da3825e8f1c6baa8681264b57d03431ec2b1ff414272d440b03eb05b489be6a6

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

5f51bdd99b68d8e06fe26ce9a250cb3c
SHA1

bb5425d904e93d50010cdba8333bfbe1147d9a4c
SHA256

73a7b3fa1fceb5f4de9c20b08b7867118fc42222270dda921d86ee24d229f69b
SHA512

bdd55bc43ad2c6e847642689ea5a1c1d5939dc42b603fe59e7475ee7c2f3fb77bb744f1709d3d15776877aff0a6c668c8dd176eba2ca57e1d271ca45f8b6b5dc
SSDEEP

3072:SFVEd3xk6TbIyfkMY+BES09JXAnyrZalI+YQ:SFAdbFsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430684141"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{62942BC1-6242-11EF-B6EF-E6BAD4272658} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2348	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2348	iexplore.exe
2348	iexplore.exe
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2728	2348	iexplore.exe	31
PID 2348 wrote to memory of 2728	2348	iexplore.exe	31
PID 2348 wrote to memory of 2728	2348	iexplore.exe	31
PID 2348 wrote to memory of 2728	2348	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0daa7a8dbe472350eb399d4a5ae2f564

SHA1
f2d8d1a220443d84f32eef947406ba36c1427161

SHA256
38fb4566f17af5d1e86dd9b1b42c33e2a8b8f48f119be24a12b988b5c202c888

SHA512
370e71f94d81f4fadbf4afed31092fef23499f344fde3c40078433cdb71385871c4fc8d870b834315d376cec6e0fa220dde24934661bdc0795eebd30aefa5186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52eefd4449837aa193649b91c6c7a1b8

SHA1
668bac9482d754ec4f7fe15e0a3f25bae41b9a5c

SHA256
8e10b3c655ee8790238d4ab2f6705441d5020564582ec745abe80be0825cbf6b

SHA512
0fdf9a2872c91140a0be63c3d12227e24aa911c1e2dd47df997ef5c0c5488cb8e8582dcae470b18c64f19545d5caf0a89fa14f673db4e84d839cdae8d272c9c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d11e837fd6116403c89a9ffe3e8c5a07

SHA1
45608be15df085eda61a7c09bead297491cd86bf

SHA256
b8d6bbc87ed6db180094ada93c58d1a32f679ae0f8c9c85c22c9c5e83105d2e4

SHA512
72a45fafc57c4a5b7ebcf8e4b918f65a76f45c854b8509b555f5935f5807bedd5d98505ac8d27c88dd035a799f9752c412ab00db5eb7854a94899aca474d7af4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0b324d85867a31bf064a1e72e857344

SHA1
f14acc1a4cb2a4f818fd10838ed5495dd094d47f

SHA256
334deeb18effc155539a4bfb1672ff7865d9618e3240251986bd1a195e689b86

SHA512
e5de4bd49f7bd4f8adb8d4c6d3a7e463c0dd862ed713d106559487ac5893a1eba0a01974e37f480da3dbbe4dc3a24acb1608f8bbfcdc46fda3ff8d3f4a0b961c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d020f99e50a34723bb07b92a531bd2a

SHA1
5e5b0763cb030a4ce282f2b4940682eb6a0b1b6e

SHA256
6e631c2ac92d677ddd9ffc99739d635994befce5e5be3482184a8378bb95076c

SHA512
25c75489184805333ba1004306f2de2d27451fa2d7f4b9755a94ffefee28d91e53b8efeba6e3fccb08167a71f5b827efca951f006431d57fd4c628e6a8a139cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84df5f2250aeb9d1986838e8b5255a80

SHA1
53d1b573324857efd5198b75056602a7ec904857

SHA256
5ddc216df97429b89d30c0ff0927ab671999eeed63cfdfc1f5e0c4900856a233

SHA512
ac38190496fd2d3f2652ea3f81b211f1682fb7ef61a1d9d7ae162e956a549a917c8ffaa4bfadc3355fd99946a06837e9282eb0dc2fc19fe05514ac30293aac98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd57c9337074c8277bf03a1552353b42

SHA1
35d9fa1c9d6ff012f53c8498b37c33cea591e855

SHA256
e103ecacab60687bc1f6dc55d4bc309f0750b56dfd63dcbb969d333743efee8e

SHA512
300b88e5dc416cd452e45fb4049486a8814823fbb00790dd8e8fa9c172f7facee5f4ab8f3f8a60d411d7a2048a17de7bedb65db35075850d65335faa2679892e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
685f7c0ebf94b3cd9524b27e3b709096

SHA1
49abaf88346cdf13af8b7361c4e236abd3b798b8

SHA256
612c24aef940dfd3c0eabb7de1fb2e6ab99db5e20db6aa16c40f447408046180

SHA512
4cea4c8e57fa093475e40ed6e65b5289507acfdd139d2e82224cbb204bbcb1ff390efb6a6e0b83f549884439d375eb1e9ae5780b47d42d1e6d1ff75ba3f539d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51d5ec72c385a14ffadd7d4a599663c3

SHA1
dd53a4d1b78a66d11661ad7a2e7fa6ff34378c9d

SHA256
8c17d8862ff9b3f372713261d66e58ba4a99f7554de5348e9584fe4a7fa9383f

SHA512
0bebea773d03133d9729d7b3f83b0b8b799faaac52762b3079b08a692417ccd50ba066a59acfed8fc80055febbd9844ccee479cc0e4d9e40fdc86d147678e28f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23f4f8fdf36a0c17f3cc410088609a57

SHA1
9a3723dc5a1eea7d4a2e5ff098fc6bc430513f52

SHA256
6734f32f75106722dd10fe3490147ad84bfdb9e6c610f393ea0e61e0b9451ae5

SHA512
91f4fb9795883c5faa97be4d44dd1c4708e0ef896da233f8e41c07b07b95abbce024aeff321a06aac52de5298968ebd68b1773b06a9c80a79d0c2650151f56ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49f5151ab0ad555229d3301dbef69d1b

SHA1
11cd9fa0245bd5337e8649497668ee5aa7bc1d5f

SHA256
f8e019a86bfc00114b8ae9040180a972597abb3f9c3d41674cfff219daf5a3e7

SHA512
d4d0c279dc8d1370caa0b4b437599e9caa5bffc3a35878a7a91015ebe514976e0484aa791025c33f011158827d48133d60f68335e5e3d42342623601517fb1e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
943c1e1d7ba5d04e5e899b9ac5605530

SHA1
1673c1400d35c11027954c0729cd067810f10703

SHA256
0fd29f49bf356553fe7575923c578d61e1718020ffc7004f3869b6df407e67aa

SHA512
f5035931542a184d8ef28c5dda0efc066c2912e839a98238f431e3aacfa7c8282062455a26ac26062363caf0bd7258b1358de76e82face5a0b6e310d713eec24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6008f21d97ce646e0539ed897415a8bd

SHA1
7a9f79422a4e5783b0f2098184b93f6705369757

SHA256
b16f6bea1b56fb3f5d68e8542f7495781dfbdd4caf310302735c5a2f0919657a

SHA512
4b1f54be73a0c86e2a022f138d10b038ca6e05bbee99474c29f55e30402e9980e5b778e37fdc2bc096a8167969312cd3954ece18453c2d18b1e5d82d5c49e71e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
297b7f1a1eb9f13544ccd6fa8d082f8a

SHA1
39c5ceabdd29ab99e54c1fe584472573dd676d5e

SHA256
c82b16a4eabac138b86301570444119a82ec9186269714d64369fc0e2c8c4cd3

SHA512
df1e8be432bc4ba579264adf3369361a74a293bc0739706959efe8b6dea34ff174d07610dca999e263a282acb1347dd50bdb7247df9d57ff968861c8a6171ef9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82d4ed14c2eb23bee0e5774278a180bc

SHA1
0328ad802846c1ceff651f1810513dea7ffffaad

SHA256
4564cea3881980cce701538c2ec593f856b6d63e3999ab8a35d2e13973d176a6

SHA512
5db15af2b069570352f1b46b84208c81830f5c1458276666a0226dc6a130486bb1f76a997aad583d85a962bd9dacf0650923b1a5b0a3cdcb8716a96f780869ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6217c073b4b797e0c086748e88d27c9

SHA1
cb36bd0e8aed44a2c64a15b1285a65605e3c0724

SHA256
b4e1bec48ac6dcff4587828a4f69afe2f2cadb2b13178f8abd3b7d8d4438bea1

SHA512
593dbf577c8ff5b925d29ee56a7f274840f8029a3f10dae5a2cd94d898646673c205f286c988a88da3a1776dd2468264610efef6a58f04ce5e96f9cf2ca24fc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4895c092b4ca3e2f76997661cc0eab9e

SHA1
5658d8bc6fb990f317c3cf5f7c20d15583fd8e6f

SHA256
eff641a67433b551a42ebd75882d6c0c9f45c17d8df2d9d03ced84cafe3a92b0

SHA512
8b9e109a8cd7217808aefb0b477215bd9e4ae1a0c36599bb8addcae63f253450c6f51b63b423e44ac8961842ed41144d938b203048067b39998bfcc458ca8535

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0c9ba5b76a9fac3f6ede0280bbbbf66

SHA1
a20c8a24da433b8edb0bf9739e96d96c32a9967b

SHA256
f0dd89844b335fe779eca292f76fe1a5237b7b56e88e764a12a3326c70837c56

SHA512
f60bf8ea7001a7a2b9f9092c47f46967368078faa414f32915f220f0a80ea0e5ed443eee1bb65740b636d0222732742aac256f14e100a8cf30e4c6e397308d62

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF519.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF59A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit