584d3b93032cbfdb2089e8d90758a93c5c378231b2f691a1d270c11a2af5f717

Analysis

max time kernel
138s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

ddf2c6fa9bca171186d31ea857d074d7
SHA1

71f24d15323c6023e48e37db6a20d2014fe143e9
SHA256

d7f83e0bf488f5632db386d7d19f63f6de642fe4cae99bc786a6f0d752069c32
SHA512

bdda2c4b23bcaff0d79c0dd71e12d6b715a15b8b934027d9e9b53061cf7c9e3ae11764a2ac5335b2b6238fbf48068ac8f9a189ecceffee50946381d435d29e6b
SSDEEP

3072:Sxqqr/3t5z/Iyo4oHZyfkMY+BES09JXAnyrZalI+YQ:SxZT3MCsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A1566221-6DF9-11EF-BDF2-7E918DD97D05} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431972308"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2616	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2616	iexplore.exe
2616	iexplore.exe
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 1276	2616	iexplore.exe	31
PID 2616 wrote to memory of 1276	2616	iexplore.exe	31
PID 2616 wrote to memory of 1276	2616	iexplore.exe	31
PID 2616 wrote to memory of 1276	2616	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94ef1248a99d5b91d86a21662f232030

SHA1
16637429f6e8565c5a9245b326a9603243a81c69

SHA256
b3e30e3baf2879e15408af35c3ef62de5c7dbf69bb0b15cb7671aa969b5be5b2

SHA512
8060867e25a46d36a1fafff13289765eb5c3614ba9240590f6fae896ad95108d6f6094c76cdc6fec4d1e84438ed159487202ffffbc3000271d3b61fdf36be0e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aed8319b449f9e1ab5ba6915c0dd2c91

SHA1
119d5a8ea2df2504019b998dc98d1c8818501452

SHA256
be666de8d1e62bf563a236e306d360c7e0d59d60e65ae9acfba07664a3e3f9ac

SHA512
e10c93c9aff1e624bdcf8022891a420b6b88fe4fc8a590e5c8a6359853d96273198b6de87495471c0abd3ebcb430ffdf2c3af28eda4d1ceea185ea2164716b5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c2054a20067f9b0ebc8fa0e6bc48811

SHA1
14ce4ac06d9bea8fc5a168f66c6e6f3638c3be37

SHA256
779f69ceb7389960711f7b3a699c534e840148eb36794c521e7e6f8121804033

SHA512
ff109ba7283c034e33c29b48d8728325647ea0b339f4bb494c6a82f677bdb725a5b77b821866b76ee60a92626ae9f0859030d29e498904d190f4072be40c53ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc1f7681907fe8b2f65260775430363a

SHA1
7563b1c73ed262b8f9ddeeab9b491aaf9cde0fe1

SHA256
25a78f019e58bffa2ab6bdc9aa2c51a59cf1ab64d174bb979d65c6308f1fd190

SHA512
a1d25c80be623127b867bf57c299c4ee42f311e56cc2770ab237ebb1c5e96a6d6cd455cf1fe8ba7af85d130fc1919b8af0d13efa134eccd2937eaf765c5e937d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
027163f655ab680eec38e64aad55921f

SHA1
bee32d31873ba6d3812c89541a0bf919b62b06a9

SHA256
44ef502b68506de5930fb4e56e7ca8a4da16f9d893701775a3497991345e3e73

SHA512
52eb3756fe9cf159b0373744d70d9b7a5f7760ccadc6e4b6538b8670299f41b04e6f818013f55e96721fcaa6226d7cf572c2737ce9ce99fd56fa0000f2340794

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3972b4c54594e7d3e29b883378690eeb

SHA1
3b4acf0b1a1057f22e507038f1a2e1ebb97de2b7

SHA256
dd912c424221b24d02bdcf15faa9a9b307e3169e56c7dbf4aa302bffa9e22c11

SHA512
63f94556b0f14fbce541695b369a5bfa8458030eb7558992d8284d7d94cc16106bfb58f85e9301edb6ee2c06f1417d2f325142355074e5f3a40187ad39574b9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed2f6d81697442fa3eacd8fb1768d68c

SHA1
c800c4bacef13997d229d8799e94424ddf2f20dc

SHA256
f336f2cfe76c3e92ce83541286c717c91e6a6e06d104c1f5cc4d00d7ce1993f7

SHA512
590a00305ce7aeb9aa18cb44063832929b19c2fb1a2bbd3a50159d05e9dff5749ee4ed52cf8f8a925b863ea4bf224ffa744e1d91e23f4861ac697b8ae2a5ec0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd3062e3a0077733bc6dffc9d5b68f19

SHA1
19c26eef2e554a64afceed40790b04f4f0d097f0

SHA256
91a1ee8892e19224248b177fe75bf77a10dc9f09b64b5017ffe688fe97202729

SHA512
127d4a4892a91fb36ce60672db84122df0a14383c4be36eb42c04f78580c2e6e5653d472694922ad0f050b0d6332f60cc8e33184a1c1c20e72879fc6b0d48be3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44bcb09bbfbc3c64b6a4413b052b360a

SHA1
5b159c38a9e758d8c8e920866572899f1050386f

SHA256
b13c6d3b4329a055dff3c234d13418db1d3a4850df3beb2718b90fd62d23fceb

SHA512
42350df162dbbdb18ced3b614b3fcb7e697062900ef6e2282bc701c40102ed3467d8be66fccd51bcba2ccee1572647ae144a318b4b43d0bd05f07bf94e2068de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6426375db8f80de02b8b043b2c210357

SHA1
16ccabed1b7afd0e9a38e702d3762dba4537c978

SHA256
f5a9df9940671a6f20700b22cda98d77cc5a5389a68510a855ea48781288efee

SHA512
2fed22251bda7e5b2b181101fabbc0a73e5911871a65e28404cd89b192cc942b56f3a20219214319dea2cbeae96cbb376e46b59d2380771d344b59e4a9f40134

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5768d740436d950e4c91534ccb9ef6ad

SHA1
9c934bedfc50bdfab9a64a9f349a54aa3346d74a

SHA256
cadbd0ed38a821150af8d939926a3a1712bde3eea6475d6a8446c33fd632873b

SHA512
730df43762c753e1ed0bfaef9abcc3b82acf7f9889504656884d2822c0267c187d6e836ce16090c20276ae803281982ebdb1d22a79486503cb4bb2a24696ef1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61749a187d4f0239c852790b40f0e0b8

SHA1
08b75dc5f2b1482284b752af139b56ad39ab7ed2

SHA256
7a7eafd0315d142af1ab0ed151ec850176738441246dda5d5c5e4d0dec4074a0

SHA512
0c27dcdb1dfb4ee75a7b28ea54751e6b27c1bd6798179b41e574095438b14af5f92e880efd294c4775b60e4e159867ad38f86aced690db9755f199c562ef5434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fea81db83158ada9325f1b5758b056ab

SHA1
76b4cd8847d0621356547fa75cda622a1dff2e04

SHA256
505b167506f86ed1858c160abc4a204ccab093a230acb83a2ae17a4ed7f075b3

SHA512
a2882ee2bb30c63337a8ff793bce40f9ccb80d9bf5e4fa05caf3fbcd432ece0b82c1fa8036b7f59a68b177642bba256ca422d6b9257276e6c86135fd2e254e86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdb14e2539c6860b38ba3a23f4d400c0

SHA1
349605f45a2dc0adf3c647ae4b1a01f7a7d18254

SHA256
aa1ea4988301afd14600c2058f9e0ac007eae6597715648b388c85a123b35c54

SHA512
79cd15fac0a4baa55bd77a643579b15364deb76eaa73f8a4dfccbffbb981a56428f6e578e994cb095decd6d92fb0e004fe82e0dcabfe46a15a88d714b18004b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
540931205bc2e31c4a0cba378582352b

SHA1
5907bdf4198b19a3c3b19b32dc05cc10e6de0856

SHA256
ca3459c8a7f792ade30b75d793ef0cb1cd6ca9fe793710e8db202ff82c1d385e

SHA512
a9337b6b469d54332979a8cc3b989df4fde734625c0cebabb74e82368eae966c7d66bd228c7308a1b369beafe69a07a49cb6e6298d690621a63bd4fed085b96a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5725033897947594a33392e44865194

SHA1
25c827c66937fd04de73a9ab99edcecf7ab7050c

SHA256
cd155abe5d865fce212216bf96a0b9856853b5ac906245f0c70f04a66181c1b4

SHA512
764c0d65a7188c6207b4f2c6a7cfbe6b38f71fc4c7994193be2d34f0910878dc8681555af4b06a9f00762fb91e1dbf244a69398e6d12a4295e39cbed53f41e3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e7ae6b19b522ce118c9ec5e72da37d1

SHA1
394703bfb4edfaf2c02291da47fa8d2c038f8d3c

SHA256
356285b617f83e70845917bdd868cdbc0fc35391c3800070b57769bd6ea81314

SHA512
351bcfad2b08a24b3655c05facf47d65181316e1403aa6fd1a9f6bf5abd8d35c2d428fd3cea6735f83cb7b3669c11406b85f7fb6112d763f341604af5aef46d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a528d6b2006741b15c519c2687810a0

SHA1
8f725f3a37cb237b29613d8960cd43ba44067aba

SHA256
3f1212de3d318fa3af55800c3cf55d7b05cef33614c6837cdae2179fc7a4d76b

SHA512
cbfbac294910ee35e34fef22237e640e3a148fb526fa87c96dd98aea78e0010819e7249769633bee3dba7095db919851beb892b2f847d5ee44510c8fe59a493e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a341b33fdfe790e11d0fc1430606f929

SHA1
d099cdb0b8b9e70a60e0575433a27c1d41eb44ad

SHA256
578da929dd2df8fc79741421cd95c3db39c87ea8e84fa247c47a934696469be6

SHA512
cfd6764d3280acd4225f786b4f01b9ee42524703cd8325cfd7a085ea6a3b1f536eb4b13516a8eede76cf4bbf6616bbc145dfe0e33dc9a371969fc19cbf1f8d2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
195fa18370c63d3149f8c1c26633e61e

SHA1
94002a1b75d69e7f2614865d76ce7ec2ba242641

SHA256
eead15fc071528272f5434c7da2c9cdc512555eb8a9927fdc0c559413d1969d3

SHA512
ddc8aab4606cafbe1c7d9ccb7728f6acdfdc76ef59c59855e79e8a8f1443f331a7a59a04cce46a18b6e4e07e1951286d8a26de1408f21024fb86952cae1bdeab

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDB44.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDBC4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit