90f6a32cecfebd5a8e86ffd1ce179ad64cb1ed93a0ca64264c5684d3c50129ee

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-06-2024 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

c0142f6f11e77f39f417d11df6497320
SHA1

e7e8abbdae612b09b3b20d6090690f90cae67687
SHA256

47af36f93b4abba58eddba1bc3edfadb59a96cf90f1cf03697825c9db7843635
SHA512

ef5557fae8322fefd0b217a36ac682893d92c42159d6a22a0d38ccebdcad2d915c0a63e2d1a0488be67cb7973fe8ed177e8511844bd106e16a5d9eeed1212988
SSDEEP

3072:SVFdqaRpnwmxpMyfkMY+BES09JXAnyrZalI+YQ:SVTTDHsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9DA0E741-2E61-11EF-B991-7EEA931DE775} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424980094"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2160	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2160	iexplore.exe
2160	iexplore.exe
2892	IEXPLORE.EXE
2892	IEXPLORE.EXE
2892	IEXPLORE.EXE
2892	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2892	2160	iexplore.exe	28
PID 2160 wrote to memory of 2892	2160	iexplore.exe	28
PID 2160 wrote to memory of 2892	2160	iexplore.exe	28
PID 2160 wrote to memory of 2892	2160	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e4645767623ded9e3e816d341703665

SHA1
5695a2112e5261887480ca498989e2b77c734f04

SHA256
91eab803abf71bd316946b3626844c5ddfbd46afff7cfc937950273145fbe948

SHA512
ca172cf0e7ee3007dfd5bb8dd8cf7dbedb5a2e781ef53d15ef93a7e2cae53cb8eedf604dd0901ddfb5430ec4ca33541579670f25aabcefa7b9cb9c3e82ab996f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01aa9d33f716e42bf82343e75410f495

SHA1
a34055c9df74c79d600c6ac476076d4aa1fb89a3

SHA256
de635f3f2da37facf9b1bd112c093cdec687811a3bb8caa873fa8131cfa02065

SHA512
31e5d91ad473ae7fa36d51936bcda578bc6c309320a197b7e55e3faf8cec0ed68741c3aa5a9bfd04ece7c0ba727bad73da4d013d7a4ee35b6c6b7d9c2178a90b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0cb398a93dfb36aabfc298c648300cf

SHA1
adc142885a321df5cbdfe513b273a899ec51e163

SHA256
a4c67fb3192c3292f4d617ce07a955c9c6c4d5619ed668e0d3e51bf658f7e127

SHA512
35cd55f7759f13258594118efec43d053feddc6ccbf95d736e77671de862164c02b8524d44add2e421e79db0a182ba1ddcb8fd7fc90f859b79a0ee273e37b9d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b5321ee37a15e72af24e1d25a1ac561

SHA1
b7155ff690ac697248abdb8b92019023ab851645

SHA256
e34d9e3234e7c62be8a74978e821826638fc7b0a5615a906f26a41eb8cb5d22a

SHA512
519e139260751e68b51cca017e77fa3418d8372df06430dc0bc95d962d187d5f8c75a5b6e511d9b52d7950d80d246e7093b97371af4cbe8a123e24db4a0161b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
424669644eec632b23f1c0a39bf6cbf4

SHA1
70ed107ae8ad71c58bad546065758721d542141d

SHA256
71d6b642b06000569df39faa7ffcb908c40ccdf5c30b8fd5c5c9393634062885

SHA512
4b9cca8ff1454082dd4d7f432fa4a05c4fe5c546fcdb513006c8bc6a8b1221ab00d31d8708884f60cc0468db1696789a51a8bf770e062115caed0e6c2bc8bf4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
200592a842f80a4663c149427c20261f

SHA1
66f1e29db355ec3d843d7ff7c60d84300c242306

SHA256
a88605376f98620bb50ea4d5f036aed331552c2633bad838a50054d531768cce

SHA512
8a9a09662646af3149bbd229a61a4ddd515809959f166aee2afd6a7d4ec967cce9b2009ed335bddfb0cb407bfe33ad75501370449414bee2fa48e05bc268b3f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3a211411d196af765dd0f22ffc4b09e

SHA1
564d88b8c33c637b6ca29de69453d689e7b8d16e

SHA256
d281add2d9c3c6206e9b21519d7ccf682c7cba5fe974accbb171f2794c9a211a

SHA512
1f565345f2c105accec5115dcccc31f7fdf9b550e81e36a2b492e9b8b910f5d8c8da9ad299a563ab90d3e23e941863e8c9da0826b130cd9f91ba72113c37ccb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a9447356670f1a720adbb8866b84bdc

SHA1
d39993ebaffdeaec00634a195a19e4df5704bf70

SHA256
1168a304d2e0b2c01b12c73a80b1b66956fd326a3e7291d890a197366bb65bce

SHA512
76db531035fff31b8b425b2e889fa4b07a8f4d306eadabef65ebdc967ded292a17b79f27da704a0e53141260787fca693c5499c0fe5d01c59355d1bfa9a50bed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85a015d3e019fa0d3357554e1026311a

SHA1
036e2d5bad5b075b58189f747c50c76af0b39bf6

SHA256
7bbf8a78ee42ac3b2c614adf0d8eb989610ba9543854d3820b093a40330756a2

SHA512
16014f6c1966464d1497760ae507ce82612257b5f8f6e274bd41911251af398dbc212b05d26899b3a89841c24eecd1a0e1d2e9fc8c428f02e086539f0db81a2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85de6b31566b27a51952075b1d6faa9c

SHA1
5f0d5af24e431623c07eadd2ac3160dd94b72f1f

SHA256
a49896599d8ed35d21f438a0b2ced425162b76485f3844426668af47f0ec8ff3

SHA512
0950043918309a1683be48c2b73af74d97f41c370f38ff0f3cb41fa16bb54640e9fe94f25e1dd571d787b2ed4f2d69869b1382712e7ed10406718d51dd4a9f0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
452ab2e38b2f226110a5d2197fee55e7

SHA1
8ea5a66844b2ae9238bd29e52c0993d514d8b142

SHA256
b74e334c83a521c43543f22f6d33aec22dbc2373c162f8f2174676a2ab6fc5a0

SHA512
8b3f08ea0deff29693bc637d2c43e7b9d6ebee6b66594ac9ca782c6742f1609cd995e3405a0895b17f071829b71bda01b00b0a49910534af643baeb0dcf6c424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd62867a3e468bef61529b5506f86485

SHA1
5285409ebc61b1f085a1289d97872e620a4ec635

SHA256
c286fd8a15192e52b7bfd907f43f5607d0e93c0ce83185a802045520a7883f73

SHA512
e51241e58c9f39c29b10d9c88300c4cfef26202a8f2ce29d6f80d89bd63002da20777c60815503bb13c274b532fdf6b7c37f62fdc9d31a3ecd41ce56355307d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a56e5adbf8959a8aab36e9c75b74d190

SHA1
65ce6fc223cec78fbed1a647a693376b23a2e900

SHA256
0d19dfd2731c8f9c4ffd3c23bae884e9752711f2ad52498cf100cb120805484b

SHA512
a11ed6fff118e050ead4f4b9b60b53a5d179be0b75aeb6fe46aa8adec283448b7fb7cd182a42f6b73be13d22648e023d5d8935e1262b9348283ac6da86400fb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42d90d3921e80fd7a7e346ce25a61bf2

SHA1
8e09a4a998e2a6d8dc127fe2467ce95d734ffb51

SHA256
1ae91e1632f4e9d3081faa5ef020864df139ed0b74da9392b291b6ad628dadec

SHA512
0f1c53790ff554b47dc59079eeed655f30cf598048c9c63328f7cc589ee73a910aaab8c9244a0939c3703539996c00619f54bab66599b9995ba828ec2e2ad95b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
188b93b6e98f520485c8793804f98b28

SHA1
3bdc2f2f67e398a0b6e394ecaefc59704e68b803

SHA256
76578c11e753465cc637ee63f497787ecd18585bfa686a76f5c134abf8ff65fd

SHA512
60193bb8828e606890046f7a513eb8f25d05c2effba05c7734e89e6af71485e7eee947924b5baae29a44814b1ee8a11e8f89b6836aeb5644c0a2964fdc946d18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed3dcb5354143a0beeaea4f9f3ade9a8

SHA1
e336006a64361cf4b3609daaf86ec7257d74f91b

SHA256
b84a2c27a363b528ed755c5957e9b846d00a48603c1fa77fc77fbe594007b67b

SHA512
c447d8d9818a53c306b5a70b79ffd772cef6a0d958cc3c5ad6af57fc8cab7fae1daa97b9130a0d969e354621cbea8b79ddb47b4191cb7fe186f7de3e2bbf9cd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80e961a5868ad81c3b82bf7ed198c352

SHA1
48dec35fd22148ccb3fd27c92a709407bb1f4538

SHA256
7d79a7a9a2205dbb33571a348dfaca556fa1d942a1602ee24f0df19b5e4d03c9

SHA512
7ac193928060eb91c75aa0bcf59ff09157759a4982a9d91cd41f26290f51f44d4ad62a011718a186c27209fbcd59e4b3dbb43b2d15746ed80f6a934efaa35e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9eecb546fc7c2c0537dfbe1a8593b1d

SHA1
754f572d56c050c4a56c1028e435644d4d3be66e

SHA256
ecf7826e1ddc9d67f8d4fc7c4ac666536ca3975f9ead6eaccfe128dc739b16ed

SHA512
16695c75882168cfa887c09ef2291c03f6e624808c502c5acc3fb6cb21a89bb56c8caf2d3819129997d4940faa17b820f89a7678008f462e005eb851aac3e843

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab14AB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1568.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar157D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit