46926ae35f82ed2748436c8b030b5bc38cc4bec24f67192387a32712e98c28ae

Analysis

max time kernel
12s
max time network
13s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

reader.html
Size

4KB
MD5

46622e2ee4cd8aed4bc4e1a51f83c1a7
SHA1

c3caf031e4522bb71e1279b7bb6e156a87f72f3a
SHA256

46926ae35f82ed2748436c8b030b5bc38cc4bec24f67192387a32712e98c28ae
SHA512

a6d480b272e94cf14ba3fcd21b79b78a9a88148ad91c6139de455f156c4ec4696c6ddaedccb5b6f6677bac740dd06e604ea6157206ed4d60bed6a942a9ad10ab
SSDEEP

96:zmRtxULRJKrbEZeVnN0UVmTuop5HxD3YxAqj/Axa+U7q:aRIVJvCN0UVmCoRzHqj/Axaz7q

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9CA94671-53EB-11EF-9CB8-C278C12D1CB0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2128	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2128	iexplore.exe
2128	iexplore.exe
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2292	2128	iexplore.exe	30
PID 2128 wrote to memory of 2292	2128	iexplore.exe	30
PID 2128 wrote to memory of 2292	2128	iexplore.exe	30
PID 2128 wrote to memory of 2292	2128	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\reader.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1eadfe83bf9a2fbddbc5d63d84c53f65

SHA1
c3070f5b59da74aead269ef20d26fdfe73ddea1d

SHA256
78a0915dc81ceee477a8f164487694ea9d279f12ad70b0d6cf76ef4750a4a1c2

SHA512
4b032d7712c1977ba4d5253bcf51c01f3fc9636d9e1a0089b581a778c6b312e6edb589df42880c798b6e82aa76bc9b232a34d3956a180cd488c180bb4880a941

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c19ba28d80e7c91523e366191a5aef11

SHA1
5384971773a9adb0f1365551b7079276fe55ba70

SHA256
484323631bc8049f60eda265b1214c81e42aeb885de64de455cc612d603b71a4

SHA512
8a109e114173d8eae05613964335bd12a52541c87aff48275c73e538e25d61fd72ab56925154816bc8a5462790fa113d73fa6477495436de7e28fe98c5f29d3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3ed7a33a33601f2015051c77453bb245

SHA1
18beaff5d3033e6688f1801572b87a39dada8e65

SHA256
1f983305c8d8b2e1d833cdeb596beb4bba4816723356c82ccb2c0d4bb3387fd7

SHA512
a638d301535af24f33c40706272cbac0be549f6f8d29d5705ad78a507b5a549f6d4a4e3648b1b0a4da23147479ea4a05cc512f532e3a1fbee9a0b5c364484186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1907983cfbb4d1bd44980adeaca940af

SHA1
5c41eabd315757add5d38338cf64efaf829a8a7f

SHA256
a3a068f9280d4ce471f7bc3f7fb0b5eaa448476e4e0cd311da8f947e05f9b0cb

SHA512
42d7b9a905ce795c9c98fa7a772021db5aedb4718c773f88219b481f9acc966afc31835cbc89f1e72968e9046a1b8a3d8128b3288494488597ce8e477b6377ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1795cf999b567d73d565947b2ac649c1

SHA1
9617e87b15105122d00bc64458d1b62c122d4b84

SHA256
b104bb85a2c2bda96f98a474f7c63aa914a295d6457fd832c0e2de822d110eeb

SHA512
f3121c16a6cdca078f34ffd79f1b3cdc6806c7f9deb9a6aa700d2bdcdff7970e6b822f74c727fcb449438b8008c51539d9449069c12b34203d788b1493d62b85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ed8e7efa7bd0462d26eb8b3160350f66

SHA1
6dba95771ccf9e900558f273a0b1a1d2e79a06f7

SHA256
1a7e7d9b78b536d758dc19a2675e924f46d8f542be5c43c1bb2b904c2f67b5a2

SHA512
45df8093e83a37859bd716d81d989d230365f50b31fcd1d5aee640e194e92d408988d07d050ffe70bc43f20a7ce993387316b0f9e6bfc9c6c896a0fafbf0accb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5d2e1bb07daf9cee7c39674aebaeb3a4

SHA1
bc32f517f6e091dc4165f65054c8ab0da095b241

SHA256
102d1b254e631465fb9b6e896895f3359ce7c014389f6429c8cb2ff1e422a116

SHA512
7da0b29573b245bbdac98e165506f3a04826b7a43cc9969337235102447974c5c998cd339f8ab041a5ecd2f907bae8d9aeeb8c0ff08bedf19b3fa9abff56b4c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8312ed13c782c61b20f393d027a41d9d

SHA1
53856059a0eae269d491e7cfa2c3362f2dede19f

SHA256
a3750519a3aac9db10cd489143a0738de70a1df6496cb08245a887a6d8ef8b34

SHA512
489c1beb7858b644f110648775e99ae014c00737a31a84304a0d282b40645427e279eb354ae0fa7d261880ccbfa6a18df4b8c30e7d6e1fb946ca4304804b34ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0920bdc5eb724faca4f80f1680b6d7d4

SHA1
82bdfee9ce4d1287d3ab7c67261054658355a35f

SHA256
52046bbee91223233dbe61a5ffa936da21a69067ccab2b46700e18f2e4e48da3

SHA512
89fdc2f8640c22f9dca67469f93c672549a591447160f6612b033e90d8eab314550e8df53bbc151b3aef0b2bedbec788236d4ce1b3c6fd5f3844fbc3f4601892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c00f16308f7dacd4d4a855418452909d

SHA1
a01576438807bd3e3a70fb7b0d05063ab6511e3d

SHA256
a1f1df4b96011d0ba9ad8d0cf92f0c73aa5cdb93c02587d5106ccf5c6fe67f33

SHA512
4f20b3ea9f5c422f3ebaeeb63237420ba309fe94c38bcb53ed17d7c727b4889f1fa660b6aae46b30fb48892c9799797b7603a30afe9b7040d8735baf3a3e9075

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
50c0c22fdd2411a436e1b56b5b1b622f

SHA1
073ee87f96718c206d91efcca2a659aba4a29871

SHA256
9a053719f2a02d48d1941a1c929a59876a2a5ba7d31eadcbff7bfa3f8f22d3a8

SHA512
66c9a215b1615e7abebc544d665dc32ad6009692a6ebb75bab34a6ea45d413a9dcb05b052414040bfd5684487caa87e9941710d93101130554ef5be5a9318f02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
888761f1ea53105e42098648db91ff30

SHA1
80fd585a6eb01f768782254d92a237940992d123

SHA256
99057d3cbd8e4a9204a1c100ac60b4e040358c8a2eca816d53fda82b63a04214

SHA512
4306874db5ab9d1df810419cd9a25a3b17149115dc54f0990d377f5a2510fb8e5a9ae9d2b2c2fdfe62fe57aa212e5af4813813c3b6cc909fdb6fbb07396288ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bd14432fb3946c30cf5049964210ec3b

SHA1
381e7cb2ccb0c1ac6dd1ba57636a4acd28436881

SHA256
692e7c8cc04a07894c7a7be61d2519c41f49d42b2d4a222e928faf7dc0aa9bc5

SHA512
22bead43332a43635c23af68353d2e43388190b993f477c59c2821925a60df9d9a521da0936fe22c89ca765109c7b31fbd3a7bbffffe14c6e70912591821978d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
910c748db5a8e5c30655b59b5ba4ffaa

SHA1
607cb54c7a9b942593b90acafbc5d16724243670

SHA256
7f5fa9177ff6c51cb7caf2d30dd43a4305a6c69459d7b5733aab7719276624f4

SHA512
6de38c898c7bdb6b6fc066ca88296504eeff2dced5862e377a1d6b711bd81721d7bc1502920f02c45c201776bd0b8f8015942bf5c828abe6f2dbcfca6f24c0cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
228f01abd09887f8014fc8bbae44c864

SHA1
9e28f3571178a0485f30d72775fdfc754472f427

SHA256
d7c139ebfaaddc6025ed567a55888911741045f6bb6524a9a25b6feb518a96ba

SHA512
8177d231f647da74c1c53a252d16e5b7c2aa435bab75f45f967e632df125bb1928dda90d0dd19e99cc55c4b98663a37c7da15b29084e479ab094fadc09a5667e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
aeab855eb0a004ac9bf50f796ee498e0

SHA1
0f926e7f32d7ded0bf217ce2b6aa58448b8d1cb7

SHA256
8292f6eac03bd598f9c889dfec15a5edb7b10f6d12c9aa02da66fcc4530d4496

SHA512
f69f23006878d0a4269625363c17af8254c281e633787e4f25e8bb2d1090048ec15f26398a5e116f76175db30efa79a294dc6b360c0881e43e552b179d0610e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3ee6d15c62180cd7a1cea11ea96b561c

SHA1
dc39c1492d6c268c78873dc56cc179a4dd847afb

SHA256
9e2d4af8d2c7563f44c8e5d392a12b3eeaa3fe44cd07313e6c1ec54a9b09f96c

SHA512
4094ce37b2ab9dce912dfa5ef8a263e882ce57139041e626af047f2f10266935141ce17818cc75393bd6e7216ca9172d37eb8a29e2e775a46519941633bc5206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
77236685e6d30344729f3f88479192af

SHA1
493e08fe77c233423f249f12eb29afc3235ec460

SHA256
41adeeff43d0e8e1974bcfb26323e3ddb4c60edec01dc5880c2a1bd9daedeae9

SHA512
8c3db6ff877ef2b2aa43b60856581647ddfb90afe6cd8c3b22831efff997ecaf3ee10c8b76e711923988ccdbaa49f714e62654ed122ed237439f83bd0ac190d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8af8eef423aaabc67e0d0c0e882a0826

SHA1
c7212be70bbd60b053b37fe461deedd116d0bded

SHA256
cf40a5dd2f3fa4a1ad0459c936b1cdc0596021e3ef22f881ecf80cc6f0f73e2d

SHA512
db745fb13f181a15cc60394bedadf72ad70a714d7c4957594dbc46f41b21580ed3786b59357cf964b192ce0d97be9103f5720ec4f148f37bc8a736fdd6fae933

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB655.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB705.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit