Analysis
-
max time kernel
137s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 07:05
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240802-en
General
-
Target
sample.html
-
Size
218KB
-
MD5
990f789724f223016f199e88551ab96d
-
SHA1
818e1a2cd36986c364c711ca4b2e2fcb87275206
-
SHA256
9b0183e199d76b00519b2898e4738777822f3ec1c3b1b78f1bc9cf5daba44dee
-
SHA512
112017b08f1cb91c81d342fc66faece69112537322b65bf59762e162a482a40a250ca590f73a18de2e8d47c28a5d0a58792eb9e012b50c93758f73e8ec1db0a0
-
SSDEEP
3072:S0GS3h58eibTyfkMY+BES09JXAnyrZalI+YQ:SPSx5Wb2sMYod+X3oI+YQ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430731410" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c920000000002000000000010660000000100002000000099b350a270ec23e83b161c119d8cdb0252d7012ee5050588aab6d0750cf5f285000000000e80000000020000200000000cb7b5b170f52fd712a78576b87daabab0bcfef95969b1f2c61fdc0a4e822d6b90000000acca33cadbf66cdb7e1a7befdf15ab4fbe90ea4744e267b8c5bc2fad31d96e5a1b46cac405728143dfa8a07c10f10ca848dc5cddc213865197607ae01e0699a468d8c1f948f7da44a614ecc50244d0964372285fd52bb2a0fa22249db8ac8cb5a7dc8481f700159bef4409953aa41344c9748e19b9df6dfb65dafe275259566c90cc0dd88959ad9a79683bd0e22e63fc40000000cfb7b54d20a9385ae7d71824704749fd7a978d45babfe14ecc2e9c0aaa0da9cd063c3c8eed2b9bed98827016b352612943e13965bef26b1c2050876bab4bd5d1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{70864AB1-62B0-11EF-B75B-4298DBAE743E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000b2a9f0f170fc3a8ebb58eadc1fdb6551872eebee7f0618981dd77234f87af205000000000e800000000200002000000075c28c8109f61f48756e064ed7f7025ef25cb5afab6ed9f6d75eb30e083582242000000014a0c7fbe3d62a717b290021abd67a2b0715cd541926a2f3b4c406537c1d00704000000006fadb05cd17fb492e28c1daae9219628c7c2078a529038add6436677dbf442b1dc1612af946e2657ac5897cb25b3d9dd415ba679aa96fd713b5ee05cc5ec2b5 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10d27b84bdf6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1368 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1368 iexplore.exe 1368 iexplore.exe 2696 IEXPLORE.EXE 2696 IEXPLORE.EXE 2696 IEXPLORE.EXE 2696 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1368 wrote to memory of 2696 1368 iexplore.exe 30 PID 1368 wrote to memory of 2696 1368 iexplore.exe 30 PID 1368 wrote to memory of 2696 1368 iexplore.exe 30 PID 1368 wrote to memory of 2696 1368 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2696
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51874e6bd9ce571a5fbfc3011ceb2aaf0
SHA1b4eac2b3320614dd3058b41dbdca9ee9734893d6
SHA25669b4cfe1410b3169023e2ad0f0e16d0f6675ea257ade7a55cbd0be72073ee121
SHA512f3acda2ff5c1835181ee311c630a953da7b8e1b713b01fbd90914414fee86e4cf019dc0e011bb7ed750cfbd34ea10459483dda446e4e057403e505f01783c95d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5e12d367ebd3c5855cd67aaca117a06
SHA1b4f757ba97bd492fd4471140b86e978d407d4da4
SHA256aeec22c8eb62ae20a5346bb5b684c3c7a29d3a37d65e6451d4568ef1a8c338f4
SHA5126c346b72e074cb88bd2fd3273596fdfebe959f7f6be9efb0d95de641a5c81b5691ff9b344edd2a7994089975bb527bee05401ff1f9bbf63199945e27f54b5973
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5108d31d06780ee8554ff843ee20e8e49
SHA1c0e689327932f727b0a6e0e66f86f7d66f7d604d
SHA2568557232df20913c22fdcdefa201a7be0dadd1f55f6da23758ccce7b214478588
SHA512d856f05f611f90501e5769feb39e1672cbe12522fd44056b9b2b6f21c20c3b76331f4de12b8cdd1c573854e0eefb767d3df412fb0be3aebc0474cac0e999f0c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e3e63eefe8f22adae3a39a8ceee20fd
SHA1b4ffef9a88511adc1861528ba2fea21a9917427a
SHA256f958b0120e843d3bec2cc8d296807fd9c1368642898d95ac3bb0d12333d5662f
SHA5120cf3a7545441798b861e096ffa4c780ad9a97c8046e790c6b06e059be0da18b1b4a7eb6a17c6116172e35a22027a7ba7df9b4794438ae7a300daff2eb17b4604
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5083b3c466950ca9d07f522aba44f798b
SHA176de218ecc18a24f4e9d13c8404c531866351934
SHA2565c726b9b858ee71f1f165341ce7242696f18f88ede96aaeab30b9d5d8689745d
SHA51288d3313c2e8191653cb32b2c6d0150ef2508fc13db22ccfa6cc805372dbc2b364187c84fef4fdec931b4fa920e5ca26763e67e5f96579fce96ad3f0f67be6dfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3c1c32be5699e29564020da1704868b
SHA16ee0e7c1a180a0f4640b03122f8efb7de7416dfd
SHA256c84f666898830df6b66145773f92e91552a543edfd19b46a29831a1266a69482
SHA5125dc6d68f5de5596ccfad85dfbdf80d20332c68cd57244b4feb264495f538084ba26decd67db65ce6b649efed44007a786ff040067b77f30b437abb7ab3c5e308
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50183ce6920bee3071b1f8e1caf04e03c
SHA1f36db05e6bcdc29e07a4b079d025c96a49db2976
SHA256cecf7c059631a4f3913e1430d4748610a2fe3e2d1d29bb0e55af9eaed2fd143f
SHA5127f22a9cf1be2bf7e0e1ba422684ca8a3acd723a28c85a5935a48ac5a138b31665ad56d3ba2af7c07377970d1a952f5ba4ab4deddb49945f38ffa327c5e0b7f66
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f7d631b723880f7b4c02ab391f9845a2
SHA1c1fa7ef4c30cf6817a2f982242abd9dab5608bf4
SHA25613979abadbe7dbeafc307fedb8f694a94f4aae6488341265eab5bb7f636b7e7d
SHA51267a399fd98d74fcf28e31734732877c9685dcbab79a2181c5d1a26a866c320d9739e526219f54b21f0d975e9a02275a91e7d028ed9375b1756672c6289d18a29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6b367e553430652ecdb298600062b1b
SHA1d8a6a20203d3238bc422ffcc0577abba61678a4e
SHA2565030b4d8cc00d063339ff8b049d11e42525a4f25422c10455ebfd1793387c8f6
SHA512664952fb45ab53382b6f95e2218560eeb986a67857090b9962bbcd52061e6bb6102698946e570537213e4b89c4c070a81092050b4e784e075f842499eb06b42d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cee15abaa97c6344b2996eb0ef73d52d
SHA103657d10b8c0944e06bab1ef237a934242ec9342
SHA256929d3c2ad1a9568ea976e63131050f8955edefb191c2029e2bc5e71fa0c8281f
SHA51257a391a202ef8736d9ea900a87d395988647a508f3fe9b1340d3b45a2b3de01cadf42d90573773747c8e61539f899122377e0d9b50c52516e1d41a95b8527fa0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e2464d5d1f9d4e0c233d0a967dbd25c5
SHA1fd2998f4ef1e44fced52253c77deca27c2d8ef65
SHA2561b0f59221e1d6c8c25c7aaa2db6141a1ed1bcbdbcbaad94a3c63cabe43c79a1b
SHA5124931b79079855d8ede37072d5a8b7e3bc812e04b6768bff03f78c7d1bc24d5c006e1eddbcbfebf78cc3fba2fc046792cbcf78a5bdbfa0dff24665700e49d67d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508a03f2b595bc6b597ac96ac64075619
SHA1f112c4fa787c1cc11604b0c90a872ee9cef76876
SHA25671f7ca24e6909200a0d312af2cf2183356e9015e4520ba6d57b1bc19217d7871
SHA512aa78ad255c9f27bfebe75a94f9fdcab320f515ac739ae21661bf37c0286c7b21289240a97c95d396575c74dd0667e74879a2e3883ef1d13f2e64aebf4f056d47
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5daea15c13adee157e6e79cae2246a4a5
SHA1d08cc2ef3629b0511a5d319b790622152d6ba081
SHA256846d892269dcdf36d438bd258604ae081354e92edae80aeae6973f0de178a30e
SHA512a8791ad6bed118ee2b120333998dd8bdf6bde26d64db288808cb95aa77930319bbaaaba658ad8d8f74dbd4635e6a3881de02afa124c649abc2aa4fef9d7233ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eaca3945d4a0f95125d576c22268293a
SHA14d30c4c3ab1462250fb8a745f1e0dbef4a99a145
SHA256d26da529138d6697ad5870ac2400d7f5ba4a598cbf818dd01aae4d8a3f6f1bcf
SHA512896e9af5e41edb75e8ce70739bd1333dd9ea92860ac8c46ad2176f7f9a24cd7a88bcae845840cbedd01522ab3731aaa2c3a2d948177bd3ce755cfc35e2263c17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547797111da99a84865bd6b6359e841eb
SHA123e1edd033a6d4c0b2588e162fe693c0ef49fbc7
SHA25635dcc78617e64c9a6a4968dcd67a591cf3f35c4d81270c873bf38ebbf9040409
SHA51294c2aabefd33a0b2759f486c9e00af2ef9a239d336733b11e0b659497ae7d4e8df774473be3391f9799ab059f2b6337e412c20f0849d17d63b0fd635e9f04830
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ac9b16c8f982d304fe50e4ebdc98e01
SHA1bffc0202c06d43fcbbe8f3785f48a9b05d7bf131
SHA256aa86511902ded90bdbcad39153283adcc402f9a6a89fe23377df6e4ec3af27a8
SHA512b5b4a13d5738c5c44b46dbf31648604f4837d71dcc990442061c832e763c02c9bfca241aeec43ca9e8002b8c823d4347cc86527f24677d02a865ca2ed15832e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556d828a268e6616a85bcdb18524e63f7
SHA157b122337795a8f746c9a0c0e4993b36391a16cd
SHA256cbf7012c2074f6759050623f255d2526e6e808c92d7e08f833ac80ccbdb5687a
SHA51213a0f4dcb56081b21b5be29fb430a2e4343c3c38891bb35cff4fc3bb356a415c8a9e3c503a032abe14c2826b7cd3df24fc230d179e65820ca9c82b418155b25d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b