2bc11ffb96d27ffcd28cfcd94298fca1bd8a6c7781f367cdb5d8750a01e02b5c

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

e908b84ef60117016291d0adcf520f86
SHA1

b7474f416eadb2447d10c862887a5632e1f67887
SHA256

ecdecebacdddcea15281a62813df54518a4d51507f55e422e4f157355a62ed5d
SHA512

368429ff81d766bd409392efccd3b13a8a6f7cd762a967d2f12be2fd5b8af3483f0a739e862dd930ef68c094994c817197325c55612ec2a23c41767600b80a89
SSDEEP

3072:SINMFI+1A5xyfkMY+BES09JXAnyrZalI+YQ:SIvv0sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432199391"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{59FAA8B1-700A-11EF-B44F-526249468C57} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2520	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2520	iexplore.exe
2520	iexplore.exe
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2724	2520	iexplore.exe	30
PID 2520 wrote to memory of 2724	2520	iexplore.exe	30
PID 2520 wrote to memory of 2724	2520	iexplore.exe	30
PID 2520 wrote to memory of 2724	2520	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6d291ef596ab7f20a82d4cb9120c103

SHA1
1beb9d4aae324da6bb7fece94cef5e5f4eb44ff2

SHA256
ec7fd9b8e2dc01ca39f7c30fa146c37dcfe4e7e8b0597e0b4614ca436c04f465

SHA512
9785e653c72446d475af6ce8afb2ec1f32919fa70bab2a8871f588ec91d8fa250b6fb44d516ec68190ac815097b0f15232a2a0c4e15e244413ac9e8b4eb030ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4a45492eb93e6869293d1a688bdf6c6

SHA1
c73660b871879f7d42f07d695c9245e275dea31c

SHA256
a32703a634dd7e247854b40b2d5885337e7c977f4725c351fd12b3c294797ec8

SHA512
844b83f5f7c6e5e6dec39803b205fa381dffe7fbb089b500f278c5843893a3c9f472ad88e0b339123a8f9ab99a371e4095da749ce93f12f754771ca48973e6ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ee9c689acfa3b385b11d188efbcce6f

SHA1
f4d392d6c17e8b62ef3ff010b7dfd22e06cff1b6

SHA256
4f80be03d32a8206934a34d4038da7a3f07219d02caa3488337ae1b311afd308

SHA512
661f310a8904e94999576fa9a7cb5ce05198780b76c1eb8656b91cf243dbb0cbd3eebb6fa60bccb7f2daed0291314752ae15f84afe7f40ba1e3023ffe87277ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96e502192e2a3243afda85ac7aec3fbd

SHA1
a1cde062eff32bb27b37c0cd15ce59f5764ec8b6

SHA256
6e3e80de7d8d711fe8192c13df433932a1cd3c44e93a7d117e156a43bb7fbf00

SHA512
6338860a1f7fae6c5bbaa3cbf9a77f79b5408565d6189cb717e63b64a8b12f7fd64b6976e6c4e2f4a2a9621a230f35aafec3ca552a31d3a3938a62d22d10a67c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9f07cdd5997b6c8747469c595ca64b1

SHA1
fa9a03778090b1e496fee52a008010c676448cb8

SHA256
02db4a3500a930789307f9c13352d6a6e3520805ffe52040454235cadaa84793

SHA512
7ae17aa31f60702d8ee8c770355f7a322b87db0fe513fa233d95d8e47fcd7b9e60d2f332f1ea4336ae2511e67768711c4da090df8970dbc0429acf7926feb27b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6856b09be74c8f2919e991b3573aa05

SHA1
776217baf834af99cecd444ac4002b75d6557a20

SHA256
5ae0e1b9f0d6aefdb706da77a9ba39f03004c82d55256cd669a90f569c307a07

SHA512
2c31eafd565538cf67a713900388685300797419a4493a5dcd3f51f6b90129659da022ed81689d092259209bbb78e4a2cdd606c18dbe2548d000bd5aa5882621

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b325df59655ee3ffd6382140ca397a80

SHA1
1055f0c9cb82ca898cad9fa040c81d5a3368e5dc

SHA256
bd8d8133178715803aac1621b0a57d954b87092a5f2f76a895c9de3225ef110b

SHA512
d39174db07ca3018117217667c1d034d06dc191533ed1310afb720772fe18d3dcf440a06f833127e910a8b022ddec61c5bed386993a2bb981818ed5372488a76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6940319c79be414e0226b5d1c27044c3

SHA1
58237c39348386928d5bf5131db167688514686a

SHA256
1969c537b20e53a229c115d147309440d34430957612bc9fd995e2c89a409682

SHA512
0f074084751be5b5b2149f0cda56906c652ea18eee1a4be12cf9afb613180ffc01d562d0c532cee9401d9260a19f100c5f962f56ceae0d49d3ca830bf5a7b8f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18970ac5d9a3d86e832888a6030b0756

SHA1
33b9fee593d733f1aae502ceb97fcb3abcad62c8

SHA256
3c52626129afbe54e7e23a2cbd9823f2108f3422563ba113208437d62b8398ef

SHA512
fd03dfa6e2d8715fc2d60d402e85d9de41226584781aa5f033ea7aa2f90ed89a448df7b054c4e88273d562c1bc40645114ecd05d7a3186b5aef506bb6f358772

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64846644164c14993e8b235fe7a10584

SHA1
73f718ad27c207674ce55eebe4ee4c30dcc80bbc

SHA256
621de67bd38caa2e2bf6bfe566c3699cea93ca3d30811f53c980f8a3e6aeadb5

SHA512
8fe4c8d89c1ff9e43e860fe09225999080e92b138e83f79c9c36fb623bbf26f9fe739311b3d557179754adf5b21a728b06107844203248e9329a04dfa0edd19d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d447d7a3470822fc8eff3010ebcbdfc

SHA1
bd4a9f4be91217f6de53525a45e8db932e0c948f

SHA256
6e0806020f6affe1d634d2a0deabbfae2da83c4f6d2a96094dba15a523290912

SHA512
ea83a848a7e738b0ecff26ee38ed0997dc39accf4a49f89ebd2f1ef231da26667638b78cb58eb40855be5625e8b66f0b3b88379f2e31e9c67b01a32e57dc60b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
393cf0143ac7dc47de6dacd7716d13ad

SHA1
badeb27363a0f959ef4a009ef2208fc95beb7f40

SHA256
c59524eb4ec22636c3d023550dd57544c1a661d7c4f5b3405abffd30c7bebb1b

SHA512
f7c95d2c8078967dcc0aec08474b6a4737be599a64cae4529207537a9ff77bda314bd4deb01671cbeb40bf6a882344b64438eb9b22c6f6799e9aa577543ae3c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35f3a1376b5c8c52ae1791b86205b1d9

SHA1
7bfca4279dd7bd2d0e3bb85ad72b315f47483f33

SHA256
ccac5e2f20edc42988cf1d441b78d5583fe5d3e61f894dec218b9ffca3d4f485

SHA512
4eed54c3282b411708c979cb92e4191e1d616437db803c0af1330c5a5c5f82f5d04cc5dfa0f92d2d771ba507a0ea015b51f1932727dcc90806d280e77733d85d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b76bf2baae44303d303b4b9f59a0df7a

SHA1
5f359a6b93ee84113689a41f09609049b66b9358

SHA256
161c0dce9a655169a7da3aa35ca57ba5be2daf644bdbcf6c6ab2274edb541746

SHA512
afab5cae639215c78e550a78d80bfec34c5b926e2c998a1b6ab1041bbb89053ca14af2ec558b6d11685112ad8856e8f707f3b4888accaf9ea6c11ef9a81aee75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b8938dae71d1ab5d795ff1af1f37b4e

SHA1
7d66e350be08926ff7be695c22d291748ab49151

SHA256
84e31403d0d8fcb5cfb111e9552c6ef093781a70d788cbbe3a338586fd0f3ed2

SHA512
6774ed1df248d83bbe3d558f3cf66195e73e4215475d4a5e5c5cd7bb28027b6a8af1041bed30ba0a513675ec83f6e02e89bbd79e5639077d5dc529968a00b08a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8ef1d321cceb2dbb63dffe2652f58e8

SHA1
a5f4876b64218f0bc31a1c0ac21304ff2b1ea9df

SHA256
b2f526877c9140736116796f6e0b81cb40c2d7194b2baced7384240eafb02852

SHA512
61362996cf55f0b2f9f9e6746fa87dbd10d7be656ef9ba7dc4d5b752e82f35c43e05e1ffd039622fcc46d54c4d9a7d9f854eca39afabc0ec4a24aa18135309ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
803e8d17a80dcabdf5ae3c0e3c879054

SHA1
0f427b5147c7a7b475925a709ff0aeba9658cd33

SHA256
72dcd2b7888b91f9c02b7b7ddc1c0c94898023ff7969e8ba312ddd14c6271d4e

SHA512
34998a545978b84b214c16db33640ac8f5651e705e11e6673a2ea37f905e6d72fbd1876d5f4801598cc7c6cfcbe6bc9de562e903ddfbe1b5c79d78770b18e939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05dd7d1a476729ea301f1a9b55b17249

SHA1
48658f942baf19ed59403bec9582352ec56d0103

SHA256
832f400db6d8efb4f22c2e6de1cbfe8d3be80612eaa33d6893d70e60313c436d

SHA512
1ac84e94d0d3c42329cf10ebdb29e4723c56456ed7648ac9d37ed8f05d34b7f9ccedf7d96fe97fd09886ebdac5f0321298e1967885b1712d3b2f449b4aa5adb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5def1cefc0760a5a30508ffa895c66a

SHA1
d5e4e94349eab37705fb07f4ec6a1d1ee9a9f1da

SHA256
aaf50b1b61c37f1a09ecdd7836068e4d4c5873e87dcb1729a8976937dd8f555a

SHA512
181e3f79fc4b8846b68828a790766105f3e8fea36e293f854116824d1fd7b18f023fb56999dd6207da33a86cd1186b3aa0af5b237399853843312143f098d36d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8087.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8146.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit