4029bcbc85b8c0f9a3bc94d346dc8588763ea17613170088a3c33795a6c07557

Analysis

max time kernel
137s
max time network
141s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

51ce1e5ff8a6d73a22fe1ca65e0fa935
SHA1

2f7cba20f6e8fc21c9b4a049971bf0b857ad980c
SHA256

0362036f74fbeb27d0229bfeb93a3feece2e5678e31bbd6fa474be7549b8444d
SHA512

2d3fcc748ab5e16951804d2259ccacfae7ec98c8c9cb9d38be95b141c0bbb0b6d9f87429e4ca7b6c8fe2d78e0c1a6cabb5ddbe50fe86c0b58e21f4d61dbbf013
SSDEEP

3072:Sa3Fhd0cffZpyfkMY+BES09JXAnyrZalI+YQ:S+GgMsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27008361-621F-11EF-9629-7667FF076EE4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430669012"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2220	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2220	iexplore.exe
2220	iexplore.exe
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2264	2220	iexplore.exe	30
PID 2220 wrote to memory of 2264	2220	iexplore.exe	30
PID 2220 wrote to memory of 2264	2220	iexplore.exe	30
PID 2220 wrote to memory of 2264	2220	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d15a307735f54ab6eacdb2be74cf12e

SHA1
ee024d93ba3703b7a775fce349361dc72671ed6c

SHA256
07b2a76c83264a1c8f9421917a036a1d77d349ac13052643ec7b166c6bde12b8

SHA512
d100a5e9fb7a8afc5c0150824025647490c78bdc9e503e153721cea9bf39a975d2988e4b07c9e5e46ec5e4b2f529d4408a34c35b33046b8ec54f940a27171a14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1e3f71be182bed7e94ca94079f520c1

SHA1
d7c7e7fbc791049e3bfa3b99ec87b2205a56a6ed

SHA256
46e77e165b9c8adb4d8a0784107d8ad5c0113a7536e1db3995aa9f2417098ff2

SHA512
73c4123742b94ec6d3a94d132d345beb8cf1128fa1d226ecfb3df0a88624867120aed9247fc506630a4ef20eb484c5e3b6fcf46e2ba7e106fee446b332f781aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0902d99075bd2822d5674fb997e47caf

SHA1
9e7818827f06ec7de328499efe321dd9c3a74340

SHA256
0b155fcc6b70ca0252f10bd6bc47566450706818520be4f3fb6ee95aac04f9b6

SHA512
6cc3c256d71e3230664437a13af587304c64ca6224d2cbaedbf677c803ebebc8980ffc692aacac2b77b5a6be3b70a26f7af94e17e6d81a29624513a7b5e67fc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36e9d14e7dde7697226b17f2a1b5fc85

SHA1
7205f4b7522b01aa3cf6d12cecae02cbc0a07bd2

SHA256
8470f94afe6e611a0df5a76df8cc02dd5f728d7c5b525d0c04b9a92a94542d81

SHA512
beb439f5d7239345790458470aa5bb9b10566e78a6d5e96729b3196ba936f4f19ef8a712568d1013b577ee3752755f37e87247e128a769b74c371f2f134bca16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff79a6585873e1f56fb878ab71b4238f

SHA1
df3f6f68fadae141d6573b330b3ac9a8190e57b6

SHA256
3bf4e1a805d604e14271e68a3b492c7d825a78e0e612bad6591b2d04b5652b3d

SHA512
0bb9996af8ffe2fc2be3e743078c521e88ab5e0ff9e7509ca75e6dc774856c4c29ead8dd244bff16c82d0bc7fe518528007cd1d45fc6176c2623ce3689a39444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1151db037e6b6337af50df0372da563

SHA1
007d9f53927dc87cb1ebf994da7edfa1a77ebdad

SHA256
1b5f0f7385171ffdbeb3a0fb221cdc95f558e99e97f7a8423be8c206fa1c1574

SHA512
1f1d9695672039c90c8a128cdc5aee3c7d418200cc3bfd5411b9b49a1e7162dc64a709c99e0b5e4f41b7c10e09d78783b0cb8166433a79eed8f05b895834a773

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3456a96bc7931b0c6da6fa1124cde25e

SHA1
ad390b2c6fe6244c96abb31b9e2c3762ceffa095

SHA256
b7345616ae1cd3261737668784915f74a830e201a1ea9e5a798f435486f1a825

SHA512
db91979114191673cd517bcdd93e667c4f0b49ee917fa0cd9c8f683502b74519ba53c040173e80e2b6e102b0c856f682e8b5124621c329c66cb810fe544b134c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9f8c9d7708bb67a0670e78f7088f872

SHA1
99a6ae5c7c8edf71fb237973499883f468ce02a0

SHA256
402c9dccd5de4760e81412d4ae679c718b5235935013002add6b21744a53a0e3

SHA512
a52aca406bdde8642c460ee8ddfa28b717563f2fd37618d5e582461fb06d7be0953e8b7aa6019308c746cec7e2bb311890a6a3396308c7947dc1c60801bb115b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f7b2098d0e7b590a5b54a4a99ae3da5

SHA1
4666e178354f37ca7995699e011222a04700c1e1

SHA256
2e5823108edaa8df26735917ee392b8417362223dca732a49a292b9d9a33bffd

SHA512
aa39e82ec32c197503e7f87a65e6f9da15a00a1bd3170b91531d149b3f2b5677a765d033959c69d6d5dfb0ee13be6c8bb168348eb9342433b3568877cb85ad93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8a55738d664255feea48c2657c68c5a

SHA1
56b923adf346880e06b72bb1d6ddb0f5fb7212cd

SHA256
cc38ec8f6237cf9ab1a12a2a7ba8237fcea69a9199af7e1bbc4d9a3c8f5e0adf

SHA512
8e18f0079b1c0a8da6b7382c3dd1ea3fd9ae02f3f3c9ba8162773d0274b6d94a449884c5eca39e967432fc1e92cf990829bad882992c05391c4ea85c00586bd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
579661512e8904d8d1ef487bbd289a7d

SHA1
9b28f711cdd54bac4fa1e5812e72e4e1f6442fb6

SHA256
b4638dd635abd68c71cc91c82610fb300d90a76cf72e23b1c6d1d49df56aa2fe

SHA512
05f66f4c0d184287395b78af073fa363d5335ae6ce08591d092b7bf71e5adc37524f8588db4314b2c9796ec71886529a1b5046d6a1f61c73e9da4511007b40f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c166d07e406c5b60349401c17b433dd2

SHA1
afd30791a96b2fda8016e718059c54a8342b89ea

SHA256
8b6c6c3dafb0d6b72ca06b0c4eb65584d259b2b89f8931572688566e680afa89

SHA512
de8a1f9185cf547490c2fd833b9a59c957fa47fe9c7e4f20103d37d6373ac7836b3fdfae6edfa2b281e1ab991ab711804830841339880ba3d5c16c926f247169

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0412295ffdc6a9aba70c79e1bfc9565e

SHA1
1f01d840137cb68f91bff0dcbf4cdc73ff471bab

SHA256
fe799df5a3c7cd74684306c450b497c1015f671b8ac1b4d8505902ec95d5b2f0

SHA512
a199f93352f0563b134cc9beaf8c1d48ac20939eeb1868521437af0203075d2189a2e64788538f4270afdd15f40afd1fe17681f37b2122b9e5614c33a20ae403

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90cd088556b0af50c6bb39886cbe8df1

SHA1
26cd4be19f78ea0e59448a95f7b0686a9c50fdc5

SHA256
17a373a76045d3c2c832cef24db0cd1ff72e25c9765c8378ad502c7e4be39311

SHA512
94deefe3a4b6dac7bff677b7ca8beea078928b1eec8281b19945b6ade15e65b7ca94e923e20ed98108623b17f29224ad9d88b8f2bd0fb9ea8a395d376e446fee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa18330d5bb4a08449ec9563665680fc

SHA1
75c053d859a0e057ac333cd087f9554fb1ecef47

SHA256
8c3da718e86fe7cb9b4caf9188ede96f7a99fcf115b2d5e5f804cb9b8a42721c

SHA512
fa089dc1d5004c6d32e936e60f9b247e4d3cee325bff211bf870b477f14a78a6ccd229793be6d9c295f8901d4b4172f0167e4819f0fdc53269d5be17f83e9f74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3521480a905fb3cf0a0fb694342c3fa

SHA1
6da678a9ff1da56e459b34a856d7b0bfcae88197

SHA256
4dafbada88042bc8da6ce900a0a64295ac49994da292fd744d380fdd04291023

SHA512
7b5c4e7b756d07a19470f88432efa8ef7335f2f4fd393a5154960b55eecd1b79f94f285e8688292a40b8a11d56c5d06dfe98d0f38caf5871b62fb122577e0d11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c7290689dbc508d3ec51e018ff48c93

SHA1
9a02705f6b951981665c5c3b40e37654a2f62821

SHA256
bc7baa3a422821923f71f22e035d4124b7219d1795460e0e26266a7165e95278

SHA512
d88e8537ba23b9c527bdb5a38720be83aa51e795f604ea0e50eea7ba2ba16d7e8e2253e53ddbdf195a7409fa1382953036f49f405125a767009492472580f727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
736a779a0edd6606dc15e431da39f9f5

SHA1
f3bcc0d79621d076c15a6eddc5a8d95eb7c7db60

SHA256
4ffd01c529ca36ba336d09a8a9be668a405c788bf4a3eb5b444a7aa22a046410

SHA512
6ee0b561e1f8f1eb8768f019e5694b4fbda15cab18fc2a15de42f46521e290704861a15ad67a1e318d9e36190f9fd689c538de76aa2b6d62a152bb905781ddd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab235B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar244A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit