71c601bbf0c4543af11db01dde3e0e728741a3d2b7149261c679376407006ab1

Analysis

max time kernel
65s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

382fb2a01ac9596312b9e9eee20e5000N.html
Size

89KB
MD5

382fb2a01ac9596312b9e9eee20e5000
SHA1

590783e0cc72ecdf30e68a8f8e0e042b754f886c
SHA256

71c601bbf0c4543af11db01dde3e0e728741a3d2b7149261c679376407006ab1
SHA512

17ea7129eb2a2566c18eafea80a7552ab66cdf8116f339964274c0fb06a3ab972af833257e81f3afb6a4a18432307989f719a9b675df231c525c28c844fca2de
SSDEEP

1536:map5ydA4zUJKPWDXrmR3VflEqgmTjoz8zEloGQ0+Pc0IASiqfXYuNuI0+bYj/GU6:5MzUJMd3VflEqgmTjoz8zsZMs9UWPmgD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37CA2991-6DC7-11EF-AC61-4E0B11BE40FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2980	iexplore.exe
2980	iexplore.exe
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2712	2980	iexplore.exe	30
PID 2980 wrote to memory of 2712	2980	iexplore.exe	30
PID 2980 wrote to memory of 2712	2980	iexplore.exe	30
PID 2980 wrote to memory of 2712	2980	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\382fb2a01ac9596312b9e9eee20e5000N.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f05e4502949a88a5d17692b80d059d87

SHA1
8107625b198c9f5be4cea92d354cbc8b7f945114

SHA256
075dc08d38d01cd3cf7528d7bd75e314b1369627c33254cce49fddcf2e81948f

SHA512
2f9094c77f73180cf85347c71d4fda5c56cff036122239689dd6d0b3091d04c8778e454d1d0ffd01ba8f0b876daff609f70a9d3100b3f0b7bb5dec84b1960940

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e865d461c37b426f44f41ef5053d9ae

SHA1
427e545b2fb69f43747ccf683ba5689f3907ad44

SHA256
1416c123f3e30ab6e18ca2d5a9dafaba7bfbb7af54c9129dcfff3b5133bb9de2

SHA512
36f9645e3c564c49099bf620c355ecc0329e9ece0f6ab8acd72bf511a1a94875bb35f0e445f2cf92e2f72f86a0351fa8752ef36a645ca52620b3d94f01f8668d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee57fd0c2798c5a14f67de8c6135a2f4

SHA1
e3b93daf613fc1dc1c78d3cc2c5f47007c6f9fce

SHA256
e2eb11fe59f99d0c9eb086c9a90c1c13d9feb232164652670de20d1adb7ae00d

SHA512
7847e258db46b50c87479b6a2fa6dc20c6b5fc2a04d082fee138919b8398de5c17093f57e2b7693ccee61ba84c321f77200e5b2d419dc69fd91421ee30c3bc02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08e4ebda81adaaba4dd337258c4eb57d

SHA1
612cecca2d3e5b8be77dda2da5184e8df372dd65

SHA256
d13571f040814871aeddb849bb901b2c6274cfb13069d9397d577e4e14e553b5

SHA512
8d48680567c9fb9b107df6944a0b4b35ecf7c44b622155daf472c23e48a804e1e419a43ef4ec6401905ea5dd2cdbd2961dc6f21ecd63dc248c8f67fb42496318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
721b9ce309bf2a45ea735d35ac22e064

SHA1
168535053f3764adf487bcd1f2c04830c9284445

SHA256
41bdc7c1e5b7a4d6683973f6674e2951b463b28293d4bcae193ce3c7ada38236

SHA512
d45c3c745d24cbd2e9f80cbf4ff3f1ba8fc13174b28dc40409ddd0288133328acb6f626115220703cc61cd0e51eb7cba9d19dc416724897cde0f78529a2119e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c785eb6a42115a9a3c99d65aa988826

SHA1
e749a00feeef8c14094dac1a1c7e0d6db32d7fdd

SHA256
1b11ea5e16bc4d3ac419afd6a7c84676a256b13bc80d730b008bc484381cfeee

SHA512
08c8573e7402a399f15981a943ee6aae100a8add9ad6b745ab45e2bb95f196ec23221e7d6efcabf9e17d3d0603e1bd2f5393aad436a1ad868dab7715325a86c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
848879af4ab10bca1affc97f3e69adc1

SHA1
d803a9c9260caa4d6a4faca3be14893f0eba3248

SHA256
6c8cb55e032bb8e262fad706046355ffd350fb65cbe5c8f282a3a94eec06014c

SHA512
70b424c66e78b9ae653535ff9c89a2cb5c28d4d4e3bc81c3089352fa220747f32da0b051ce724faf0342f63deacb52e8c1422df48e448d3e2d89136370dc570c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffe10db29e7552f8948fc85611bac0cd

SHA1
8f93f8a0799868bae05b4f22f470c97a42e52526

SHA256
f33637cea8f2dff06a310168e82ae3e78c96258ded75a3ba3a6281066add5e01

SHA512
39a7869ddd6717fbfb149c94d05445b5d63079c66347f4679878e82685b280ad867b077799b66ebf12d8a960472fd75f80324aba8b4dc8a0cc13de6b69fe3663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6329b0caf93d245ccd3a4214b07135d7

SHA1
aceca5f0b40c83dfb43030eb97ac68291fde112b

SHA256
ecad3f18458b86ddae93a2300da2d58293ec5d03d409c3d3c47b3128126559a5

SHA512
f28639160d992c5fab03438eb83a7f3a0810e503e8e6bebf7f2ded06197f71c0ae5d57e38b5f3b6a206d26d1f79a29e79fe21a27f973c6e98631b3dd1c7ca6b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
187077e9af51f6abaa15159896211f85

SHA1
9030fe405480eb80433cbebf73ad3286dff56eda

SHA256
3b459d7b285a281bd4a835eddf4de29fd7172a151833ecedbdc8b18249820f06

SHA512
d0ce01e0a147b4fdb8e2b007736d34fa6b4f93d4265ff3b175fd08c94d5723d2618cf2a2c6d4c48e14fb06a6aab9845fd82aed164dcddc7018804e05c09f3238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1f6b0369a51e3962f65098a39452721

SHA1
e8c20a4e17e7621ed8e007e7d0b99324871743b3

SHA256
19d72fadf86caf6afdc43324341ff42b15b382a860ba542681b64b2b762787d7

SHA512
9ca8af1efc0a3b3cf93dc24cea942e7e5dc9aba1762a7df04b0ac45a9c0a21ee5e590124f62982be11d033698d051b26374dbf09c6bfcbb0895af05412dfac4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
177d1cbc6bc6dd8d27f035c24b099ad7

SHA1
dba2c79182cc8b63394786290ea4d32d5118dca7

SHA256
58d9245adb92825ea260566ada7480fbe0e5ef7bd63c4297cb1b263c201bc1c2

SHA512
14ec53898a8782739ab6f2c335292b2fdcbf72d6d35ff2b5b172fb32200602f79d91094b66a7b0184ec01336c427a835e7a6ece8d577a223cbee2fcb2b9bcdaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dee804c2a49361e942be336785dd207

SHA1
6d895be79462463dfa3c72e74338c1e9c4d7523f

SHA256
0f40605b4281af60ac041d3d67763da8cfacb8b600b4eeab2c89b554bdf86b18

SHA512
62d1cb3ad71e8e86ebabbda1fccdd673f94dceb24779f7ee7d45fd19b304374cb701afb518a096792c3fc7b6e9d1d0114a7ff573c4b7069a09c81dfad53915c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32c6011c7bf298c5b63934c9004b7775

SHA1
b4a41bc1ff47cd9a2ccb6c777ea7fd7c1df67676

SHA256
5723df124f5df8947f81276bd118e5fbb778192766796ae479433011fbcf3e50

SHA512
2124d74f5eaebe344fd7e0316d024ea0d2fe4b6421534930fd1c6d3fa34ffaab52c7bd195e30068f316a9aeede368ed145c9e3bd92a651d9ade9e47a9ec1df48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3606ff2d0fffc39830e9f92d4561cfd

SHA1
7edb8e3cd1782dbacb2dc3c884d06e806faf3f15

SHA256
ece762b7bacdbf2470c4755a6137f89f4ec956e59c416c2d137803831487d6f5

SHA512
5768405ab7244c71f46c0f2d431cc9180c3aac4ec9c221cece5fa110b49dd7a5ff1a69064d159df47f47dcef826c856656280652062c775df285c1e1dc80bfe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b768c2eb830b42dffac8129da625aea5

SHA1
09740adbe83ceaf756d572bdf5a83a1e216328a2

SHA256
839e35fbd9e7925ad2e2806a9b0a6a005d880a60310067777dee466e37bfe4b5

SHA512
7c2975a9b0282769fc59d23c65220247635a8b5bfa86f499ea13c60ff90f310c7283d2827cec80d8aa0a88fa5baab751b749cadefe1caa954b1374b69014e536

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cfc2243849245b201d5e4b398063ec2

SHA1
583528983b8dcb34cfd4f1c6233331dd4c5b690d

SHA256
21decab812c5a8403575ef9f7bb54e64203eed377559b7f4e914fbcd87a2b23e

SHA512
011af19575b7ee5cecaeeae508731c01ec4120ae80ef979ad5941fec9f2665800ba8f1f12e24e754ea4663a0a96770620e3c4361aeb57d3737b88754e8fe6e6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3301775ef8a8b72344ba69737580567b

SHA1
e6ff4b3bc989e2d243b5cce43ba3e07274ff23ef

SHA256
b112abc7b4e0788a8987b7f000da4163c5a7903ff409531523b63b7dbea312e5

SHA512
7d0b18c25c4ff1c5dddd863962674f8fb92b29763521e7d1b48086df0132f65116e870b02e982a46dff4f7bed0690fad4f4cee7d2d400955b8e11219c139c026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a3d3dfb0ccc7bc375de27725f58e41f

SHA1
1627e7de2d9c058990c9eead712620d82090a762

SHA256
82bb1e19a780d61288427a77c05de74e1aaa6ab0da9f924101f33a6fdfb6dc73

SHA512
831e0f80228b56b3c8242f01a4e7e6b917c0b80d1f018d397d0ef6b28bf4b2ada13b5b7508f02c9943063ca5f663653c3011ad944e3321c25de39e0dff2359ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b2e4ce7f5cdce31b80e4efbc8c51eba

SHA1
6dae20f161cad7c5fe5eb493a56392308d782cfa

SHA256
35f7e81dd3f43fe568fb6d23a1de0e65b2b69076b68f8e233ebd0a0a44942bdf

SHA512
5e45f901bbfbfdbf36ca4e561368531c996c07914d5b96c3babfb06d084eb3b388bd44f2f59da02927b25430021ad5653bb3e86ad3371f8f88da8b8cc36e4004

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA5B2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA5B5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit