066d99b7eeae449af840cb0b3d84c516943309684021dd227b74e40918e31577

Resubmissions

01-07-2024 06:58

240701-hrjjaaydre 1

01-07-2024 05:24

01-07-2024 05:22

01-07-2024 05:15

01-07-2024 05:07

01-07-2024 04:55

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

490KB
MD5

901bff5e87be7b3c2c3ee45da179bce4
SHA1

2bd44512efd1923b5fd06b3fe2186e506d0f3d66
SHA256

066d99b7eeae449af840cb0b3d84c516943309684021dd227b74e40918e31577
SHA512

560265edf67899f2594bba5ba16f2243a4fa50f764df17eec7d09a753ca2f0eec2ac72c9d0d70e1bfe471b060fd7e16cfb6f4dfd0029866bf6f0d34be7b00697
SSDEEP

6144:VOxTA8eA8oA89A8iA81A8dA8ZA8SA8WA8NabK:VoA1A9AcABAEAAAqAxAnAhbK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4BBF41A1-3777-11EF-A72C-767D26DA5D32} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1656	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1656	iexplore.exe
1656	iexplore.exe
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 3004	1656	iexplore.exe	28
PID 1656 wrote to memory of 3004	1656	iexplore.exe	28
PID 1656 wrote to memory of 3004	1656	iexplore.exe	28
PID 1656 wrote to memory of 3004	1656	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
8d1040b12a663ca4ec7277cfc1ce44f0

SHA1
b27fd6bbde79ebdaee158211a71493e21838756b

SHA256
3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

SHA512
610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
25e25ce89e6314217a90ce2ccca52f01

SHA1
b700ae160c8693d3d09cd7fe6167eecfb59fe091

SHA256
9d3856c55b78249597f0799305393e02816d164dd2e97f6ff42684c8049ef89a

SHA512
e5bce059149da7674d88569e265a1bd23605dade1e1787ce151e52ef8cd0a3fe05d7fe2ca23bb2a016fbaa5fd4ee95ce56f6394d791d19c75bba90ad39e3992e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_A3D4688236962EEA03574DE4F61B95D9

Filesize
472B

MD5
1532f8bec1d945aefd54070b34d8e527

SHA1
37a614eb7824d404ed5e33f0a8d8228eedca6a4f

SHA256
28dc23c37335697644190de2ed80e7322cd872db5fb9bdf4bf140ba1580275cc

SHA512
7439ab5c76dcad67ff7b4f35b5a0dca3984a3be72f271afb98fd006f966039a76934979f45c2a0711220e40e11c97ccd44283c5f2fef307d05b1a6d4ed7a9e45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
8fe32600966cd8994482cd6d9d8079f2

SHA1
7bbf45ed71775c4ec0bc36180d37ce50e5d4d1e4

SHA256
730b253e3a5e1b10058fc6ab4caa8729c0e8ffc5f8e197e921b6c07645a1b22f

SHA512
fabc3549b32f13d50b300def5765bf4a4e4348b7ff407237f7e46b33487386d67df261f329241d4709a87e93a6371211b4d21b061d66412d5acf6614ebe85254

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d68533bcce92778ad2292c089cb62371

SHA1
21a041d716d9fbbada80d52e564c786e574a9056

SHA256
c75dd957c8489b4430837edab31031132c14d8fa71e34b94208d401769ee725d

SHA512
d76fe5b80583e7327f220a4c5a1f87291163cbccaee08dae4641d456a2e9ae0fb38783c98c36d64de94ac2de674c3854b752d389c6ac33fa190f609b91496a52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
91afadca4bf9e81b232004d6ca5b6995

SHA1
800857a50a8819895751f973af28464d2d74eae9

SHA256
e58368de1cc3214f25d6a1d67061c73ee093e23af02183c43a1dcb7b8187b07a

SHA512
0801a39eeef6ce556c5eee217d3c5b2e87b2224d88624c67d1a6f64dd755bceb801c9ad9638b72e3f6b3bdb09120d7989c0934a2b29e0bbfed8f7a6c8e4128cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb15024fcfdf1931ec58b4623cac73e1

SHA1
65114c4de50126b28ef64f6929c67d39a22a2e91

SHA256
7988ea757d88897245667fddbeaa7fca595ca96b0761eee0ce8a27b009575f3c

SHA512
28f0385c2b1f55d43f66903895774fdda8b25230601681b1d40bdc9b95c52c0a5819835cf984efe4a2554aced9d0bceff7d4d02108ab33fb22a201b119699271

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ff5382384c39f97a97cfba8be9ab821

SHA1
62270cde8ba4c2835e53cff653d398583311c73b

SHA256
56f5c2c4ded984abca4dd0ae197f18c4a4143d8d94bb13966f345c04e163fdda

SHA512
37a04ec7b4e9505346465f3b527048ca180f46769904b0aede018e48f47a4b656403f5964e0e9e64fd39f3335b53f6b98b4a18d07eabe2c9bba596cb077f66ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd1224a7732bf96fa230dbe4bd01a034

SHA1
aff973ac252315f0775789c39fb2c96acfe536d5

SHA256
13a5d930b106760085a456e487cf08829a3372442ef53ac73dfb5d75dc797559

SHA512
63b4dbd3d279d62227ebf4c62a3c7e58398a07caa3e6631ffe39ec062b67dd587178802d10ffbe7ce2739402cae3b5864cffaed81440888dc391ae354e1d3033

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a59d9b2cffada8809324fa2fdaaa776

SHA1
0a4580b02950aea82f142144fcff60b3d5854d7e

SHA256
e08d39d976d56dd1d461c3ec78d6e16c46604e241215efea7ffef558978dc66f

SHA512
196119451ebeb1d6f353dc19944cdbdcf8990ebb348e8e038ab5653adb281e590eeb7822393e9eb837589248b60f83aebc368dbe962bffdfa8b5d6bc29ca5396

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9c5134ff34c7cf0c312140ec0f58d4f

SHA1
e7adecd51df7e18055e0e36224587d4b20dcbdcb

SHA256
738d12eb014627b8e67e88939378c70d0dfd849cc41b8d7b3dbaa0b7abcd14fc

SHA512
fc3ce531e049e2e4d05ff78a4766c28b276ecd885713da2e97767141389d30cfcfaf3836e39226be7e27a8890a4652e4932ae45388f6bd5126de92e8bbca68ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd6c0d12428c1a3ed35cd34866f87b3d

SHA1
fd0fd8a57802218bd9fc14fe5cb3d3a38e3bb4a1

SHA256
19ebdeefca2d1a4da81a0c5d5efa588dec1563767d5e52e636da89aa946ced94

SHA512
612a3b2ac8a70411e43804c69f113341b265bb644a3c7be912193a53a3f19e9348f7bc50ab7318d7e3bb6fa4caa82cb039f93f7bf7710218d5184fe2466d1b25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f930a70fefa983b6c5a59d7fb1cc89cc

SHA1
39697faafcda6f5521335f6d9760077719b166b4

SHA256
c5577e29d51d161063ce75384a1ca90b0606a404bdac3b14796dfb48e28ce399

SHA512
acacfb3cf6f9ea9b223ffc63618dd5c64011ae553de7db1c3f5ef19406c7a0a19f57dbedf56a5cf7970960b34141c5a22ab10cab695446ee914d15c830e02763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
095803945dd8a08f09e715e293e53bb7

SHA1
38dcc8f1f00d76976f3240e62e407145cde5b53e

SHA256
881b7fd59d56e16b1f2465776755c0b6e9d405e3d961e7e32f9f2e4e5ca32310

SHA512
7135f7278557513fd40f9ea14abbb7f835e97d3f092b9dcb43e87687c119f89cfe4e815b4cf36364aa221be86c5305629accd712a9c7588315d1850d76cd6c5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff78a38e7f65b7ffc9a34f4ebaa8dea3

SHA1
f6da997845a92c92cf73ef9eb9ebc248b55a3c27

SHA256
580731839c500e971a0f9c4d93be967a69a50f5958c27db736e3a2da3223b326

SHA512
32c9e2a6178f3b86ca83a8269984ceca244bedb85fc44c0ef9c7319d19d4010f06cb31d7076bfd7376cb07708b734ca5f814ea2a3ea7b11e04555c83d3bf9929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_A3D4688236962EEA03574DE4F61B95D9

Filesize
402B

MD5
3edd6d175c7b096f2d9bf4358a5942b7

SHA1
03996f9890a7dea9938ed9969d9240ed6088af72

SHA256
3c755019e7d0af7bcd86d0e26272d8b14f1bc411a38353126060fa2e1b391bbb

SHA512
e343b376f924a881b24c328864ecea1000a9a0d3aaf6161387557f395d24b257512b776705644371effc2c8ff3bc2de7116fd0f5b8c4d9bfadee9bcbb3189c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3FFE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4000.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit