7243de4298c3e3e0f32f838f115f61aefcdf0513b961548076f09623aca03dc7

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 04:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

cdd699aba4e156843cde7e7801207341
SHA1

21d454f8db6a2b96a0818d19ab72bd00a485a147
SHA256

8c700ba0c563fa4208e38f2ea62d12e4e9fc0bd9813940975a5bfd15f766a2fe
SHA512

be0553fd822fafa92c2431a6df4958f08c88a42b41d78573148f03d9725990c0dc05e4c180cd92e224b20764477697d8ae83d9cbbeb8aac63d7f00abc72408dc
SSDEEP

3072:Snju6fq7MV5EnyfkMY+BES09JXAnyrZalI+YQ:SjUwoysMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432190842"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{725A9641-6FF6-11EF-873B-E28DDE128E91} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2320	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2320	iexplore.exe
2320	iexplore.exe
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1276	2320	iexplore.exe	29
PID 2320 wrote to memory of 1276	2320	iexplore.exe	29
PID 2320 wrote to memory of 1276	2320	iexplore.exe	29
PID 2320 wrote to memory of 1276	2320	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb363195bed73841c8b2510c74ea44e1

SHA1
5ef70aa79e6f307a0cdbeed8e50e323c0065edad

SHA256
06fccbed4523bb4a0d33a9147f838c970d206f5082c712ecfdea914c2494f2c2

SHA512
afaf29b78d23e679a28223913aa9849fda9ef18b9423d6a4d2275a4f7e83dd05f42cac2aca0af537b6263cdd7d35739b9bea37d73fc57ec97c85b1adc89f07be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5b9e3a8210102de25164264b4fd4a72

SHA1
78c031b93018d7850a664dba1f7833ef2646a40c

SHA256
63b99fbfc8f4da3cbd6037e11d1a9c2e661f2999a894d688968bc90fcd40716b

SHA512
bfd77e46140558b37868942890a742d65d7d6b068802fb099598d7150240327322ca9ebc6a5ba106f90a35e79a1b1495798fff43deac36f90635a0c722bf2bf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ab67d6617458bc2021700cda1d935e8

SHA1
82422acdf4c8636a152e8c2278dc0847ccdc7887

SHA256
0b40ffbdf774ba0ac2435585dedac44d9f923ff68c1a8cdc9ca6c6ab8ed9de98

SHA512
1dfe27979d6f83ebb87cbabfbb85d6f4022c6b847c85d0827c8bbd8f39214173c9a56c5211872ef1e2c397b516175d7d6d475d97b75ce3bbb20c762ca0b09df1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25353f97faa6c8eb88e8a1ffce8591e8

SHA1
eedd40aec424162c1e0d091bdbcb9a852db72e70

SHA256
f359d7fd1359f2732bc677c946fe73229b62efa8fd18581b829f7f82129f820f

SHA512
24c09e196869e7b62daee5f631068837c29698938c07a3eb5147fed57f20234063d4a8bb4316fd580ea1eead92803b207452ea4cee7e4d3d6638065a5609bc03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7aadc9bcc0dec00f0d06be59e6a4fcf6

SHA1
19e917a27a0f9eb953599e98e88113fd4bc64022

SHA256
c7886c81ee17d87d688257c7e1b4690ed0a67b8f36c8cf0e694a08c2e5ea459b

SHA512
43dcf735bacef17a2b0a007bd5e96f23b32d4164090d6fe2dbaf72a37b28e0099e9d24b1b120c2872a28735f3231b672d098e26fdb5e212037a244ed196beb87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47088dcef709863da83673d8fd36928d

SHA1
3e4fdc74b4a54e04bb2ba0ccd2b5ce34cc773fe9

SHA256
4b62b9a014413cd13e1f3ab6289dd149f990abe1322ab3bd6a289d0d1bcc7c22

SHA512
aba9cc9487983a3a925144aa194ff35c1940e8ea620708e98f8cd33deabc240c5e7c0c31f336c374127b56e442074249c72d6cf0d29334c6e5606f1f29698e15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a86b82353ac5016a7e35fbfa8d34247

SHA1
36c3d28ef2bf028f34caeffea5e2e6524cd75b7a

SHA256
c50249eb5b279f51142e794447c60a796f86a1169e2b962be54bce53e2a6459e

SHA512
32f934915be712388f53671d738ee98303a88071e70faa583b7d367626359969c433fa03e24c90ba6b8a46ba0b39a1bce68dcd1741bde6e87b05bf52b41c3692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3128a29144d83509dbbc73ae1d4e237d

SHA1
1298bdca7a5d35c04b3021956c6addcf106400a6

SHA256
1de6de8e9bb292c40fddcb8c0995a798af087f47fcc5feaeb805dfa379b3c4f2

SHA512
a6525a6178ebfc11f8f00fa1a36dae83d92d05bf90b8c3c032a229b26093c7aab422dcec0459044d3b9f0a0ee7818a80c5e9ce80d0d6072e4fdac3b2d3b9cd35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
690cb7a46e99c1f54afd42de19861be5

SHA1
8d56342d494bb82d8c589ab0caa7e905613024cb

SHA256
62c10c7b89b1fd0f726ec4a410920e52c988f07e31d631e66605175457ca45b1

SHA512
16854d0ff7153180095249c8c342e17414a2055b733343aca6ae3d1ac0bcceb51bbd518cd8b546e7b01ef55ae0a6d5fa348cc098e00a52c390c5ac6c8a29bf93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0bb64c369db1c9774a48ab5aa703cc1

SHA1
05045953a756e34646b9a2ae03a1b595cf0145a2

SHA256
5c371e422e8d5df21e851beb24f498dd9973f0b32a2facbadcc34a841c8bc2b2

SHA512
86bb23b501229387e935f58fa458c79e42d8702b08281f30a94782885f8ee8b76d4f2016f6dba34e84b62c43a6ad5baa94ae4f375c6aaffc092cf74eb2dfaf5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09a521ea4dbba1a1cd3653fd687e8b73

SHA1
3aaf13196d2975af68591234f41afcabc89997ca

SHA256
0d2f2f2446a89a30a1a3c0986851e189727a4866da55a8985fa3118f7bb9f654

SHA512
5581ceb3143cf0c12d42b5a086eaf701aaf9cf992b724eb50baae7ab4f547da5f014dcc8046d647df4637c4499f116061f0682d0d1ca503eda69886b980bb245

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35fba049baa8c95decf4827fc36848c6

SHA1
eede4ca313fc5b77de55d3f1c9012e2a544a98ff

SHA256
1e48a2743c0da88260d65b21871185d1806a36f39f8a0a177eb1ec9a31a62e64

SHA512
fcfb5dd1324d027b85d0b646a979947fc0509f4ca419ab74c31c9f93f9da02a8553de660f091dceff068dfbd4b91a3533f6d531a30dbdd8b6680783174c5fc0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1235a7221b39ede5230d08e14366732

SHA1
61d23c989517ca5359a2f638fb59516f8b046629

SHA256
78171ab44caf1d345cd44b17142c87452bf1984b072401cba3eec8786413dc06

SHA512
34e116d1037d7522ec14a853fc7e23ecac3b1a7e2bbf9c2d79ba4907c596e550a250e238c79f4ba37e4f56bceeb1fd99d59e09efcff8cb8283361c72b7ef97a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6dee81e16c76563e177503bf337b63b2

SHA1
84f960a13b862e6049d1d7fa884e687e8361321e

SHA256
b6d8ac2d54b1a8a9cb533d1f1ae436ec34836bb82037629c8cba05f632b92857

SHA512
a48166e301ba73dc26bc6fc6988b77beffb146c745f92d8da648c33ab0ba9deb821042fcdd50dfd795006f721ead39be899b170b7d7416cf301dd14226a3f4e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d130fd0772db9b142fadc4cfdb7fb4d

SHA1
8eda2ae391f418aa16de32d9aabc0a382f4340c4

SHA256
8a8b66a81416b3617b1d7dda78d41080dab672f1f15c0726c2d6c4e2dc923b59

SHA512
f38eb75921bd1fd0e8aaf3a2cda0b5b7b80709c79417f17b5f034b9ba1c95f7ce7fe49e2bd97d27c83261a7834a424439fc04bc0e26e217149be12a4a9527e6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b9f1602b6e27a63432bfa4492d8974e

SHA1
8afe2424d154be7a3cae0989b78b08275c8011a9

SHA256
ef395e078d1dd8b098ecb16b4264b89193409110a6f881b2b8fc54d6d3e2809e

SHA512
413eb3f9d9d2311220a73b60e2027d0b39c6b38ac4df5000a192ed9231239f02fb75645afa5d409435234b5fc16a96da56966474b2712122218ca3568aa496a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f1935c06243d55606570a32527dcac2

SHA1
3d0baf471c87753e3804d41b6e969f17bee7d285

SHA256
755d5ce97acd97437d310db9bd97099e1980fb5a34211db6952f8d160e81060a

SHA512
aff6fbe015a01fa279c0f9cda8e62183dd22e84d4dbaecb482e7893f98641d9c5573b8a05d83aae9208adcac2fc8407978e5efb4c371c50bfa5be01b3f770258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bb1fba22fff5c37f3e38367a51c88d8

SHA1
a976d64f19a9f1a0f813020ad62f68401018959d

SHA256
e0642c05b1bb069eb7af1d47f42425b96f3361e965815b381f2817035977d7b6

SHA512
7e8b2c55675054d8bb7b7234edb79bf4f706795e51527fed5db003a6250762688f283abaafe26b4a8c1295ec48be5ccf2cbe43e8379e859a2ef4a0bec320c043

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA611.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA6C0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit