3d3d3b4ba049f1b6fc4e9ce1dbbd303a26dc8207e71bbf2c215255ca34539a81

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 08:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

d2bdfbd03cf6cbc6329fd98c67b1d88f
SHA1

9e7473851c9155daf2ac3375798e7c4e5742e60f
SHA256

821eb070e88a5f5818b6d9e49b531c73fef124ebecfb8ce68fa81bd7ecee215c
SHA512

e582dec026a0aff5b4bd2f3b944db4e960087b7a6462b6156af34f944013e256ea07afa52435274a92a761d6dc9d41a3c1fe7aeda3b54bb2d14d35ab0f525243
SSDEEP

3072:SWwvbABLBew5Nlkw6yfkMY+BES09JXAnyrZalI+YQ:SDjoF35k+sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E24B5C61-6E88-11EF-ACDF-5EE01BAFE073} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432033834"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2636	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2636	iexplore.exe
2636	iexplore.exe
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2772	2636	iexplore.exe	30
PID 2636 wrote to memory of 2772	2636	iexplore.exe	30
PID 2636 wrote to memory of 2772	2636	iexplore.exe	30
PID 2636 wrote to memory of 2772	2636	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d86abceb2b992726c573b7476f38d9dc

SHA1
dd855a839c46bab3665de2e964c62ba16cedde3a

SHA256
61d2f8dedab82fc53383ff21ab8c28585fd94b7ecf78b12e5a07f7768f177799

SHA512
9cf4d165e0c27f2bfab1cd35a4a0539de56580c82adbdbe58d69377633b6664bc7463284531c2873e1465cdce5818202f038402d06638437966ab1a587ab52eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf17ab5b96f93f123af89f6cd2c9115f

SHA1
8b29f9248055a7b33d08a1439ce8b94312fbbdbf

SHA256
5e70b702835b73cdc9c4f2718a7fad06d7ff12ae9a842a84e7e7314b6e234b70

SHA512
b5459f325c042bcb43a688e73a00ddb5473e40d482a463504c23169d91c53ea5d28ee604fa92fd88358f67fc56a822f75aa326b1e1b9dca15ca8443e031b8e44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45c28944478c2ea740b42c519fd8a543

SHA1
4c10cd36ae10f17bf43388d3088493c331857391

SHA256
4d74f3b65da91c5d4e7b7fcc3feb1e6e93d642d4b9e557938bf258e65155d1d9

SHA512
1b723b8d451a52355b6987e4d90f407e04de8701b9b9bc467833f6da99e7408d089e54ebba670d32a81d8f7b929c21a6265c99df33f4e94e49a9bac6b5a5e69b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef98dd2b43dee5f5d78c5a5fb3137b25

SHA1
6bb64d1ccdc709bf43dd8d11c3db14c36090c1e7

SHA256
d61378767732a8dd3f90e15eaf339fd17df95c383b2d30c729731bdf54f4b7f1

SHA512
eb0d2a7dab67cca2022a60aedc1fc7e3aa5c32f760d20429c9548470120efe0abfecc2f931f3e282b40af204bfac4180fc83c9d0a1277ac9030e18bb41d83f02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae29bb75ce264bfd39e0d36234dc5336

SHA1
7eb901a00ebf94e22ae9b5579a794ffdfdea334b

SHA256
ec4480cf146253f3eb8e251ca22b4fe44e3c2fe4dc432df976406a30b0ffba67

SHA512
bba52e71d3a9639f909ca44f87b1788e969eea89a08de21ea04f15a00465104f8d8df7953f64d2e56734953d5957e628c31fa00aa931b0881df7dcea24e4c79c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2800854fd9f7062bc677588df4bd0d2f

SHA1
3c899655f982563edecdf429a987db8c0642ad6a

SHA256
8ef4e76e80b4b46d09d029ea5793ed087d8d9ef43e1cf3e7960f3bf69f4df375

SHA512
b9f05f3c550e1fdb72951f20fb0a94cf8eb4d8c9815e598d8b84f2090b9913ea1db488e4551fa9797db5aa273607b2f151ce6186b2784a02c25661f27d35e989

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb1ea0061c7dd3203c366a454cfa8b3d

SHA1
8bcf1f22220e0e08b83c82bec7e3434c84720553

SHA256
3f6bd3982fb13b3ce1cf5ccdad8873518e695f9fe5bf30bcd5fb20d7a445bccd

SHA512
0397d85662d4df140962006e25f879b66741df27be2de96516f0e585488ba12909197cce6700bb96983cd2b3b232160e46ae3006975c14531d02ce20964c75f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ead8492a3d246471d103578c910fde88

SHA1
2a822a405f66be5c7a93a2a7832a87963c1844c4

SHA256
5af5d958b9761d3eb3e3b7fe3ccddc05a8ec65c802f9e888b79c76af45cc9c4f

SHA512
f35e68b38da3e23d3d08714239683054b03c63b4b7a64007f5838636bb6d5d2343de24ff46bb20654e524b12a99e0112ce3def3e453a02d8374c9b9d8abb83aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf93dc316a61f22570a2b9e477570739

SHA1
2467469b79dfffc73bc29642005b054a40ecb22f

SHA256
c6d8cdae1aaa5cb3090e574b3c4d986096fe12daaccdf062ae635249b005b80e

SHA512
c88410b9add521e006ee67ea6f52fda063a8e508a30c07fd14b9b12a5ed0002c766d1caa0fff1fe93147c3946283556c8684e8cdafd72054b21706c188af26ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc1678d778e13ceb43148a406e5e886a

SHA1
43b0e68e68b878cc64ac99aaa81993c96492a157

SHA256
aafbd91f66c4644f149bf84cd1758034931ad3f108e6f478554fc3b2a69810bd

SHA512
a0067ee7ca97b4525ddaa4baf0e26ac4bb17154ed6b2dcf544bb25a45aec173db195d1870075499f3ad850075cc5cb11cdb664efe3b796fcc1494bcd7cf62ca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08d78b636e28c4a79a627376703c7e33

SHA1
39daf42ff2f015934c51f4b0558d02012a91e626

SHA256
c1a2888fd3cab8e013da6bc7b75951578402bba77a89b14f8b3badec5d72b53c

SHA512
d573866a4a8b1188422a0a91d0a50efa22466c31e80f2e94e7f0e0d32c4dfc6f139ee87fc8c49814f9f45769eca4679a4a0454ca35d7196af6c7d066545e8045

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f31c0ca9a0d024f551b33131ffe59c3d

SHA1
1a3df57f04baec653f6763a9b287477ada1a6a20

SHA256
7c1a65612df5a0738205a92af88b57fa6258ee36dcabcf31914b8e917c1bd608

SHA512
537dd6b78a9c30a132975cb3a3a8fa3c225065e7d857f2dff59aa83955098ff55fc1d48623482416bd40cf4a24d76cc194981dceba902f892f30939c46ecf2b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b797a83e520a1f26797d050edba52792

SHA1
0d2d36c8031efcb1f4475a13652c895b506e9b3c

SHA256
49d6236b228100a00b4182012a299165267bc1b2044436f2f0588bfc09c66b6b

SHA512
311b2c42529e4866a6bbb97af57f793cd4a3eec2013f20a405cfe495242be6e7ba38c153c8384aa1bc655dc368ce937c615ccc44e2d4fb21fd7f1d7350ac7e67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef2b164b86000f2f87ffd2d5d11de952

SHA1
1a25a61a46b10aa5b79ced31a52e43f0c1764e00

SHA256
476abb486571bec9249e28320783a25651f3bf428b18f3d11e69156606eff154

SHA512
135953ba46d178197d1d270c691d84680f3518b77361d4dd5ea014e862f46c64c0bba2ee35c68ea2a52948550e6e1f64ba4bd26349fb10289b21a9aa51e29120

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc0d8cbfb44ce54bd1574463286eb5eb

SHA1
d48377f1c0f24c5e7c2e8ec7d21ad2f04385e0e1

SHA256
ee70902459c2a86fc79e92dff6a59c77046ab0da65ed16888849afb85fabe1dc

SHA512
6a8d5128cb3e8bfc2ee0c09dbdf4d0b6253b7b0e6797dd95680b839d73ef8959c2178b2fe0e66150eb2bfbdaac7f25dc3abdba7dec2a6b894833da7f997950b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a836d563bbef087f6791b35154284a6f

SHA1
43d7ca8aba40e77dc53d971d5264a19ba15996d6

SHA256
0270623efd1ca9a69d2a0f01afca77e1e46383a461faa50c175bf56f53e04aa0

SHA512
c6a41907b428f75cee245fa4f7fa5830aed457bc92cef462b5daa718c9d855cd5fd60c80d69986b2ce358b62e672acd741b76fe9c6287d8df78bec65de5dd448

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f345523aa3691660459c9279ffe3b666

SHA1
f3e5e35508bd95fb580c0c95018516dcc0c17714

SHA256
62e465adb8e522563cc07ca5e4fb469eb9c6f638cc163d06cf52c70fedde2b9b

SHA512
b44a5c23883ae6fbd1eb4c1948138f0859a53155c86ad4862a00f44c0058e00e23373df39f73d898f5920db30cc3e1a8a098637ac1a36ee1bb9ff8fd6594885a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc78604f8c32da495f9e1f2db061e96d

SHA1
9af48ca693e366cb7dcd2f23523062f0b3950d3e

SHA256
74efb5bbe897a89b34cd5911b544a12632e7c92a462e9c3a0f37626e8a9cdb7b

SHA512
2233f918ca3ff7e8cda3341e9152d195f2d6cb463c94fb4536698446f1eedd94e7ad7448206853a37247e733a715f6647c1c19a813fae1c3938e0f1e1d1cee56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b55cd4c9839400835bc10ae815483b6f

SHA1
39a02a95f50533acf5c4c7d95fe49059bcfe5456

SHA256
4b01a3478ef51ff7c05ca7be5055d29cadd115e717e89cbe5889248fad4c5297

SHA512
20d71078ad29daa4c0280ad311839f0f0054406b8e106cd9e3355b64cfcdd9f5a4786358f47a93b66e7ccc96519efe1018febca632d25b3ce431024559f6f4c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab53AC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar541E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit