3ca55c6100bdd080ed9eb4797dab38ff198fc1337681f4d67bc61e08aab2f5ca

Analysis

max time kernel
137s
max time network
139s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

77a7c761e11bff99e60eea4d3f36881b
SHA1

3584bbaafd6b439faf117f2bad56fafdd202dece
SHA256

67e99f190af21b7e833bda790014038710e86b9b3a7cbe69c3e586ee26017bc0
SHA512

b7fd126b605e9b5b6ab14be6cf5bfae6323d3beb71bc311fb65080233a870885621a23e04c6c73f06a9fb78748f74ac7515c6278c9efe58c53d279ea86ef5e09
SSDEEP

3072:S3IF30O8j3YyfkMY+BES09JXAnyrZalI+YQ:S3b9VsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432349233"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3ABE7811-7167-11EF-8BBB-46D787DB8171} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2272	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2272	iexplore.exe
2272	iexplore.exe
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2324	2272	iexplore.exe	31
PID 2272 wrote to memory of 2324	2272	iexplore.exe	31
PID 2272 wrote to memory of 2324	2272	iexplore.exe	31
PID 2272 wrote to memory of 2324	2272	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b41ece7002188d3bdba0def5dfd4ea94

SHA1
2d992dfbf0a0a57bab31152a5283611973419c65

SHA256
6d268a31c3512eeb4436a1f13ebf5c01e0bd8851694b8b10ba65c9e1e2e5b361

SHA512
35818833f5c2296c7d3c742169ed301f275a4559dcc5218b5542f8375a8b6ad508743e9984de7daf8134e81603c94dd2133aa44dbc41b671fab2d3f64938f63b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
829cc1196dbb7fbe0ce8dfd28156f97f

SHA1
d4629299b49bb94f86307d1f930d125c743bf204

SHA256
95fdf6154e12f0c2f43b57d3768615bfa743b6c3cd7b22f084a328d658867aff

SHA512
05f575ff141169624af21974ac50289ccc6ec4149f0a62e157a4d802e3b05e683548e74eac610301f132be5898fb44571a6b3b4ee7849e483178dfcb20130ce9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
783aecd838689f356045cbf8c5d51fee

SHA1
296ebd9a4541b8002e4586453918598b6138bd1f

SHA256
5be92e728e318083f3a93031726a5424b216e909770e4698495ae0f42cb74bb3

SHA512
86fe7c6ff03af345e01d2a09c5050b9e20325850f1f21ab71f1973e2673b744f715d76f9c3a5ca473bfbe3c05d6b4b2996607e44d90977d80cee17e678bbe4c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b2a99322499d2f1d25574c05386833a

SHA1
8c52fbb322ef26c6d51fcbbe58989443eb3072fa

SHA256
c9c43db419bd3b4a36fc7e8ff0d14daee0224a0b1bb30e32617180b42d646809

SHA512
bbd3f37d47ab4ad7b4c2f2d43eb77885ae0815ba1ee02691c65b9fe297bee59cc20c039356036fb340e76e856ceeca56381c601114a2b9029cdcf3e3847709a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86cf05ea92e43cec4669e03bcc963ff3

SHA1
37b141022de0a60daf20cb4936b1a2c0d67a0ec4

SHA256
dc2ccab652f0a60dc0c1612c6e7429f31e4df9a57562ede22be4bc201aa50717

SHA512
47de8c17ba94f781ccf75e94b6f95aeb64451605f6fce488a8eb5a121cd1cb7800db5d26d8c5fd4ec5a14ae8f1fa1ed876c4337cef9f660f2e1471cc4b328e02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20cefc341091dac6a5f13e8afb4bffd9

SHA1
84a26a84845163c1997594098ccaa3f8a74a0da7

SHA256
ce943c51d5fe92173a3ebf679b9e796d6e2a97396535c33fd657924637b9ae83

SHA512
10d37ae4f22ed9a7fe7d11e5a73dabd930148955fd31557aea0352505a02b5ff83dfcbf62bb356b4ee049143879d75e1f1b9d73495b6a311e381f01858403360

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60b44f4e7d02df58b827bda1dbee4070

SHA1
3f406efd92782d13e153667e36bac2e83f4a92d3

SHA256
03d95bc8bfee47d7a486c407ba61f90702cf1d566be6e6beb125841fed6297ba

SHA512
c0819ccb6262d0c3fef8dd35c2676993e6e6e514ff7768c824f16253e3110983e1d146e2cefbbcf2e81309ea3fc392ba5f6d84ac76b7ad4030c636dd6f0b564c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
999f552a98265ccbe838d9d6f425e92d

SHA1
c2410293eca5ae5fb5c8fec30929fd31ad9e8ab0

SHA256
55f25679248975aab22ab6cf74cd847827a7823976ad5ed1cf751a6f7893c596

SHA512
1d767911af522f7b59b8723e9f13fdf05d398ce587bfcb8cdbbe256f04f6ab705b238b4641c824c2e0f361da79051488bdf174cc8170dc886a3ae8df250823ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0f727b940458782f31ef3c9b9ddd22f

SHA1
a2b19d3f75336ff8f57ead8c82b629250f2699b3

SHA256
e07648037073c6a85f96cf472d7a3e842fa122fadde5f711a44b5fd164d90234

SHA512
1e18768f7e30619291d59eeee1b501ac9a1e2651b7b9c3d0ff2629aa8e7d33109285d23a29714f83992c2604f6ec771dcaf6f6d318ce5135aed72d25c761d59e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ddc32ecd34be3a47628c1965a0977f4

SHA1
852af4413b4b9eaeacab9a8b7944b42f34922d0a

SHA256
96aa0e331d2368a96f480a6acbfba74e5d938e212923aac18a69cf271e1a18c8

SHA512
3683c44078620583a16a241fbd26c69f75afed18571a761b993dcd43f410b3bf7856ad14211e6f9222382d986f9bd643e0fde52ea09c6a8dae3556c0cb05c14c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
192154731ecba696c507934a5628ee0b

SHA1
b49005fca1031bb941ebb9cb9e3224cafe233395

SHA256
3a6366d2d19c2f11df3b471d65da274fc0cb2b6f4f9e1af2abc298b79226b039

SHA512
92dbb40231df1a6079162fe670620abb609dc9e431dbf250bcc1a461d81e31783dea017da8b31c6a1b7bf2368b339d43c9b8eb228964b6a06b1077504cf3613c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f59c4f0c5a41382a98033b255e80f79

SHA1
10cf05f1e305c197843d02bdef6133727f1a55b5

SHA256
56312086559a10e1158e45a120d09359ceb2d8a82baec86e0b7389455c1a2f74

SHA512
571092c2d21c1fec69167b7c466a4dc06e0a1e4825fd92ac0f4aa0666fd933b9403d1c5d4f711af289777aeee32c8546a524dd786f46549541957b3c5ef4e832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3ebfc2047643837d5cea4e478d9d592

SHA1
e6e488d5efdf85892c8805e29e9c902a291369f9

SHA256
147d2de19683d28975655cfc30574dcc0e19ad1b0e35696d1e355753bdd68e54

SHA512
692edd9e4bfb49f7b8b62c428dfae225f824c39312c576f2bdb5359c86d2b28de1c86a4f0bac0626960d0167f1c6d7ff4c7cd4e7e6e7cd6c32c665424e43360d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07782fb0f1ec1cb5346c5d12ee5c5d09

SHA1
d3a46746481f04688f81520d363fbd3ad68dd406

SHA256
cdb0f8de5b51607e1041f1069d8c46629de1de3de608a413033485f95912d291

SHA512
79e93f751c9e665f202810ee17e9449c1dd685497eed625560808e1729da8cddbf771a666c53c267f4e8801d7e6b4ea6cc99ba7604c618e1aa5cf3b23d706613

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0c67e05f75100659a8b298327ce3203

SHA1
19dfceb1224b826ba69fdcc682d9f7f8b5b2e631

SHA256
3aca43ed73bfa373c1b1083818f929a9e78cd3cee2828dec56b271b70797e7e1

SHA512
e459c0d260180f82170b13043c5a65b210b2dd1f811d4b6f7e65a81cdd70e1d9833edd6b715eb3e7a5c83c961b05a178c547854cbe2547baabd45ad69e03f88e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a27fd0a35eecbb2e372460736e50a3e5

SHA1
b1f218e06bb002cfc5218b529943d8d262a6c0a0

SHA256
9a11af6f82c6ac14a1a4da3eb018311acefe9be460625bba40f721a527773c83

SHA512
c1f2d6a01e5fe759045d0a0ee5f0350eb855bbb5d362501180a0b44e08161e054d908236f3fb62d18a56b89b1a807e58fbdc828926aedc297ac69fb0ec06d50b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1da7854a5feb4be655a2250d8e6ca87

SHA1
dfc53a8f6068ca2399c10ce1dfd3a4d0fa55385e

SHA256
f43bdb0d156f23bbbc1e971c0b92cc68f56cd47e3d41408af84d660443de2f29

SHA512
59309d9736c58bded26ca63104d147355b5f41b15a6dfc2173cb3cebed217bc33cf69580325ea7b00d71869ebdaa9a625fb1b6978fb027ab3c18459c505b0609

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d86ef9290afafe92a5f0edb4ba10af1

SHA1
7e839ab001d8e58b9ad466d16b40effb30efdb8b

SHA256
b5e11a5e2407104101205679b0a68dc572fa287a40c493b3938ca2413e43120a

SHA512
01e285b85f5c6dd4d38ffd4d89249d8ce5930bd60115d79cf51f005ce977cc43e1fc78d84f322fbb3e0a5bbe0551061376785329646b8a708c581ff7ca91b41c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aabf39c97fbcb9c7deafee44bc9466d3

SHA1
cda54965b9a37e15f74d5fdcfddb0df65b6098d0

SHA256
2e75364a47979baee167a6ca907d7113ebe0600cba2bb4c6b60b302d23dee33c

SHA512
9ac60e17b77aab4561ae7d1af9a8fcb5b1459fd1aafe050f8be48231c2c813a33c74d42cd6a7b594b926a5c037d2250db2c79c36340e255647745d6d266ff0a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDB34.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDBE3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit