40876715e29d451bdb98dd0028f1349814534a597ec19266280eb06af2aeaf6a

Analysis

max time kernel
135s
max time network
143s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
17/06/2024, 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

527a80426eb2acd8a7ccaadea3dfd1bf
SHA1

78eb044669ca39afd7c14e772afd6c2eeb033731
SHA256

6c5261004ea31342bc6e79a64a3204d2a6f0c7c61bd5310eba036862b16cb712
SHA512

f21cf99aefa60c41595323c5cb551cc75fd40a63ddce058dd6b58a45d584596cab15e84278fc547c4739b0cc3fa970a34e2384909ec05607c9e2866d1324161e
SSDEEP

3072:SzwhIpNtaxayfkMY+BES09JXAnyrZalI+YQ:Szrm/sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C8E6021-2C56-11EF-8156-CE03E2754020} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424755306"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2056	2188	iexplore.exe	28
PID 2188 wrote to memory of 2056	2188	iexplore.exe	28
PID 2188 wrote to memory of 2056	2188	iexplore.exe	28
PID 2188 wrote to memory of 2056	2188	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a53cc8939aad12117d025b932624371d

SHA1
42f1872f61d3fd38fda562aedd0fb4603be90e66

SHA256
331c9bae6a41f509885c9b806c749db2dcf290a0ec21a920fde9c69526e3e1b2

SHA512
e1cf736809e68e1db006d81f8020203ce57d62eca0a4e0e46737d1b2d29a5ab61cd9d06f6be889393abe3930d4388a32982a25c292e7cf628eadaae4bfb6ba02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
300545c992dc10db3017fd3baa84f6b6

SHA1
2a888bc8d58068e48727a99b47f98523d8c18e64

SHA256
22272368f703478422eb77f33f1f8baf7f2b7e44d2b2ff31ab9e1f18ef4fc3bb

SHA512
44be20ebdcfb73639cd677ae40ac23aecd85d974b66b76340e50ca59d2b24c8ca3100a2660c7162f26fef86f00e8fe10611201e95407c3853ae2e0240f51fee8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a9c7552fb199be7046a9adcfa76e1fd

SHA1
15653ac32d37972b0571b0aacdd36103ff1f358d

SHA256
e38fb70aa74b603c1079c7604f35584f9917981d88384bfd9bbdac9086744903

SHA512
d14ff6a1668f38ea46485022cc430b6a7b055317f9af025572425dd22a1e0ca489c75b12e8b46c29457668114f7a9563f69df4ae8f696ed424c519b2baef6111

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22f7003f499c8ad6d91a4c649e42625d

SHA1
e920caa18c5f513af78aea65174231407912bf2e

SHA256
6260984deef7de83abc925477049a03223114bae8ee0cbc243992916f4bcbb73

SHA512
8fe8366ba860a8cacef997b53c828d81ed0a713994cee4be55e687d16b59b1543a4d3f2aa31df4d5983fe063d1d9db4fe9963b6f139a097feeef9a6c5523623d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
609607859224d05178a79cc4e55be636

SHA1
77eeb97f8889f14872a7812f48174d50c1d2d3c0

SHA256
f77590506e0a6cd6bbebcf4480ea8593571c1bccf73e16dfceb80b715ef8053e

SHA512
33f2205bae6bd57642e7f64c0c8d5748c590bc8525ce41abf3a8e81db5f391bb02ea7694ef4b138d3e423d3decb3b839d5fd9b5bfce286bd1c42996741a1eeb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa05e27b96f6053419375eb92de7f110

SHA1
59c7bcfa3732b1fd8d19d9f566d75a0aa440f57c

SHA256
ed58ed16cfc95b4c3a26a2779e852cca81b7b25553469c4f2a8374b88c67c296

SHA512
b1db750c537bd7d6de3c04c75037a701842025ddeb76df6cf1365ebb6dab61520c7b52749137bb5327f6b9d1e1ad9140b1c5bb28c833eb3c2bc828fadfdfa9f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8347083abe417646a3cebe6f0056663a

SHA1
b1a7b807df7205e1034990dea97e5b88148c02c6

SHA256
ee5fbaf5e1ca6e7ed1a91ae6d9b287d7f4d9876070f77e5d25faf2952875b053

SHA512
2f2147466e40a8f85356c2d85f3f183534fbea652e435ed5e1b033be82f05a1265d6ae283ce3b0d0a744cedbb69bc4aa374fef05d6e5e8554a5c871bb61790fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e00135c7466a966dead719580ce3172f

SHA1
e83e2f1fe7800a8ec1bae8f4a08002c5354d1df9

SHA256
927acfcd61915db098b424e2c1ad5f92a732bd7725149b5b34e834c167edfa12

SHA512
ec19a1ac9dc8f8603d270292bcb96ca53fd06e1ab0c14fe3e3e29ac24dbf3cf4a7ba00c8f66d026aa5abbd0f7762c96f76e5a9857b30e18150fbda06ae7b021e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b5a29bade9547f799b2498f25fe3f0f

SHA1
c12c321ea419ec06b29e3f60ffcf5ab843527793

SHA256
67f374a60d102bd1dccee5b0534557d84d18d35a5a81f5d5fbdf573aee8f8ea3

SHA512
cd24ea0a72efa3c3becbe3c11a89746f09c4b84e09a064175c820f2f7bb97cbada4c2aed94ea3316dc53d3711fef777e0d3a8ab9fad81a9778062959d0971dab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec5b5bd3d9e974d93cebac5ebc758435

SHA1
a7b125f2130c893defb43468166641431fc75dab

SHA256
8d6d19c962655a01706964f024181b3a960fc09fa45a179d7766c98594c58e66

SHA512
7abe3e22bf6c8a99046104b2ce48de1de09a52f9eddfe9971c3e5166c8ed0278a2c227c1be9df6351c0e181cc466527d49e900f80104390c3627b7006c3b6756

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b9275363fc06fcbae0d7088a8e95c0d

SHA1
b7685fba3e05eddb28942046b9733eabaf025de4

SHA256
3d5530ba0461ecece85b5fe418dfdcb35b5ff391eaaae9f35e4e68d49e63105f

SHA512
5bc7671162eba4b0e8ec085db07736d3dfa38eb4a01d55602645d536fbdc745b20253946b21d686d3d3330c5578edf7c79b57c9c193353b4b19593896a72cea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57430ac3d8c4f5215775525f032b74fe

SHA1
62c573d1fe6f8620c00099272142c9a37e16e1e6

SHA256
e1bd556d5a293344cd7f605dd0a38672bc7f836067510e1dafeca652e805df22

SHA512
3769e9a78280860bdc720306c6419cc09e31b3d4aae59022133a6f058ee7a5b294bd0b5e9db70d828e731b3d9c38275b9d4cb8bce858cdd82a5724e9aeb6c08a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bedb4b4d26a29eab1fb84aab25a54345

SHA1
0357499660d14c2ddb778290ab045770cd7c1b4b

SHA256
df9db7366f43aadcb6c18724a30f1fd03415a8be8645db0fdc5c08b15cc2f0de

SHA512
3cd711732c24d23a5d790fbf8ff1b4e3ace934a974f7e61425bb6b560ae4a385f5790a2484bcac14d371782f28954566842c5c7484fbd398b7476c20f44da1da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8e757d23b74ef2be0be6b7a84fd8bd6

SHA1
54967f5115fb174c86d87f27d5ec9057dc1094c4

SHA256
7acfb81b2aba58e9bf72c4091236d7356957328a603c027db07f461d027061e1

SHA512
238bae9552048d706835c198107325f51e9b551dfc9c180a9391585b4e6beddf8cbe0ce6f73f9c34e1ba2ecda6f301d149ef235f486c0e82977995f71a16d9e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dcd01a7272207b50b48a317fbc2a0eb

SHA1
1a4bdf090a622ef9bffdfd8b523aac3f7511e178

SHA256
465099f2e5433fb7428d36009b320f246f93b70362f998426584a7a05af0ceb4

SHA512
af06134eb254ba5fc56b535943a9027e60b2d63066634603b0a55d86ac40439aaf2e313d0a2f7de5ecba4c2ede3f2dc2dab82dbb882acaf57801b22fce73903f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07d31c0441b871c0f8ea442772b8509e

SHA1
f4c3c07ba6dbfa85b5330d827eb79e629e89f9fa

SHA256
74533e1dc925a907624931c6bced0d36e5f813df6d672d363ceef1ae36ad7dd4

SHA512
a6b439932ca8fbff5458d26578ce0eaf8a8ea0a5f6a160ff8f4c8e5b2900181089bc1e5d4de80aa8f8b14c836498d50850e25370066b6507ec898b987fb5b292

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9629c16a7b6d94c46e9747ff893c67be

SHA1
b1eb414808815243e0cefcf8588ec65ba4f7c669

SHA256
8c112cfe6e36a02805f975076256d8a41200a1efe5c2d0f9cf09e96475489867

SHA512
b074eff0337232d156e18582a5c5ba4edaa8d2505f81b4f633c65fa4d14c742512342c0be2b44f8c8ace05e5bc59b28221478c3a64ae4bbbc47099d1b38c9d2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e7081ab4d7f4f33bd1d0a397812cda1

SHA1
7aa8f6befae985140faf3f3a51bafefec477aa96

SHA256
db7e116e2b00e8f0e28ea1e69042ded3ffee133b419863b97ff5415afdc23f9e

SHA512
618fe7f459e854fe5a0b768f64f9379143b876486c43b7476fab9de5141c9be22e4746038cffd6ef5ceddfa37f5d08dfe6d591196334ffd5ae98942694a918aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cce33a1ac046faf79e78c29247e3ffe

SHA1
bf68791083375d024927ad326ce9a1e966160d94

SHA256
c1e10fc91b87bdc0feb48bc1364ff902afb0811d8a95fc8996bdd5963b26d21a

SHA512
7d6eae755ef12e26d611912d4c27997e1236de2dfc074ffc05db096de2461f339e313a002977e4e60bb3c498ac5198ebf213b1710057dfc16641327bb4c627e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA269.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA375.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit