a8285d466aa8dbed7f075f6379d5eef04a694c5e6c24adc37febfb63e83175a9

Analysis

max time kernel
0s
max time network
144s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 08:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

23KB
MD5

d955ac59477bfdee039238c7ab3d430d
SHA1

29a714cc083b3109c6c07a62c12af00d908be7d1
SHA256

f3fcba9668fcdbd2ef83b26a79b1f87c4728506637bc43e941d2282052646703
SHA512

8e61f808df2a172e200a2ee729989915cff0556e154203d4a750a5e285ac26c49b64cd6deb0803a5fa0e0b805cc3c7e6a5087ee395e037861f1a61cff0f44c86
SSDEEP

384:cSFpvAWRuKWkC0cYExddJdkpqStOAVu1Z/1RFduTvMotdvu3hy:co9ACOl0cYExddJdkpqStOAVu16M+dv3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5B840931-4B2D-11EF-ABC7-72E825B5BD5B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2320	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2320	iexplore.exe
2320	iexplore.exe
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2540	2320	iexplore.exe	30
PID 2320 wrote to memory of 2540	2320	iexplore.exe	30
PID 2320 wrote to memory of 2540	2320	iexplore.exe	30
PID 2320 wrote to memory of 2540	2320	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97e3dd7ee6cf22c26b70b77522fa16a6

SHA1
240a06c84e0be85b8e1068518fb0d4db563d7144

SHA256
4e4a6c716515ef7b689c08f7939ab983d8cbc6fd87405fa4ee4c56a2a4524736

SHA512
817b1fd874393a10ebcfa676df34c35d6b5bf9b85fb9ad10addbf9b4218cadd718425825addf57ef9ed3066671cfe171bb91ca45c978297b513aed6f9377e225

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe5bd0b871ebf18eb129dff334ce43e9

SHA1
18089efac8fcb1044dee9709bb5ba1d9e5793456

SHA256
f42b235522780e96e1d005071545a8a995191ba8e7d2ea959652e8b9d61cce66

SHA512
7385bb386769ca0a77a57e0be28540104c8b19e727f388d69443444486906334611e4d6df497d42038a3a33b1dc264bbe190efe098a045d1591d3e4baa24707d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c9bb38a183dcc1400ca21f88457998b

SHA1
f47b13b4828630eaf910067d275cf5673288d46c

SHA256
471ce3851feaf96455dd053fdf16ff26b846432e083c27b6df8ac1ae5a44cef9

SHA512
64c38638109e696deb4f4d9e36706d8940e8633476c16715dd41179154f75b9ec5d3497df8d1fd0cac40c76c11b853fb3f791a65aeb653dc15286c86769e9ada

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f20ac94319d0eceff85bd399fbe4c9f5

SHA1
c5590aac5243ddf5452d59366e1d60fcc820a975

SHA256
3c6e0ed85473bb38e3e42c950e4ecf4d901a1f06e1018b0365fbb962cc2aed11

SHA512
e22b65db950406cae1d91d697e47b35eee3565b3c435c66aa58ef206d9f1a6da6183aebd95adb5622d99f6d5e123cfe4f55cbb0cd22e874874c165deee1673ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12063b9477cfc6e59f61cd84f9405a72

SHA1
ac836296affcbc0a9533b1e2f0e9afff472054cc

SHA256
533d86e781f0e921328ab48b8aa521e9aa21fe600d44d9f532b70eba12dcdb2f

SHA512
ad53c84dda57124b8d8730a94235a5a694f41377a031e471b008c051141c9ffffbc8c24f8b02d231edd930a75dfbfedb10fecd48b95b9388c8f1f336f3f78175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc9db1e2c71c5390859ad83d8511bb04

SHA1
b52bcd31c1a348c1ac8eb1c8fe5faa88ed19f439

SHA256
98283bc02b835509b7d29ef9a730a391ae0f7eae0f498121314016304847cf20

SHA512
23c5e76f73cf58b8b02de828b4ce9eb0e586bf75472c778811a73785f7a25fecc98dd91dacc387b262384ae203cae2f8c1672497a10a503bfff0491ca03e326a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
305f3a6da923a3f6155363bfc0eed02e

SHA1
17c528e8b6c5ac20c9e9269064319e0730a11a76

SHA256
bdf8a96f57d036d8923a59319dc2313fd417ca2d2fa097ee859ff762a203b7f8

SHA512
d52fadfc367de088c8a7d55060842e5bcdaff739b4c6ff50d680b30be3817b11f188b50193358f481b0dbe56e366d8649777c3642b7b5ee1a516517c1c12567f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eee6792c57d02e0f194752b1fb499511

SHA1
2cb1c07897413f0244353817b1d55f265b1eb928

SHA256
c0a73d15048f0a7ca7e8496bb796ed85bae14fd484edebacf653a8e28eade4a0

SHA512
edf6cfb68cdb477aceb7ddde02a5d12931fac04413c725a4eff63b722273d91f90f9e78ce58baaf23ba8f4696c2c55e7879b0ec997129ebae05c0c22372fdce1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d71af18a1b32379c861b52104ce23d86

SHA1
8a7d78872388a76c882990a592231cd0b086fbf7

SHA256
e0d499927d1e7d278196c08ec5d96127c7939b131d9ebbbab8f21a0f454ff0f5

SHA512
53f33fe4857d71771158f9b2a5dff4f18154f596a7bdd56acb4bcd634fb579090b5c7c62e1029ffdc2308187ea55825e16cc29d54513b89a2da29fdde43fe5e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ceb0dcc7659e2d885feefe6325cde4de

SHA1
b0d15ab084123e9acf296d2790e9f0c13203d2da

SHA256
cffc889b96a48c0d2fa707e5a2877ff0c222dcbec62d7e51f49fa23c58ba631b

SHA512
33bbe58726a002010ea813d35eba2c534ad9330ed75503767cc6098a5066b85844b31555608183893cbb0fcf211cebd744c5a7989601e29eda6e028932e26888

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6360b94e5f8cae5e385eb6820bda211

SHA1
3b6bff284ace58ea81b4aeb2d7497fa1a4935871

SHA256
b7a4eedb41a94bcd3e0a97c467d4260ca7c0fffac16bceb2fa36e98093faa1aa

SHA512
c1f978b7c2d3ccae1664c7a718ad374825ad024adaf2cf53f59f8c1c87cf2de0808bf39684db7ccb323a5c7a1a86125c07ba5eb90891372fed9bfe8fbe50b517

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f178a14d858981c3ca65e35173ec9b46

SHA1
080621901331f3aebf44558e9aefa5b83b04634d

SHA256
741ecad8d36747ecd70bfeee3b4817b9587235917a3347d4f06d62c1b11c1a3a

SHA512
c598075396f02c7e21f3ed6283436f6cf2f73b5735e862037106459efac726bbf3435da11b84944648179203dc9177943d93bdb9cc8479a7435cda3780d2dca0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea7898b659df687125f09d385f50ab5c

SHA1
3292cdf5b4b29d1e85333b109aebecb0e9f17e81

SHA256
d2e4f677cb585609f9c603f46fdda6cf62a91b6829768dd2a92e3c9165ad7e44

SHA512
8c628f81524b114310c00a9bf1b8805c86ee994e4227bef0127089538183a39a69cebcb754ea009c5c8065e84bd57ce43cfd497455242760452f0d17f1e0d3c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e7573da40f318f2e3b026a04237a8d2

SHA1
b8d60b20489cf5ea9d8f6cb6cb00f8df4a555c45

SHA256
b69a311fa938759ae5219cba06eb98fb0eb7c3ecdfad92a5ddc596aaff6cc82a

SHA512
25f325deb02590295ad88004f0a1437f09af2e3caeace843791c1972b28e73607d7f2d8fcf4627fc567c8ead69cd3941ffe9c9a8197c715d0d02b8e4aa65007b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48b3b56999cd92f9992b08f347e60aaa

SHA1
e1cc58800bc4ad37b39cef0d920ebb784564e1bb

SHA256
729d4175655c76373bdc6bb62f2226aeb39d17c79c91c975ead27e79b58953e2

SHA512
e4bca27ad7610af3100f16dbc85c914e2a558bd2ac43af0f8a0756012566db49ab5f483b96b137ce9d94e16738d6fc92bb1a3962c7874a82013cdd15643b25cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74f1ec6c1856d3d70b37c88cdf164025

SHA1
ba3c579e9e7177ba7dc80eddf0305ab40d0194a1

SHA256
d15d8db9b9b68549273c26c14843c2b3938cb286f1d2d1b11e60a778d9259e96

SHA512
c8dd20c31721bda7616ba14528d7a205f0f3861e625d9e8cca8550a05a738c6d3659ee1ca658280924f5b635a68888d65308468ea27f6b983da02a6e32119af0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3fe9f9c469dc6ee0b395567bbb276ab

SHA1
099d17657c497c3229a744ff09a1960feb732d17

SHA256
1b172590c4803bfc50fd22b455aa04f9ad4c4777d21b5d2b54972c6b414d4988

SHA512
b00ea171377bc2af2395b2137b15ec5da78bedfb618f190245019e8b604564920ccd7fc69d1a40875a720043f635b958a42f576b6438ef2ec007381d0431f24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8240bcb22138380b885550e7468b3cba

SHA1
d2457492081081e113cf1339b44ebb991704d9fa

SHA256
ff6a82df2ad77dc8955ba8746eca60ac5b5a8f0ca450e127ba350d709d2b7587

SHA512
5c8c56c133fe0bcf30be34b19d5a914f117099aee59bbb7732107a27f7d05ca2172d651ce8ed82df2c7665dc7027b2b44885c6e10242f188d4797cf3ea0fc2fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0db267d23c702e8bd63fb875e473d7ba

SHA1
9f3001fe8cd8a0904732d655dac504f01502040b

SHA256
a833e215426744928c879f47d6cd282eacb2e331f1e7ce17f127c2d74782eb63

SHA512
e40ec7c5bb1ccb347826ad6423ca73e88f6b89a9b40822a1c12018ef7a4599abf541c9bea646f11a48459f878180b412bc54b65a09857e4cd288c58e48b4d8c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17498b71c816d7d623fa6a06e88f5bf5

SHA1
007446f49d6f8855810201660a5248b033abc3b3

SHA256
96c574eb9aecfea564de411f00008868ea026e4186488098fdd70edc0e8cd142

SHA512
4b6eed1660e4e019bc0a6a1e6ccf7c62668bc7e82a635b2b121ad827796e741ac29e32868c67211f2ca05f9bace9e47001e4789a798e472955813b5cf5a7ecb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ad044f7cd0aff0e21fdd9a89ceb056e

SHA1
011dee1b71de94a00097e86df81be831b096295a

SHA256
a5f22ad4d41be738b036ca2a548bfb5a47cd7e446a5f7bc016f364c82395c4d9

SHA512
891c7c052f1e108b9bb486dbf0712ef1c7297621ce028daf151e4d4c7ec1d2a905375a8413ed784d50346d3c9b81795dbab8fe04c3c9583b003a0615d3ade8c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b1ef5e8a8cabb6e77b62de7696d31c0

SHA1
e3352dc88becfc52ba94fdc1ab9560726857690b

SHA256
4e9ea5022172c20aa54245564821ca85263f98d79f87f58a54cc4586203d50b3

SHA512
6c3093af878ed999d076dc2c09ae1f9f5bfbb4cf588487b5e1b73119c3b64eb55ffab81c2daca45f037c61b3310ab2bf1b8ee4bc95d4690ee2c66634614c9e7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd1441e2188176933a25623a9f463822

SHA1
9d2d309c860f66a16e8d348a06abc07ead6e3916

SHA256
5f1d3a8c8dab2ddea53dae8946f8f0c5c7f6ee4ba81e7a8ec8ca43b60dd42c13

SHA512
4d3ff155b5c96951c18c13f87b41fb70b23db6143b760f7b2c5a56744eb05b560dd9c9a90820fd17edec0ce9c0fffb96e0f1429fbcfa5159e0bd750df09c0e18

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB5AB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB5AE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit