290b72e22b59bfc8adc83cbf87785e555cf7b0e3495698fdd1508d8a7cf960a9

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/08/2024, 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

3KB
MD5

73d4d096ec33862244559cda803bcd2f
SHA1

bd86d9cf9a976cc3462fdaff706cce023d0024d1
SHA256

290b72e22b59bfc8adc83cbf87785e555cf7b0e3495698fdd1508d8a7cf960a9
SHA512

c8a6eaad4e7e10bb130881db47d6acd97e37b0adbd7c72f3dcc8353dbe05c688988451036cf6738c0b6b86ff6ea1ff52fa43189948a735965544c5f35702725c

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BDD09E91-5560-11EF-A251-667598992E52} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2776	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2776	iexplore.exe
2776	iexplore.exe
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2228	2776	iexplore.exe	30
PID 2776 wrote to memory of 2228	2776	iexplore.exe	30
PID 2776 wrote to memory of 2228	2776	iexplore.exe	30
PID 2776 wrote to memory of 2228	2776	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
ee765d9bd6e379013344c37b12034cf2

SHA1
018eca2069d112ede5db40e485e79b22be39c163

SHA256
b0fe29f83424834bc5c698c185f4daf1cfb2ab94c51f396d3900c7330b61acca

SHA512
2c9509be963d4feef6067e8228dcde87ccac3266152dc62fbbfa39fbfe7d79b99ce553b192ac25390effc1465d0cbd1699855801a2dfe0e9696ef566fe5ec055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
367a9f0b2d218b9bafaee668c6b736c8

SHA1
e7f03df53c8e567b5b11f5f7dba2a00023c103ff

SHA256
df5ec8f810a26442bb0bc747303ec54e9d799ad3ac8e49f38cd7f72fad77f370

SHA512
a1a36625371427da7b17c73a3cd8811e3e566d0dda7051b26dfeae54801cbdc8b8a9974ff130218e6e093ea8c560bc2051dc07ab5e3879fcab6bc5ca79ccd2fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58364142825332c4c0926534cbbec886

SHA1
057d6ac84db5cc6b34b838c276047719b2b6369a

SHA256
dc0d60049ffb4cc33d933a78537f31e23ab6c213b6aeedab8161169d67def17d

SHA512
bebc38cedaacdbb1118010ba745701a626556fbe2a48adf87e58705ca84e5c10324d2f1f2bd2449be5c486e1f00ecdd6b22509a6ce685e511fa6776774fb547d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ded0f12c3c48ae8dc6b4982032e64532

SHA1
b1769de76384d5282b2cfa2c83288362f6c68b3f

SHA256
19a319b60facd48f00ae48ecbba6b8264e50ae6227406df2a8142b0be6851871

SHA512
f004e841fc98e40206fca6dd7d62d2d3deab0ab829a0ffd585333ff3fa216b3226688723bfc0312c1a5eda98954c2f8a377d586c687ad5c68fb04e3d9d72041f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
221000750206c48b2c696547295c2a3d

SHA1
bd3f60366feaba3fe98dc7ca79546a5d66b465c2

SHA256
415fed31ec7eb9651c561c1d766a554cf088c32774690db917ea253c8599680a

SHA512
f2028bf8dbdeb687dd7e936a743102d1d446a542660ace464f87d0372b87c99bda88743febd5ef06f42d3edacc7b298cc26eca4073fb25d6121be92710269b95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d673fead96c336b19366b79c0b567d97

SHA1
8edac5027a0eace99db15adfba289703b8425b34

SHA256
184661bb7feb0089af534dd9db5ff5c909f955e7c0a40ca6c99a48119b163e95

SHA512
855624374e3ac7a23a662a6bff9f329208bbfd624c9a147ac7e9e94e80e173e4fa58291fffe77be864ffc702609b5e1f96e01ba57aef6cb2be4b3d48287c4dc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f06d24e87c2e084ad91b4c1ff6b31372

SHA1
160ec7c3caea273951423e31024e8246b7eb4148

SHA256
1d8d99569624055e56eb8829e1595fe0fe7404a7b81f90cf40199afc78c4f272

SHA512
7b9410ddb227586dc9891c334c8814aab363885cdda0b1e9aec40d6f433b7fb3b4e0aa128c7ed8572f8f4b1e2aea565df15ff021e567946788c4b3ab446d1be6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5eb923477984185b8383ccabe75fec3

SHA1
3a5818e17fcce67195aa67fd0d0b1e660c7606cd

SHA256
874e35fd72f9ca96e6a178b5570655a0e44d894ab274b3e2e683807e74f961bd

SHA512
1052d95f52094734bc0dca8ed4a375f0ee6e1d2d0d3d07eedfb248491e32ca3376e801fc270058fefea29e6832c69a82b9155a3e21e243fe8bcbb069412649a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ad0147093d0effc10adbf1493407af8

SHA1
939bf14e1ba4ff9bc3a9b708ccfd31f3fae1edeb

SHA256
59cc23abc90217fc4c01f98f56209e1e9904a4c17b79f0c2f07c45ef85d8cacf

SHA512
98d71ac0b1fa50e4bdc763f31b04fdab59e149e55afa2915d825b84a6a9a136acf87e7bd7cdd3ca4a7bd310eedf12676b3b5e7fb2b2a0ce42eeb5823566217da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5ad8ba93c6d0a5303b1d17fa2cf6db9

SHA1
6c09a94c1379dfd335f32fb34bbfb17750bc8856

SHA256
709d1068ebf1f1cd9bbb7a104fbd97d80fcbd2d61821b741995b3287f48d96e8

SHA512
a9e7925a812968ec7d72ffc27ecba90ed7f560cc7515d565b81f7519f482ae53b3e9421263bcebf7b298174daf05416087d1b5e270c4f7c6e20ec9f7e0044c55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fe2da02b79bc5c0f595ab888a19807f

SHA1
9974e83040d04db1a4dd037d3b98eec672b494b7

SHA256
b92576ac1499197002a718b43f55c0fc8b1180d172d56f99c089fb033a499ba5

SHA512
5e2ed9f01210d1d476e415b19414e2ddc814fddf90eef66d6733b3181b518c1b5d0a324baecbb93511d1646212ee615221e82328cf7a0306fd54665cddca04a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19997db66296117bdb94bc028d8e3271

SHA1
9fd0a5c3e3c706de17edca7ac7aa3ef76a79e6ca

SHA256
dadb55717267ff3c6f6bcbb9d5085ad2023b8f52b05c75062cf6f8cf440ce06d

SHA512
cfb8574a0c59f67dec53f711e2309243081efa086bb8bb7ac3202bf81a50740a02e2dbfdbda886aac4c024577b38ade960fd6782341450caf6524a644c36a00d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
469dd66a5a192dcd177e4dae0b0e92d5

SHA1
313bf4c52c55ab8827c9bf0168cd7b41f43f6cdf

SHA256
100e0f31784db64d93feb3e3f706747f31c2da84390dbe38059669b9bafa6830

SHA512
b01c3d94a6bfa9d76df64071e4b070e385cbec29ac7de05e8be8213af1b695eb1bab7773df6a13041ff7eba03b1319aeeba318d7c009c76690050229a8ef602d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30c577ea069728e34b90db10a045eb0b

SHA1
847ad68222621a9bc1d53321fd0f1bafe2263de3

SHA256
b1a8bb6e2ffe60e9a00db4f7649dd5d6dfbb9fe8f7c09b210d86bfd7d0da5878

SHA512
7318d537fb919e79a85d0739fbf0312495971d85466182ff5352e9147464190077c50e734cc36f63ee0acb1d052a42d7333cacfbcad773475575b2ebf8f2f82a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68ed04b87d77821552346996ccad7ac1

SHA1
2cd4963dbde0c70db3825136e5081aff484c85dd

SHA256
76e7ff4b58cd3b6bd670711f078ba59d71c5dda57b2cc7a6ee2cb823db97fb40

SHA512
bf3e7b69bcddd6f09ceccc95151c6e14907361224f7572693b379732fa66a5cf59fa83af7183f7a735b6b4a4624fdcb0a73db13f42d74da23e67053010ed673b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBA6B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBB49.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit