0aef2ee3c04cc425ba34f90d92d704845607a14dfa727958ef4bf7c71152e998

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

ac691947086acf3e17a6b52c529287bf
SHA1

093767ebc2b89803320fc4862077d244d496dd34
SHA256

fe600e1235bcc82cee26f8e6ba3ab0fe35a38e5e7d36403364fffcfa66fe12aa
SHA512

f59964e9edba1bf8d7648c570580a1f2660a20f0c5a20a90a320efd4110e031c0fde592feee6e7dc32600bd4f37ddc58da9c8dce9a9c43a3329433556fc5b6a3
SSDEEP

3072:SqsuYE+FtEVvyfkMY+BES09JXAnyrZalI+YQ:SqhH6sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D0F39A1-6E2D-11EF-8B74-7694D31B45CA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431994392"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2792	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2792	iexplore.exe
2792	iexplore.exe
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2880	2792	iexplore.exe	30
PID 2792 wrote to memory of 2880	2792	iexplore.exe	30
PID 2792 wrote to memory of 2880	2792	iexplore.exe	30
PID 2792 wrote to memory of 2880	2792	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1392d739eefaa2029238bb1c3019f0d8

SHA1
f0bf7b39baf59d606a182ab7ec8f03fbead49d51

SHA256
b47a442f296b6274536db08943ccd30407008ae0f609ad85753bf41dd9065d17

SHA512
87abc62f14a75041f90d7d41d6f1aa14bbf2dabb05c29e48a86f8852205176ae87d5b78305de6c6142224b44f25a1544782d1afd571b92dcdb0961b37d42a5cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d3d5b2b550f15033c25654762cc1d83

SHA1
4cade283791d678d5a40a7cd08a121f452896e41

SHA256
65a808e8ee197819a5f2bb45d58a8be783c15561cd9a94d16e3535cddea3174a

SHA512
849ffd91335a08461172c6cbf670559a26efd7bb2c220074b2220d24b5381cf4b693924fb0b410dcb5af806163f4c39e6cd3a9bda54f13f7512271fa313c911c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d31cfcf88ab1ec6fa08d4eba842cbfb1

SHA1
85b7b9f046d0b0f641149b0c16de7d3972591b68

SHA256
1ba45a6d374b650ab2e2ddf35e08db0d9fb6d141db70ff252db40639434295f7

SHA512
0a63b60e3ba32d211cbd6c57f99e9e10e57d4a9f5e89c1340deb21add81cc46563faf272f31d16ff7944cecf14507449cdcfdecd584c3e2464cd356e511e2db2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89bfa204663e5beba35aa17c6d6de09b

SHA1
010a07b1a62f0888c7bceb1294792f13661a431d

SHA256
e36fc25e711293aaa0a537142610bf45b4f11c06e36b3bf026cae876ee6abc96

SHA512
550a833d30ce5b67a63565302930238f2ea4b0180035e75070f5650a48e3f7ad694f880ef1da96d081e93f729d299ef73b2379bf5ae7260f0e51bb07a8abd1e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
603331526bb130246a4cc3838980134c

SHA1
65fe870693ff4603350fb2f8ceadbdf75b6960b0

SHA256
0a81aa262131f41bb3048a9591e95c9ca0be9425d455b56791b6bd001d5c4587

SHA512
47f2a2f2ae05d6482ff243852725b02c5bb6e2a93d50c91ada9006f9ed68bcf5034c4655b27765de1c6e636959f48837de54907c6ed99df8fea929b7f619d377

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8079cd6be1c2e00441a4ba8d780b9f0c

SHA1
d8402acb4a3b5b37999e7a9f7cd6c3ba63f677dd

SHA256
980fa83adfa542e2502f1f8055958fc5cd635249de8081c6ff56abfa4fb70646

SHA512
b2cb7aa1e3f6d6df118d9cdb88694c1087416bf5c2ec5f2d6bdcbb6badccea7bd6d2e75e7105513eb94c43e01565d72260655d5bacfb57c18964a8d6c396ef9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64797cd65bee33aa1af91ced065e97ae

SHA1
ef4f93fa2332c60db8daefea6491b2f6c50f37b0

SHA256
abd8ca7bfb89161bff5936048b94031f1f385b379d3bd2caeda3da6b761452e6

SHA512
0cd59c3d1b33d8ce95d35b70b14be466c85e6ec39005a746e130322a040fe4d3843ce8e523a55ed7edd8aefc01157184661386bba00e926d11062d9dae55dfc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6824335e2114b1d906239e4c462d2429

SHA1
4bc87b56eff5dfe6c9b634ecb3dd584f098d7756

SHA256
68ed0919a00429323bdc154740b07900709e677a81b41fd0021d9c4b71f08e41

SHA512
7ba30a4b358da4a6f6c092049bb589790714464fcb6dd72bcec80ac96bf5eeefa84333f74f3af0df2f8b8fb2f14fe4373a739ecc72263d43a2bbb39a279bcb94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
730e305e663b41d3c5b19358c32b5abf

SHA1
c668ddd470046c7c426a074c8825274e98f89193

SHA256
c08944aa58e8f9fe729799d8d5f72e5130bf655b6c407ee9d355bb8ff6cb1425

SHA512
453b7e82c62965d6869b5231deab7090d88eeb5cdd23b068cd0356d05a0d6019633cf99dc595d29adccf1f304f850754ecda239beac7d8b130e2a3780577841f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92cf466837ff74588370dc05e7032e0b

SHA1
982e971bdeba46758c318246a4608198b6313a60

SHA256
8be197f5956bb71bcd297892918393feab34f71178a1b154be5fa9796d23d503

SHA512
bb731811b7a7b056ac5567fbe65dddf2a9562c2da81f17f16d3ff8de1b8b71adb632eb7a6217b47bd32adfa22cdcdaae39d0a46f5beb3b4af5817bbc060463a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ec9600e9bf3a080ae6ae02537bc3133

SHA1
16373ea514070796f3462fcf6364ac10e4fe9aeb

SHA256
0d7fa2cf96aba7f77099a7fc68586717ec118e46dbf7c2dd9bbaa2c8d20a833b

SHA512
e6a44c6f083930399bc5db84780ef8aa0ca7b1dada7d273008345339354657f4d41254c31251eb84e5edb8482aff2d09ec0237fc116c4280a3910f26f3a4c53b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdba83c79680b6e437706a25096b975d

SHA1
15e8fd5f187eb29f548431bec03489de7794a45a

SHA256
927749399c75fb23a3a8b512cf1b9e4a1fb39dc4433c88821a7e9fbc36ae3281

SHA512
96e442569cff61b33d0e2d2bd1ea96536ff27065900a1dbd0553d91e42a523371fa918da24e5aa1678c9a70a7ecd196af3c2376b460cd2ab2f520ea3a3027ed4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ebe1533457e41cdde82cd067e63e56d

SHA1
d11d7dbb04b694a5083607ca6e1cb460a6ac30e7

SHA256
7dada5b4d3590b0f3be8c50c4e5e885cc3c4ef8934b1c8c9181cb38476dd5341

SHA512
9aa9e8db962eb2251513194e5f627eada8facb02b18cc946b5e6537be131c725070ad0141f0eddb58cd9cd6bd152df0b36ccb2792ea1bfd920b6cbd31485362f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a051c077c00b71956fa2c3623c1db47

SHA1
f4bc02946952d7665f34dfe4c39e6559d1a0a300

SHA256
80541537d4fb0095a44b90320da617045fba5a4e979651901a9f61f4509777ca

SHA512
ca3a307a9522a060f199b6233292e09a612457ea90f982049a39540917cd00774ca28769e95e76f7df55310bd2e845234634b268d7a99da94a808729ac18836e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21702834e6716ba0738ec23fe20c5e3b

SHA1
c2825aa6d26cf4bd38ef958cf647a7b2279ec4bf

SHA256
05473eec085d22ddfa35b39656fc7b42fb2551c3296f71132fd2915496687b6e

SHA512
6b184e8bff47fcd58c81ebe737151f69cc593c0d4ecb7a05192fbcac04395aa5b7a72732352e8a008d35dcc0ec90225d6774f330a788305aae1ca1ace0b6f696

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3bf003a5dcb884fd5a0b3e46ebd9f32

SHA1
a168f5a92360806872d3062fbeacec9700e972eb

SHA256
eccec92700b330e1eb0088eb3aea20175f92f4688804d634216ac5723194b20f

SHA512
72b31f316e915b407cfa81117a0f35008be5228907b8871d329b3faab67306532578cc247feb1227933a7e9eac5bb8debc543ff78e0e1b82d9eedb16220fa3d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8532dcb5c145f0339e6e2d390ebc3e66

SHA1
473834d8aeb6c954627715c7301be58b3f95e98b

SHA256
4e655d59858e4e89c917f93f808af7b04e4f2291f992c759de490a0d0a2072c5

SHA512
735cd7e5b852c0a3515ed035e5416beec00c5ca9ca38165c6e16833ac6597f81cae91895df31bdf7b5cb5955dce5395d7279c8f4d14b8e0e097f71dda9da582e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fd5b261b950aa045e053bee958cfd20

SHA1
a66d885f8814b3ca93741e3e313d1924af31e78c

SHA256
1920c2af9449ea80b419d17eb0e511143ea00b0a9cf3e3f029d81a0c135ab130

SHA512
c7853bbef0cce1effb7751bcac4be73abff3124aef3a16ef61933e6f89e6c981f5095956cab2a59e6383233e75cac36be4f132200283d6b9635ea4e77a8c7151

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b43ce202c12981384e88592c2e8b09f

SHA1
8aa072a49a8ac28fbb4e91a540c49e506938c3ae

SHA256
11e02c0a024a2443392b16ac1375f28ed1972efb492c3c3386d6d8b333a1b881

SHA512
34e9c8315d0015f6315d6db52e91dc2bb5dcbfda1076e918c445548c7639e5ecf8b8846c4c33726502ea650269b6d12d4073772c43cf4d5c51c86517d253e996

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF103.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF1C3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit