87e7bcc30975e9f77a5a033610ac6e4449efb23a907532d6a56bdd5a78900669

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

307f8d424f0d2a5ac55a86bd3b9ea28d
SHA1

b9b18ced91bb5b08977c4bd93e08bb318af95046
SHA256

db2c0dbb50b49066d26732a036412af4632b4fa5dd931d9c03067ec5b755840f
SHA512

5ab10bf21b3b5864bbcc618dde014524e82a4f287b420df26f87e925b419c41d45ca9037c973af46bb26eda67d7c070150883f769fa8fec1a1ccb5da74f0590a
SSDEEP

3072:SVJRNZEDIFTyfkMY+BES09JXAnyrZalI+YQ:SVHR2sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2043441-623E-11EF-8420-FA57F1690589} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430682610"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2064	iexplore.exe
2064	iexplore.exe
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2052	2064	iexplore.exe	30
PID 2064 wrote to memory of 2052	2064	iexplore.exe	30
PID 2064 wrote to memory of 2052	2064	iexplore.exe	30
PID 2064 wrote to memory of 2052	2064	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
cab36eb26e24cf8d9c09aa0b7ff5b662

SHA1
c2cc84552be8c38ff2db4e53813c236606f0facf

SHA256
ddb5a6cf6551c0c46397aeccab69b3b1a1dd1bf7c06e4bed456b8961e9493df0

SHA512
35edbaa0141c3795458f860991c10b3636c8f0a126cd79dd85543262825e2418bc32b00e41d67b839d0ef633327cb971fee35b1a7ee23afc445cbcd406ac9ad3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
287ffe16cff5f3ace36c47dc95919ad4

SHA1
0895107448e82e9395a3566e2b26c383543123c5

SHA256
79e5b7d6044c107d3bd95d67dd612f503f9359438bf35642a0e3f81510e602d2

SHA512
da5995d5610f58095cca63060e411175d64d310d1502113f50db39574f70d014cb3db6af8c56bc6e54096bed7be39a342faea5bf3adb7f8104fe56ba77ce9936

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
75ef3a176095062b5b47fc6f1cc7a74c

SHA1
fc1c5196de94dba185b63aa1b2859ea278b841da

SHA256
b351835ec47e7886a520e6dc3bff21dfaafb3620ebc5d1e5bf8efab631700439

SHA512
d70268656cf772fcaefed790c456f208ae68dfd7893216754f2baae8083f30daee391f76094256db142465a867c5663f760a4eaa0a19e3c14a5161c4d4a682c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b7d477c0170c2d64d09e8be8ea382ba8

SHA1
5036f006006f818617f012b70cf34a02b77e73db

SHA256
112ab014b578f0f68f9e28ef2a84eaf06c45ceb99149182be0a8fb65aff60578

SHA512
eac753d6fcd96da7476fa73af83e1fc5c4550ff29992c5f5f6ed802a740d099f188339a0452a64b642ca5d8dcfd329db3fa82acd3803fc0d8477d6be6eaa39c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3f6848e5f81952945874d1f15b39e522

SHA1
cd0cc2dbbc431978e3f43c98c504c80da44cbd1e

SHA256
86fcf14815144c0eb68e1f07a197099ad9b6774501e4f553e38977c47579ad69

SHA512
72d0c2338433eb71c3c5c35eb0b406f8b72052881e7464113a585cd1d1c794f333794365a87e61926655720a87885ab7cde613c4ea27c0de4e57c04f06a2f62b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3521342733ac14d800019e1e44c27eb3

SHA1
b2bca4570f7c1c1857c3a3168ce8d2171c8dbbb1

SHA256
2a2070e866d1ddfd1eacb80d5fb5423fbfe18a9a3da70d4b208fb8cc423471d2

SHA512
e0a44d978fe01eebfb6888cab8977bf9600ba5ce3179803dfea2b05ca9620487e9d70919e1a8e9648352aa085791f022bddab37220e1a4a5a62036fcb823dbde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
920638fade5a0bb1dd83ee89f6eb1f93

SHA1
6b3dbf6d3cd16a9a0d9b0d3e597a3570298762dc

SHA256
6f3d5bcc5ef5a84f703cbc11c40f901eed21e1b96a27eed17a6c0210f5c4b625

SHA512
bde52242fbf3db0a31bb4b2da0302cc6a3cbc90a76154ef67a4fa7ceeb9dbadefe633bda4334c31f16cef749906f795a4ef37a87ee74fe887c9cdc3eb988d649

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1537ca9ca0bcb48d1e19a16d7626fae9

SHA1
ffcfe7cb366b4efab3a7655532b58e7c2f00127a

SHA256
3af5a83e6c5fe1acd39be35f12c1005592e02bde905bdb65b23ac5d3ef0fe7f3

SHA512
404516670332c523e218e4a6410da03e6c0392b8917a5dfaf215738766fbdb2f915b265a9cc75d30df3122f3941f6f9a803baf49b7ce297c24be1ea6545f8564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
117a852ccb453e78054a6d9e8c31b8f7

SHA1
c205d75fa9e3c36bae5af3fd2b9a72457a7c3166

SHA256
df71e141a9ddbc5d4bfd2bb65abd7c57b2de5a7494b9e1f0e22365df5da8791b

SHA512
0cccbdd8a2fbd8fd74e3f51054c64da3c2ad7e9179bff2fcacf38a7bae9e44fd97902e4365af7f5ce6dc85d2550d49e053d83b7cd2a99b8c6f51cfb4e8563893

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6efee2d677ad7c9bf3f7b3af4bb49a28

SHA1
4b374b1e68f9ba4cf5a5f6b80134802feb80ddae

SHA256
25041772dbf1890aa5a771c90509b588a09e34083b44be8216e732569c3ac282

SHA512
527be5330cb3d58d913d782763fca5f7170dfec0138cfe9c39ecc98c80ad70a67af58f0549211129f3737fed3383230ff64245bbcc38c718f8b9182426f08a09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b752be7a3dbbbcba5fef94b4198eadc4

SHA1
986cfb13a33393aa9b1708ce313e83cfff087143

SHA256
c2d45c2be6b240529ff5ba52f6534ba1f0c20a83856522b443e78c7a13e135ae

SHA512
822aacdcce57e81175f0b4392b8667ee2ad3d6f7f6778db85bb2dd0b951dce0ef54a5284c045d2e0228fd02d8cf30498d3256d0c0e6bb6fd46325fbe4ba9728f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c9f62bf20e81a4f7986108c4c95b438d

SHA1
35ee6fcf61837c9330f63da019afb6703d529912

SHA256
c96f1101a17ab7cd6bc7ba43ab83ff83eeb2e8bca7663fcbddeefd6e4d2b9cfc

SHA512
a7eecd3a3233fbe8a83fbc564040fa0b35ad5ea397c099eb483fac9531aa1964cb4ae9533a4083478cb365ab239a3812392453d0c97b82bc7102fcaf0a9b537c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
90caae2a2a4c363d75cbfb81b912cd90

SHA1
4afb670bb07f84b8453bac0ac0c7478a34dd441d

SHA256
8a185bb5c86a2858b4a83ac0951f3d6ac56deecb77013691ebd1f5f624fb9945

SHA512
07624a0ee3eccd17835ee9d9ffaa044863122cc02f37d755ed70b81930595abe196d62344fff32685af1379abaa84343bcbcc13d4b4ba67bf401304f944dcd29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5f0bfc6bc7411099c8febd0f0c68232e

SHA1
f184a79963e14a529bfbf54297d04a7a2c8d566b

SHA256
0f68fcf5f198231f6baf5c5b2adc9ba2443e2b315a08d4066796a12bdb148cf2

SHA512
323a50632f87136f19db3baab922bf98242f1263cb1df6e24c8962d5626617207e8375d047602439ddb83835a57aaf2937744f346217ab7a7921fb63c6a75d70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
efaa4accdd43881e1ff5d45e935c2c9c

SHA1
6ff1a3e6f81c37d4cfd609effd2cd4e2fd377af0

SHA256
1257d58de85caaf5d38bbd7c65a2200cbe6af66497b404391e1b992557002621

SHA512
0513ee3211a1f0fe9c4e0a609b913db42b8d6677e674ecf5a2d74f50fdde5f176b3893174fd970dcf9bf16989d58bc54ffb8dc6e62e50961475e1fec1c36b7eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3e1b392e7709e6216b3f56fb30b4c19c

SHA1
7af54bafc0ebbadb5cb7b10549a3370918f02e77

SHA256
2ccb053be5c8164ff7d7e6ecad7ba13dc32189c5804c9c7d435faa6469158090

SHA512
f1b6aaa3bc8c29c7319e0bd64ba94ad5b4e972fc82e2faaf875e37141654aa5db9c48171c0a81449061e3f6a7dc185ff71b8d073411094d4f1d99ca93b6281a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
99c24bd0371de8e6f069b072584fc663

SHA1
ea1c91ebf010b4d389d8bafcd282997e95dee8ce

SHA256
c55e4849e66e083db8d2a2427c01cbecaa154b6c48cb6f4332dd53b71c3115e1

SHA512
ea995087b28ee596e14cda8843ab52ae90b584a23861380c1eb9f0d6dbd1a67a01015a6c4d49ff0bf32105ded20fa2d98467a4b87a83368e9f7108f8c3b0fb15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9ffd66bf19e9e29adcc101d90f5e6fd3

SHA1
f2495a834e6f34f8210173d26e16dd68ec55d6d6

SHA256
96be81a4fe0ed50b5ad259d82a4966b0aac550a97f00e6aacb70164c891cdcea

SHA512
1589450bdea030ec9636630730571bbfbed89a5d38dc0d63e901cf69fb37430c5b272c80e87ae37806e5669ddf14a20650f3945d049eff26cbccdb375344a526

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
79507d4c0c980699fa104df0ab2ef00d

SHA1
4fff0077ea5ba27e4f7b339f2549ea12b7ab7387

SHA256
50d1848ccd85c82b141c0a31ecb20a5a2814640632f3ef4f5c7e1365a5cb4f19

SHA512
c5e77b1d5b1630fa9319a3c2f1680dea43cc7084d448e188bab3549c968f6d1caa65ff71549d7cedde1d6d382d99fa1a5deefe506cb8ad964d627274a71cc372

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9ABA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9B89.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit