32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PaFRXh6fDu4UDCXB8RrCMW2uvSIr3RWnUfxVvUHC.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E63235C1-5A4B-11EF-9AB6-F6C828CC4EA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1820 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1820 iexplore.exe
1820 iexplore.exe
536 IEXPLORE.EXE
536 IEXPLORE.EXE
536 IEXPLORE.EXE
536 IEXPLORE.EXE

pid	process
1820	iexplore.exe

pid	process
1820	iexplore.exe
1820	iexplore.exe
536	IEXPLORE.EXE
536	IEXPLORE.EXE
536	IEXPLORE.EXE
536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1820 wrote to memory of 536	1820	iexplore.exe	IEXPLORE.EXE
PID 1820 wrote to memory of 536	1820	iexplore.exe	IEXPLORE.EXE
PID 1820 wrote to memory of 536	1820	iexplore.exe	IEXPLORE.EXE
PID 1820 wrote to memory of 536	1820	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PaFRXh6fDu4UDCXB8RrCMW2uvSIr3RWnUfxVvUHC.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1820

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:536

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
3c79716d5fe8d5b7fe2bb1dd1216d9dc

SHA1
ae827c98942ac1d8e17c1cb99814f94e3d7c0785

SHA256
bc18da397ff062cac64876724779c49141734a6bb21affd97ecd1e3241b286fd

SHA512
da669eda68bea4003b64b8e7dd53c354d9754c3b5a7dc89533259827fce319dd0f1ab9145bed4232181b41e474cc18bc38e4b038f70420af0093b4d453261f7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
9ae786dd4feb8cfce484edc9beb89e1e

SHA1
e8810e730aa5e5db968bca9bd5a8d736b04bff6c

SHA256
f1ead2a41ceee5ffdd94a16c0ed9b5b62fc13f38c1dd48a9ddd570315e4c8f95

SHA512
2c4e14d25491f42362a4694e1838b1ae9fcc0875fbcac9a755f4b25c4fe81af2a0dcc6c43f5e22e0f2a8b55049920dfa998a7be47d3b94b5ff3fde8bbff2d8f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
d9cf83a528bbebf357407500ef5eaed9

SHA1
0a159e5cbed47736298c7aad6ae67b934eeb5668

SHA256
3bab2b1d5d5893c21d23abb0dca87be0878c99a7320e924fc0954fe141ec5ec4

SHA512
5782d13f124db8555229c11c92d5dd8a71ae9bee0173f0c6ffe9cb2435d23963d8f4715de76ac0269f38b2a7465a50672c5c4f09c748900929ec2e00cafa3fd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
a9afebae5f098e5336ba64d43f5a688d

SHA1
be6579121add79501b2e1c0e0c027c6222b4e545

SHA256
e49f6bc8079811723379b0b20f73079be7cdb75ba172cb06a2c420fad5786541

SHA512
6a66d45d8e2258aa54759c81adbac3969ddc24c76e454f542489d9c05b7aa94f83c636f80f7af88f94bddce3277b219cb86266d517462d82f24a42a5ad2f2d1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
67d7c1936395142b1c2748479602f8e4

SHA1
b272c4f52f5987f66bab33b06442f97acdfcabf3

SHA256
f0d7327426bddb7cc1c8f353a386783ee9cd79b18155e7fcaf96be3d9dcf6c71

SHA512
f54d359b7c60c390fdd6e5e6b76dcf7f0e2e52f152adbf080ae94d9f6bb85d039351f64382f353bf0341f389502e2ebdd29aedc8237297bcf10e7a148d815fa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
ad7e8d35def8ca4774a1b572089212f0

SHA1
27bc5d8f8a3563f6bcaf1d3288fd3296fbf10a99

SHA256
880530aeb19bcaf2549c6c7bf503cc44f1beb38282e8481c66750323695c621d

SHA512
24cc869506d29b3564a1d49fd19bcfc235fa6da20d2ca1a31964aa19c841fdf43be31a32d1d8100243002b2f4e6687900bf24f35baf4e364c507399cad0d5d7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
1681cf67dabbf816970b1049c4838128

SHA1
f914ac8fa0ed0b676f36dfebd31a2b8831495b6f

SHA256
480cbccb9fc07a0f9dbb6287abb53c1d162b81ffc87f9ab923434398dee8dff8

SHA512
881ddb4b515759a9501248a965d509e2d22d2f913c7eef2b34f322048190310e144e233aa97b62616c7ef5ae54561d3aafc5af0b092a3ae71bb8bb1b7b310880

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
267fed40d42403245271b5f1390a8818

SHA1
0829efd1fa3296dd3b249983eb69df9391618f4f

SHA256
f5f6f6ff771ad39105d1b2faa7ef97bd084e201e8d2fb3a300d4827b53ada96b

SHA512
23195c5e299e0c1338291d5895445dabb355cc8ee2da5ca1cae57c68a0b3d96eee6201a16fd996e57d455c81d7c111aec0bb6a58012f051675505d77fed52227

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
c7be31e0cf344119dcc56a4f2646a5d5

SHA1
20f83bb1431705090874d0f09628423450fb5ac3

SHA256
eda1c9a80e8c7ef279dc2dcaddbdedebacf8d91bf0587896ebfe0bf6f9bd206a

SHA512
332f0c10fb553f6ff7d17384d4bbaf6d506ec5ef64c2c6762a247079e05e740567d124eb341e68f26501015a8221b24cbc18da930a6d18c75151f782c0fd9bc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDDC5.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDE73.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit