b28bb8199a2cdfa544581bcb35b1cebd52db6247540a786f341bf8ce15484cba

Analysis

max time kernel
133s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-09-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

351d7ccbb65b4e9c963298b30ccaf6b6
SHA1

a8c9370d332fe4b55a776c5566f0929ab5bb1c0f
SHA256

c2fa4f5e3763a18c0e62818422bd451b40fc136e8078fedd26368dd13410cfe3
SHA512

8271278356f8b6c2abbb5dd7cdf2df7235830ef39b8235f5d0f29fb5be4310aa23594fd0edc43c111f5b4768b22bee477be0efa1dd4df903c6ab708c8410e89f
SSDEEP

3072:SWQ0EwKUQvZyfkMY+BES09JXAnyrZalI+YQ:SWHE8sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C61A56E1-6C5D-11EF-AE95-527E38F5B48B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431795416"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2856	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2856	iexplore.exe
2856	iexplore.exe
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2828	2856	iexplore.exe	30
PID 2856 wrote to memory of 2828	2856	iexplore.exe	30
PID 2856 wrote to memory of 2828	2856	iexplore.exe	30
PID 2856 wrote to memory of 2828	2856	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17ed2182f14c5832593d7731aaa69bb1

SHA1
ae5a703205c20dfb0d7d745b637b80a6aa5076b5

SHA256
61273320b4cd317b20f064ebceb6f8d0bb2d9c92fc277cba950163ab2c84e175

SHA512
fa1aaf3d2cc9fdc4580ca10f281d26894d942e5514188e20c0be3250ad328653e0500d428c24cb79bedf4bf315aed6d4ff7bfd60b2a7ed32a5d329ee7e6aaa8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c789028511785e99d0f36196688eeb5

SHA1
7e93f3ceb6d37396ceb1e0ddf788b2d13dcac69c

SHA256
a7fa0a843e14d4470f76cda9e520b0451fb8bcade1dfcd202347e9122fba6d5e

SHA512
9431f01e6b41f5111fa18f243c163df836db26ddad6bdfc55d50a39e47601650ab5f4cc851b02b56fc591e7adb6cb184bb0054de9acd508aa9feba7206754423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d23ebad1f39dcfead2d471fccf0210f6

SHA1
340b03c56e295b41b2e802e8878c828c27962ca3

SHA256
64243168ae46a7758ed093fd71387d182394fc915689864a0e919dd0164edef8

SHA512
b5f6559489ec57acf2ee46a4f8643ab47fa5ff7a4367236f0a2d3bfa30637a7c6490e159baf934d4242b7996aef6f5a5c5bbfa06052dd1749a94495b8367f685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
660f36a8bcaff072393390be833782e6

SHA1
f51000e20fd078e572ae4bb1e4e57e0b41e0a86f

SHA256
cac523b8614d629c14db537f3197f2c4f57ac3f3153cfa98822f816cf057f7bd

SHA512
3c6d59ba8f154c6105812b48731cdd94f9c7841b8170b1757e33fc764840d0374dd2125f1b68211259c5d1c2997fa0ca02a60256739207502d77867742f12e78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b67f31831acd5a33b801ff62f942b3ac

SHA1
4e92664bc164a37dc3f80ac875850896b8c02bb3

SHA256
6d95b262e481a38afc815319b24a10bac9fbafae19e42a258e37dddd32c02677

SHA512
0cfa9f310ba038e19f7429824dcfb2c576fcfc1342eb4adf6be1881516831b83df827f64faea48168b8e3ab275faccdf52bd679e8d80dd3e767f3737b4f001c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8779a6c27d01f3658db45a5bd9c17399

SHA1
9cf629a090a066fd60299fdb95d2e683662547b0

SHA256
7274ff08f419155a660625074fae6e5a639d19d83fcbf5cba242678e4ada1f7c

SHA512
f55867cfe8e38edae5fc88204d072be421e4ef4c81e3c14e2715a7fa0d7209702284d142da2db6ef10cc53db9f3352e92f9873078f1f1c5daee5b7cae83e7fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5de33e5ae2c6eba09d051693990fa0a

SHA1
c3bcff9e9cca07ff6181d3623ab5b96e168d0b74

SHA256
2a992a2b72e3434ac8b289f7c157144d3e7f41573db102b732f517bcd95d41b3

SHA512
3fff2e66bb32795d5d9eb230573a01f09b3ffe257f149bfb4ff97a49430084aa2d9bdf2e5ea9989df359b019a63b35b6e92054ce00a661e4521aee8a3731c2d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fb2f78c7e58932dbc92732da144987e

SHA1
af68939105feb2dc84d1c2b080348d68369e7c7f

SHA256
eed029c76736327edd91eaeced7b200359b4eecdaa0e20e9f90bafb555d493dc

SHA512
0468fe16f46fd218ee784a9d97d0dbaee92a553d826632a516804949ca21f3f2447e7b2d3ff50491c1eda81012859cd4a294dd139a2822ec79892c7d7fb2364e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4cfadea05cd70f909b84e26a8e77277

SHA1
ff07443248839a83c752006bc6dec7b66a112fff

SHA256
4badbcbf2d9358c8deac866529cf9ae11c6506cf0ddd31227d66b443ad8ebcdd

SHA512
ab00b385110a89cd0afea0a639d50cce28cfaa2e138e94bf1993764472b913bc064aaf1ef1147b2fa00f78ee0392963342a35cdf55f62e4fead1d100714b3516

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57a4ee30b7a9fadb954440f3960fdc15

SHA1
e2d6c2efeda81015625c5cab4e81866d52932fd2

SHA256
f63849b5f9b96389f1bf6015cf7d4b9b07c72dc0e26f608a11f02afe5d8f14f1

SHA512
6833444d77b4cfae21d9f43f06da20540474b418834e2cb01d383a0b193bc0eb7e5bff01b8c9daf86be97a55c3b85816e0f6b4a47f384a181056073841e8b489

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
406f48b99b65f36abdf307f5b0c129a4

SHA1
7a89571dc8056f55221881ec4c0f7c5c1b09d4a9

SHA256
7e307e41cb8ad6091ab6b04b371e040a3d664c23d7a32e505c4bd2782d48834a

SHA512
684080b304eaa201c7f09222f09835c41065c9ec8eb25b7b7bf1c38a05af142183c288a229af54a92664d10bf1162489d826409348e8d1ebab3defbd70486ea8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dda92b859961d290d24683b09f07b2fd

SHA1
3c1670f44316ce388149ab96e673a3efcc82c458

SHA256
d31014fd2a3e797d95390f5712c95679225e4e8edc789358e2d49e4a0c90deff

SHA512
e0061de8a48a3e55d99e12392e647def08ea289a714b78bae71b9403fecb75aff9a6239063bb7386b4ec909c3942d4c27a0becd82474c7b44ae137cf49591683

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8048fc9be9290ca23840757bad0ae0b8

SHA1
6cfe2d7e62696bfa0e2cb447c4a362aa71ae9d2d

SHA256
199fe707592c26e3c48e4446758c2ae2e697840e3f259fca3904b2df9ab1073e

SHA512
7407f243e6b0738c8520e3b114752cb0bb26c64324fa6b38ea740ff41af2f38737e6d3addfcb95e3c7a62c694598addab18d135fe2bdc1737d0f21423a842fe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92ec1acc312563c174cd69d70e58e170

SHA1
96591bafc5557791dda66a8129658617c1dc7864

SHA256
b836f72ea7aceb7a5ce3c2aab6306b76472cfa8ee38c893a747d329f55a91feb

SHA512
251cb6e76e29a1991050a9315eaf2f7beadf0f902e800b2248de79bd9df427add5d7cc13385654ca3fb81a2b1566c35376eed4d30b8994035ee441f3d047bfd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
289d50f1805acadb9af01c0ece6d0c7d

SHA1
e6da329812491fcca4442350e05826f18f35d2c5

SHA256
648b521353266b559b41cc4fd4ed01e51a4ef45737b5dc3bf4fc7faed52fec5e

SHA512
ff9a7b8708e5d8662665c6447620bedf4126b0a36eab9ed47a7ee4cf2dbb0eca58a9c4b25b18f59df087148d7bf7cb2a3d22dc03a792d4b945fccb9abfff24ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90558a6e648a2278d856b44256987001

SHA1
96cfedf68568e5e9e6361220bb655c13626362a9

SHA256
44b394d7820631c3604f1378afb2adbf25d360563ed235d9eeeee9499a550de1

SHA512
a8dc471244c812597ab6553ed543bc8ca0ec90c40cd4f32b22a9d2093a9e81f06625fbc40606dc56a1f58968a56aad09962e432a6b38a60698702e6b25088d05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7509533ea638608d14c44ec970c4c5e9

SHA1
637579be159428ee0dfe438a51dfcf438c05d5b8

SHA256
4f5507913ee25e22b90e08fbf5a7fb76e8795f70c8f20c500f4ec009a70b51bf

SHA512
b2ca87be5edac653688b308e72f726082a0f0409bcceee08517f2a412b290ff256b026baee35722f9845afc699ef89900d75882630f092accceebc498adf3e6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e574cf574e597bd7b614a83aa91399a3

SHA1
2a15d12065de340273cfa876c2af89e24401dc55

SHA256
4ad2043ec02a75b459e4f0885c395d1dd3c0f1a9e86673ab8e6daa9c24181b44

SHA512
4520b58d6414622abc0fc7e3f53e22811630b05a1d99b89e1d8c8174cec84b8cf9edb5e313e9b9f08ec7c48b4fc9ee38ac6b610dd515cc4b9d89aae44073880c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0f3edb9ee401d3b46d765bd15d2c7b9

SHA1
2590c971e0bdaa8a7bd9023dbeb8252cb9ede4bb

SHA256
74a158c53138595a7cf03806434debbc6260322b4fa4f2cfc3329ca6848dbbda

SHA512
2f7055924e7eb7862b34e02ce24472117e1b85f0b5044989673770679bcefae75f458828ea2db3815be3977fa867d04e9f2f3b48cda8aa2bb062bb423e31d6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4DE2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4E64.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit