4107d6c08f6c21309415c21df31fc7241d7337a2a07a8d3777eb8f45e16c54bd

Analysis

max time kernel
133s
max time network
135s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 06:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

d952369db121a72144389b911ae33233
SHA1

b6298e426b61646e6b6fbf0ba940eab8bf9ea8db
SHA256

e175886688b36eb2977948912da2a184538f534c7c952da08804c6e256a7bb47
SHA512

4cd12008990a784174150e3efe6262ba2efe99606d76052a21908bbe79cb0060405c80fd1d1a7a7ff7c44348df1f67ce266036ad23e6e0ccc177f64775799364
SSDEEP

3072:SJJfxyipBrOkyfkMY+BES09JXAnyrZalI+YQ:SJaSAsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431076303"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{75F38871-65D3-11EF-BA93-6EB28AAB65BF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2660	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2660	iexplore.exe
2660	iexplore.exe
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2932	2660	iexplore.exe	31
PID 2660 wrote to memory of 2932	2660	iexplore.exe	31
PID 2660 wrote to memory of 2932	2660	iexplore.exe	31
PID 2660 wrote to memory of 2932	2660	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1f0660695ed64aed5416f8b48fd0414

SHA1
1ccd79c95c8a3a7aa500be77a8439ad66ec2de5b

SHA256
e5502701dbba79c7fa90c64cfc2ca67a9254a7de1d846889a667e73f98be5525

SHA512
ea9532840416dabf28f4a7ab216f0265d60899a98cb85289543438adfb9b69b78924c785b1d9c16aedb844c3f78fa27b9d33fb7fab1d560c3aa4245b70cb00cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6a0fa12d56bd4d135720dc6c7daec72

SHA1
8fde3eae8d45057629aa5222370d2df5013c5474

SHA256
631f99fabd1aba0183ff80e64c8cb934c10dd8591ed3df65830be72489883879

SHA512
b5a698ef2f4765223699013b9027d9521e46bb315430a7da2ae653fc64257f04e4f3a06e4008b8e6cb590ebad5d479746f62e9958c972819706f452820c4cd88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43a49908bb0cd56bb1ec05a9686cc541

SHA1
04c88440948542de8d6a91dc90c805f566e67365

SHA256
51ef52126989d22ec239b3b83ab7af2175b9022fc86572e0a65af87d4554b08c

SHA512
fa70957884cab16072f6cd405b24c24e62abaacf415af377c2bb33c81fad05a995b6a80ee9ffbd698659c5255b16d628a8d734670dfec7d2a2cea325914717dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea2129524adeac3efecd75302a756a09

SHA1
7f39b7cc85ef368c741460ca95ef77004912834c

SHA256
0b65f1487c427a2e1947a797a0e1d9b26ee5bb3c54858cf526eebf669ae86f4b

SHA512
7121c607afdbf3f6bdeade31abfbb653923b152d862302d8685b6a550a6da3d5867748a47100ae1f33d97f5c5bb0782d3ce3bb5e8bf32b6a05ad7b0dd7bfbc08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4eaf1e1a3116e8bc9f04c4f726a5e195

SHA1
0bdfb24d56430297e5a97b1bec239113d365b439

SHA256
8861c0ce17b21f00c268cefb9759c25c6607f490c75784f71e4a8ff9223daf83

SHA512
ad21887e9ded6d892bf81de4c747fde75302702de9e933ffc31c8690fc8c828a4e5fd97d6d9a624acb73d47c2389b07a458e3335c977101cb2ad102835d49868

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e975aeca03047612f59110cfcd6a6926

SHA1
e61f71d71db1b7fc9d3f3f454a96a733fb077696

SHA256
f8d2bfa392a652c72aad53308dd35c8254c47374ca318154d6255cdf80560307

SHA512
40e0856295ce0bd73b2ebf95eda4b6fedad696fdddf0750113e968f58e5a62bc2258785c5288dd00205ea4147813d71c22553b6322f8bf9d8e7f2be4b8f7bfaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
848579c2919b4952630e1e69fa9599c2

SHA1
bc1c3a17d69721e526d52dba0304fa7a9a0dd986

SHA256
34d93a464b76af037fd8d2da6b92fa3bfdaf3fc6d32a41542347211959eff69f

SHA512
5d1651b67b4cbadbcb8965a377940ab3c8e395e571d37c546f0f80eb7438aa3d2876b6617772acee24b18f92e6f48671f078b846b486bce29f813375ef003623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f532b55f1c7c59b6ebef76d884f7317a

SHA1
3e8a04996fd1b633387b1bd7a4e6d1f69c2b0721

SHA256
b0423cfcd0049d3ba1aa32bd8b5808cb5ff90a0877e4f96716be7f79b85e4c78

SHA512
c8a938ffddeb0368bc24a280ae1b1cd10e039c3bfc61b5aa2677a99492e65c4e190a9291e3b92ed52ec1163f94f8bd7a875cee73e70066e16c1e63cfee554568

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a9f7dfaad32de74033c1189573e0546

SHA1
1ddffb234f39352561c168db5c795cc78aba3a09

SHA256
ef92e253dcf28e3da5f931fe7f86cfa5f83ee17312e9ff845db10200245f6dd9

SHA512
0d6617afe10a1a9de547615561e34cf72981e0a78fe1f51f63c7c96093cc01f23edd8325e715d667bdb2139554f69207b944415e31682d3ace57d6abfbaccc58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f5b9485ccd30348bb97fe64883c6111

SHA1
d69fd00358a491a69e1992519c523ea8c795409d

SHA256
53325f464fbb6733616a62ee5f238b1d6b94d4cab42f9f64bb7f728b46c4c94c

SHA512
3a3cb8cc357fe8fb1687f399b987674db95ff18291d986fbff57408f626e86633ed27b7b0fcb830980d48e3e2875c329dfb2b46e8a2df81ff7a9a7f841dd5577

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dec2bce0801c695fea28daaf40caa2d

SHA1
e3523845f638728c5ac053bac4655ecdac1c1983

SHA256
93c53af8797c0ce46c4e8fea6b186a08d509de9ebb294d745fdcf90e966fedb5

SHA512
ec3d48c3085ace411596b3fcb9638133e34c9505c41691d9fb9c518300970083b81d2f9876d83a71d7716cea09d315d6aaf7a938a9445a13fd33219a13454176

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5863cd7f7f6d53cb9e91751cb9db41d0

SHA1
46e3260e53f43b20c368439a5cb094fa32185190

SHA256
cef1f8bca4063d53f66812d99103f550662f41144588975a4bf94d5ae7a1e58c

SHA512
a0aace53454e0b3f84b65890f8092ce9ae4f553aaa2ab2bcee8661f162b95d099e69cf4e43a69e5821b6483bf6125bde6f45be8aded896e147d35690906e7d79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eeffd928fe2e54170b50dec607da2bd8

SHA1
ea555a5440a706534260f737fd7cbdd3b5443b70

SHA256
e00a1edeba0b533b063ce2e466ef2c8fbe7d687c423d8fa4faa0d2ae4d98b6b7

SHA512
5cd611dddf386f9e3ef0ebb23f108d660c49884897790fa53470b5548cb458bd79cf003b331df4714a6d9ef3cf48487cad1ec742cf7d9aedd16abfef24a767b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0dee41a9362f16fb4b06e247505521b

SHA1
6f7dfa78fd9f3cb3513cea7124f1ee53c1106a6b

SHA256
097753877ba933fec964c172fc20365f0df1ab6b8f1ca4e2efe0a6868f8b168b

SHA512
b6707efe03a7a0e6a9726542058542fc4389900a2a7e22dd283ee7d199ddc9e03d076883a78f1d63c2c0c921369dffd1ed87f8a2cc7476a356003bdc951f2451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bc1e748ac577e5599aed73033ebe8de

SHA1
fae83c5ce17f03f3f1d5b91c8a9da223c0014c65

SHA256
9620a4cea32c518371271f43bd1ced120ed92ce784a48485f51b4a9d1ea229f1

SHA512
693f5cb74a1fdcddc3a55ec2c3b9eab0282a07c6b79d30264e9c422faa9fd792c6a68b334d86017decc94e4c3fc462d02f0f05649262036ac7dbe52c9178be97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7044120ba339696c1c3371f54fe5cc99

SHA1
844671762f75d39c4838f88f324d56c59f0457d5

SHA256
c70b19ea3f6857fd01d8d97528650060f35b088c3528da54f08fac1be686165c

SHA512
865d052219a184636ef009cbab1e3f00ae5069fcd791ab8e0149750bd95eeb5a38b1fee44da73adac0a2d342e8d9bf0ec3151fb2938f02a0fc50579e1aca1255

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4251befaf75c281abe73ab43cb8a551d

SHA1
5a2bc1b3312802b8f95e59631f04426656e21451

SHA256
c5351ee8f567f9fcdcdf46b9db3ba53fee075d07f811685d59be930566712e9c

SHA512
67ba9f472219ae09d2a0e22d7c7ec6b6a9e98b20d1925331aa147782995ab957abc7d4803e6646265f85685e18d4944fce70df95fbc6156e1d0fa8b1a363016c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73a2db93628466a1009023a5f85a64b5

SHA1
19f9f336828790e650e0e89f8114aa1b0ddb4947

SHA256
3cb78280478aa706b46020f8ad63f35df0f17e520766f3a0f591e59013401f53

SHA512
7e4e41320b7da5fe2f2ce3a39475049a088927c73643fc05abd9b91b9e228644667d94a78498a5164ed07e4ac63fa12169060b1fc2f72a70a6773ac780626509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9dc543c0c40269455ec7b000b0cc6681

SHA1
081e93dad02859c5b0ee054cc8e4dd530759e269

SHA256
bb6ac9c0789aca7c06a8c097e235e8e85c5b2e74bccc454edaead69552f2a9bd

SHA512
3aaaa866d80ffc3b58bb55af33c9d88a012fab1b36322d00fa3afbba33fedfe25005b4c5f939f44bae8558b00ec6f04e8a79135eeec0fc0561339ddadccbf550

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab88B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8FB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit