ea36eb05efa8c17d516a27b23d4640773a2c18cc6dcc7a2e2a33e2f0fb138bde

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

66f4a9a988bb88d8765b293878c0c33e
SHA1

1e1dbd23df76d8e4e335d909660ed35d830f35a9
SHA256

30154a9398e1e91e2ced8cad532bb22d56423090fcc41aed8d559932578a5277
SHA512

8bb83c07f6105813b07c79403c7bcc3940da5e64e34b9a379607a13a60d9a69667bd5d4ec914243e2b077e1c72e0a9c482941000a73a0c94ad28d63cf6ede573
SSDEEP

3072:Sx7urBDomRryfkMY+BES09JXAnyrZalI+YQ:Sxc/OsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5A9F031-6CD8-11EF-97FC-EA7747D117E6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431848297"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
816	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
816	iexplore.exe
816	iexplore.exe
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 2764	816	iexplore.exe	31
PID 816 wrote to memory of 2764	816	iexplore.exe	31
PID 816 wrote to memory of 2764	816	iexplore.exe	31
PID 816 wrote to memory of 2764	816	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:816
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:816 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
950afb80ba2a35e83938a14750f9143d

SHA1
2d554060ab0513ce7d7f74ed9f6c9a6fdb0a7b58

SHA256
ed91219afba46b44ce72d8c7f85046b7c314053bcbfed0970d658c9c0dd20b5e

SHA512
87df5dead6c7c3f0a64be5ee23c5ac61cc08a0092b7d776c5c422fdda31c1bda20ea644bc78ebbafbfa2305b4e86cc7b99f1bf270c96f2421a89856697d9b1c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88bcdbe0a548cd1e7f753de6b21ee070

SHA1
0fac8705f9e74f02519a73132df5bed2c9068dfe

SHA256
fd961a058d8561fcad327d13a48ebffc7f56c0e7d112a24e806807f27e7f4f6a

SHA512
8b7da8eda4d8ac2dfa7f4f67c7641221c3f046d8be652a2c73c5e6dfcea3977beb0d102032e640de2d99ec127ed7e307835ee5bf34165d0fcdfb6693046b6d4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b320519c550c784342d7de4fff5a0ecd

SHA1
1585d07fc88963a7e1c91fee7f84cadcc8183c16

SHA256
96243c427cf270ce5dcba453c1ac6e114e211bf468c9547d8dc5ca3f0d7e9d6a

SHA512
53904a6d032b316b4335b0ea3c4660fcfa7f9802717b56b194b6ecf2de9caa7da6a640cfb47f16f741e5e64dc583ffefc2205a33dbd13783d4b0d86ad5a0246a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3951e3fe892cf0bb8305d58eeaffe1d8

SHA1
183d8cf98f2be0809fbd57c810c747ca01a47972

SHA256
c198bfb228bf66fbaa7a76b4aa1a5b04fb37136f6c55efc00d5b773c9937c3bf

SHA512
f22278120a2ffdf9327bf4809ae643ac71c2ad03eeb96a6878ed09b3c68eef8e47268e75dbf0ab7a70e0b72f02bf0ea200af2a3b92bf3d43045061808293cfdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cda5c25b26dccfc4a1e748fc3363623

SHA1
9bd25adae9f3264473bfd73fd3dddc7a0f729f54

SHA256
7426da995b54d28d5581f1cee414fe21533e418e13f764dbc5728198cea40a34

SHA512
a35866c3c98e7e2a7ff5947ba8a909f726cf326238f6cc4ba2d20418e74641096fe9cb68e8f9d67d63e1c86c270ab1d9bc7322e2580f57674adfbbaccf85a05f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1004900e737e08ecca5f8aeb6f6d794d

SHA1
eb6ce836887462f2027e0b2eeb06746b10a4cf10

SHA256
cd75d636224a06a111fad50c352f8cf6c13ed66522792eb08dd05b35e869f058

SHA512
b369a688393b57446878b13b047d711a30dd4f0630e8cf79e6ace604cf3e91cd6d31f221b9c977bf56480b32133e0400edb26d8476093e5771db5480bc502457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91da6ea02b17385403cba77247757f67

SHA1
c8b0859af00bb66c8c13d1e840263f73d718ded4

SHA256
35526ef01eeb3c6fad180cda7e63f46a370d7c7e63c9a6b9539cf2ad2631d78c

SHA512
fba23012ede4885b98e2bbf309ef05444c6a4e59ceb333eec6206e02575d6d0d6470790c208ea63d174edc5befc0e68b574083373628ebffd4cc0938e3464e96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0d3992318fcd67c6e08460cf3de5405

SHA1
ddb33aa0c81f4ba3e8852e771dc92d154273617d

SHA256
9ccc87e9dd6a9be8f7897061ee34753e9fa621425facb02c6ed1245465f2f05c

SHA512
dc1a5bf7978d6a0c8e7f7a7f5f001668725537856e9e81c615a7b29423f8bc652d90e71e6157839e34ad6a14146b52a02361de6e82a139dcd0553d0b952e2a19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6947c1d5fcc3ad78d0421b21c3f3b60

SHA1
5fede45a5d28c1c9d6f8cdc494e3fab1f38b2191

SHA256
5816e1c58d1f9f4e23164c5edd94a09a81cfaa07afc1259d2e42a3cdbceb2711

SHA512
c00feed2280e1a0b087a333ac6c4681edf6c2d9589748709092b81ec2b6493359835cdb05380d5d0378cace4b828b4f7ce484e744714d4392983ec903519d47e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4af6cfaacd62a57d23de19b233733824

SHA1
b788abcdc219c5d59297f1c189cc8711d26ba1ca

SHA256
190b1a985e592cc236b0db437d556bc7302d90d1e5e23dde57e090e8b1024baa

SHA512
0de8dde9c6eee8eac9a4aae475e056516cc38ecb167f18e0e6cc6539dcb585727b4f1061eb5ffb652ba6e25557185d69fbe6f5d78689447dd4a07b10fe890377

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d6205b8c49447dd9b1b7235e196460b

SHA1
16260866117eee2514d9bcdb225eada0f3a0ba8c

SHA256
166bdf6da32604d1d8d39e4584f8e34c106f07f30d7cec54a2885a51f23a9af6

SHA512
bab91098ededbdbfaf3569c4c14c27456c96a5cfbe5e864b0029db9d394bcae738f8931ab41f3175b26a16bb26b8d2a308a0f44fd45f286a8ab58ea6c0cec41a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efc56a13f7ec9df8a0bf547930543ced

SHA1
1182209d2fbab764eb6b43060395e51ffb4e684b

SHA256
fc17b269c945d754998c3db5bf948cee5672667fe5ae70b900224d2f17c5fddb

SHA512
8155aa5b041183446ebafd49e5dc202dee98c431ca6fdf9a7fbf72db9faf1a6a3bb6594ca042cced6fbd01d7e2f5dd3985a423b4327268890df2c1c227d146fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38b009c5e75f1ede31e19bd1bca460f0

SHA1
4b45655970c81e5fce56152bfc55970b86d7857a

SHA256
767a93474d83b8a6875015d29a0017b36aa24a92c7f4bf6db88c8862cef963b3

SHA512
75780c5b859a74aa1c9353d9161e2b7eeab74c9c3972fba6516183881da3f676cf8bd7dc63a7ece595007bc5c706b14380acf34af441aadea8c712d329da3d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71ff9f086726f0ee3583980bf084b206

SHA1
ec7bc4c41ca9f2e7026c1e9ddd8f97ebb41c80c4

SHA256
4489844c0db3b3cc8788a55123fb6c3557b2b17116e14a6fbf9a6d916ff71f1f

SHA512
07ce5b41e5110e6f8eed41d2c0c0edd9e1edd1a72a540ff135db66c29c824967d704cc30b6f74f0d8566825b25ded72ab527148454b4ee8f325bfe72931693c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8ccca413591386b41a20de06586e3f4

SHA1
515da1b0e0f4687e8e693bb16468f106e488a843

SHA256
adee8431dbb13f1ceccfa22abddedeb470b5eb3ce1d2eda5306026fd3a4b00a1

SHA512
1e3d12e716eab2ae2f15e0620e26256859d1b5a7ba55663bddddd0766b17f841723235d7c8ebdfc0e9eeb24faaa4b5626b1473295e5617e75f521b14b6f8cd8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe72e9117ceb7f16a123d5eda4d4d13f

SHA1
6f6d41febc7d862061effba8722600e471cf8049

SHA256
d088a322285a3bd798feb04f474040c1bef53247a752f3a835b6004af7f84eee

SHA512
bc92c3bff06ae75a57705c6ea37386742b283edc15a22c727503f807761b414393e7620490bfefa3fdc4c1451e59a35629ac4ccb5c7074ac2cc16815a5774409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51cf56ac823dd03767da4eded77640b9

SHA1
131f30495f958563502b4cf190d71d14bad75d6a

SHA256
b7da0411acc76bdb5479410a4bc30487a6fbd81fe48760ba0b5eb5143a9f08f8

SHA512
47826d4166a188a421aa110f414d23ab8b8a11256c33b5dc7a42ce4c3c1bf2f8ffadbaea47f5b0561ee2bdb40bf2e5805be592bd6a767c4449d74ce62ddd989a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9396aafd8189f557f98d143c128b4568

SHA1
c6f0e79bba6a9dd221427a248bc7e630b6936084

SHA256
92a971a2b06cd3c24bf2f943b82abc0b97e8c0b2843881904e8944a87344075e

SHA512
82a97bd5c461a08ffb9334908f54eff542e0a70b2f46c3b18f96dab802edcd87da928b7f920828c051d1a067a82cd7abeb9d6177551e202262b19c0c7fc8f153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb5ce7df5c461b75a31d023d363c0978

SHA1
384df5be61760af3b9c2e9d1ba0ecd3633568fc0

SHA256
4f26a35538df9eace72b84d8335aff4d306eac2b68c14b48bab420ab0be497e4

SHA512
5924f8156777eb7f58b1b79eef1a7b0394dba7352c63a3050516b682765f4b999170522ad9ba05f1407585e51483c112973b94f454dffc463ef76aa21da8806a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE85E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE8CE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit