370d435cb541e5e02a4f5b79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20d9c3db9b85c8ffed77ce1d34b6d7f6

SHA1
ce3829ae1da818aad9efa1d0db1c4606c8069c00

SHA256
24c19574585ba91f21b98007692556b6cc90f7d99fcb4bb82a639431ccf10334

SHA512
471d5eab4e2861dda84bf769b82812bb36b1bac1ad82c72bdd6027e3e6cdaedb6fcd7859eb70612c2a0e6074c68743cd51ab1fb2b2e0600b8b943fbab6b28a52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc006e002427fe2dc03315b5c90325b0

SHA1
0773888499d5fad17bbd7287f58e0e9dfd3c501c

SHA256
7fa264ad8d55e7e220eb08919af9f12e9f14fd19fb912df66b675a37ac9f20f0

SHA512
fdb51e0db1ac03522deff318661e15907da26bb25f682aa3b5eeb9b2a83f589e2fdb5a602365d849c813b27d5abd5caee164fa29a99fb3d36fd0436d71ec9e0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10db7105756e3b256170df06cc4359ea

SHA1
ac54ba3f7297ca1596217229140b7ab9afd83865

SHA256
dd53bc189afb6c56ecb724d1a1e6dc929ba1c11d4ae87c6ea2da440ae71ad066

SHA512
fc25c0fb95ab7627c2d68cd8b08266d213709bf50f9348843ad981274aae68be3f9632531cb5f06f5836d110bf0595ed22fc9d3615bee71fe8f1cb285d78381e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71b022afbc4e285f9dfa2fd01258d94f

SHA1
684e7b0eb5e57a8f16252ee4f4fa329b3f60b6ff

SHA256
716619d2abad154175dca7547bad5c4f146eb272c8b92ef1784e9d0c6f80a227

SHA512
a743615b272236ea8319834f8ba08ef7e89713e269fb07050b97980daa58850c82b03d704328dd8dc09ae784b93cde9f6367135f3d9441a1c2a09e03efb8cf92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c69a050ad7543db5e3b2e08a5ba41de

SHA1
a40ca7956e0352745bb36fae09c447ac9fa8f943

SHA256
3557f3a22d60e45ea4f04608a1aaf6342c78e88e803cd1a782870b179bb89dfd

SHA512
74e2aa168a8678c1041e7f8be24487ea1f131be45cea2b3aac71a52b6efe09c480b52c96fd0a5a63cdd774bb2928206be7723de813a5c8b39cdcdcf74ae22ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60e0c39b30d934006e7be27647e6f7b7

SHA1
97a7aa6b2b8116d153de4c9380249511b12bb926

SHA256
3128b7a53d92f4d5ce3bece052411fea3bfa6096c2c412205c00e90391546295

SHA512
2edf57da7475bd9b467cff22c3149c91960b8b4dd3b380717c058fd31b7bd17d86252bf63ca9658f957f48e60dfebb5684dfde45ace6c3d2b506160817ae49c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f05828744c43ee9517b4487947835e3

SHA1
39e5a2b53f5b098148267c5a01025da70ac913c4

SHA256
00b7768aa89c7bdb40d4e59f0b65c138d11001dbd385ab458aaddfa5b67aa411

SHA512
bf9b98c8b7f9d94003c94519e13b05104ea26747ccf761378579eead7b7c920bb34e1723439249b86e9c904a23202bcfdec8923248b93f21528f775e994b0ea5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
487ad8d2b76f4724abda42af91bda3bd

SHA1
ab853b3d892210cc21827c9e9d0526d3edbdd14f

SHA256
66c85e1b840e63f8ebca9fe9635409f9c927e881e8a886899d466ab7e69cf270

SHA512
91e8a3ce5c6a1fca9dee3ab4fef1cff00278e179a661521bbb6d4ee590db0491459a0ae0b60a12afcbdd94487676e4bb81a9983c05dae411429ce6bb3e35409e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5522.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar55F2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit