0aa548e0b1f7fc81e36f15c6bedd2f26c76f29e472c23ff2d81ef69ce85c39a2

Analysis

max time kernel
136s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

cdb054c66bf530229ba90a1f02f2650b
SHA1

c3dd1b59f9375967d09cbf74084c48b93eaf4933
SHA256

5b3e5b6b7085323c8f7598dca5deef3c01098e53cbfd5b0de52283bf4943fc11
SHA512

7009777d7786a74cf7bd49147cf4da5ad3a9aa88ff857a0cafb22ae9717c026cdc1f90c5d956bd7be5670f856b20a638e86256ef6b5890d5dd864a38d2ac4f06
SSDEEP

3072:S13DbV82yRlyfkMY+BES09JXAnyrZalI+YQ:S11+QsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{71924FD1-7246-11EF-B6DF-4A174794FC88} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432445105"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2908	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2908	iexplore.exe
2908	iexplore.exe
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2720	2908	iexplore.exe	30
PID 2908 wrote to memory of 2720	2908	iexplore.exe	30
PID 2908 wrote to memory of 2720	2908	iexplore.exe	30
PID 2908 wrote to memory of 2720	2908	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
988e4b58c069a25f88f2071584720a1d

SHA1
25ee21d77a3c2f4c7809a3d340bb9311a52e553f

SHA256
e82654363fb3c44265a2944620d3cbca81d0d2817b49c6ffcf8b17358e09a953

SHA512
21375cf6862978be1a67435599e73eb2077502eb0c22b83de5ff2bcfba8b73dcea6d95aaf27dd4e9847d61370b545c483e1a131428c1799789c9d206ad35cc83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c45dcca4a1a7b7efd86d2c36c8b3f6d7

SHA1
ced8242007306b82888570b096ae261e0dcf3bf4

SHA256
6d01c8ec09af0c4fe4a01eaf29b5a3f06294cdb85c172491bbc2b543870c6a9b

SHA512
7c5a52cc6815acc861a487003ae6ff8f6caeae4f42fd7d5e56bb0b425d6ecfc6791cbd0a1fc5eddeb37f9979b481836a9063da034efac4b20c6ecfa91e6e67a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4c10840032a0466471dd3e0e2223ef1

SHA1
da9cd05b40072cd17cc1caea481bfc98f88069c4

SHA256
8593fc64a1f1ac3dfc5d35454693b629508292503296228f175f653607d9ea30

SHA512
e2c239451561d1b17c0dd1f77b878abacd651ff0fe8b9c6d9b7cf388bb20ede98eec4c4a291ad7ba7f1129c6694d7171a453c55570c48cb43b076218e9014cf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfc16cc3ecd5c26b7ef688606c660651

SHA1
18c2c8d91bc756f208aa61932955f1a3bf229ec0

SHA256
af50f77cab12deeaff16be73fefe12086dc177f6ae719db3b77ad092f8f92072

SHA512
37e1aea2596c7352480be69ad8e0c045bd042286c755aee72fb852285e628fa2fd124fd138d4aee795ca1d4548da65bf6b1cf1b171da0f03955dffed1fd64610

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ff88b3e16438cd5c96d63db8b504159

SHA1
113c67859b41f8935f58d23bdedc63ee1a7483cd

SHA256
6ba01767c22323482de9d5b6968b15bc9677c3b848f5c4567d7904a89202c8dc

SHA512
4aef185091ea9c8b8a44868841b59e13631e8f3deb2035e3f6f077231939f1b7e6161c5595892bdbe63f8ec3854dfaf0aa29604e11a8f88a185cb8861f59d7ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
923f5d21ad373ad786f57ed19cebee5d

SHA1
73834d6287147142322978cec034dba1d8536064

SHA256
78a941a8ac3f6397c82520d1ac8fb0e5fb5ca61c643afe14a5d1c107ff0c3b66

SHA512
79ccf09e1f2523545588b5e1f9b61b9907bb49584540d9825ff6e4192e3df26cf86aa6c1fe53e90c7680ea6c4279b9547cd9c18dfc7d338be496bf9af335e30a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
027dfa1ae1a3096997a553feaeaae88f

SHA1
dc1fcc9be13c1ec1103af4704ce3101dfeb32dac

SHA256
dc212cd4a867b625590670fc90c2e5b6bc04a5bc37cab0803f9a9cd713fb6c8f

SHA512
b1a3cc632f9ce47d4de895e23d2259f9c7c66e4425ab5323f20bf1c7b5eba8baf94f5cd1ff361b9fdb46f682e259b43b544dfb4356f7ab6b55ffe8b28e095f73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
236bb70d15ea4ba1ef61ae192e25421a

SHA1
41f0744dca943aad6c819cfcdaf7cebf72e9ce70

SHA256
0ebf46dd6a60d08f26971da524a7d312fc8ca90641a513b98a3f75917d80ab10

SHA512
460b844f1623f7fe3c8bc835bcf7e8a98ad77b5972b462ae698de335e941627fa39632e8ad869072cc41b640cc4803707726f861c1f7685c7d3723333dcd4e8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b90f2a210936aa874e17317c6ffc386

SHA1
fcef63fccc6ab3fb578813b787d8b858c8812c20

SHA256
5f94b34c43188eceb6a0313b3be0e76949d87831d48445613a7f61146654f70f

SHA512
82122d974ca609633c3462947a62463d94c168ad8aafbec213785f5edc439479c5286e7c8315031ef0f5fd7acff90354ac96d35f2d9831c05aee0c15751a460f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b03f64eec1227b6ec927e14b64cef1c7

SHA1
4370ba3fd9460a0bf89f59699af462110e62c097

SHA256
c11918d7b16e3237d7e50975bde9a30eb746bab5899fb25fa44171a6e797ea82

SHA512
a5e3387733dd16d481bf8147fd7428e1b4f769cbb1258618e9d9e0ac40de87c5ec5d8f93bf7dfb3cf6977cc8f890e22f89f3fc00973594bd40e9be7930217eb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6513ae640267fd0da9a5a20b72a843ae

SHA1
158b5d1519407a5b33ae4c93b04fe3ba1e248e05

SHA256
f5f41da035f75e62484854e95ec0c1988f36efa95d2698de1a2848efc4c73a61

SHA512
ac78db7a9a80be0c867550d008942b5471368475fa76490fc4e1960f243f33136b8d373e61a99f932c771708c28e7ca37c90981fc58770a39514a3b1f894d820

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb0235cfe91797fe3c4ad650fdc97863

SHA1
7069f87264735562d3687fc702b363990a823a23

SHA256
f7dbd579a93f72d8ddd790b5bbd2e98bf9e1d65edacb163a63338a6e5f9b0221

SHA512
98d3246d2f6bb863f1631d8e1158805742700905cddb9a9ac50ee7beb21ec56b270b5d2f90b71ec4943dca8fe74ed54cbd0a84050be0943328e6943c519d3287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1b189e344989e5035e0166c3418059e

SHA1
aa7b08fccde58b8e2ad8467db3b4b41012c3bc61

SHA256
3c34ff9de1f4abfa7fc57a26744d64a83d45846b0d2d5c16fcaed93e4435ce2d

SHA512
b633cd9dc5024aafa9af780507df0504dcbc0be7de21ac8b2973b469005a5ab9bc2d8bc1878a6f20c4be5d07ed2a065cc219cbac14e76ad9d83f5547609e80d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71cc7384334b89a9f0a64af64157f29f

SHA1
a0c09a57c69d7ebddcd2bd53018a6d78255950df

SHA256
01771fa652222080afecc2b93619acf7ae40ce01443764b9e2a82b0ed9be98dd

SHA512
09a53ce9da5c9c4b5893b3eec00a8ef62f02f0e4936bb06a43bf206d9b1383b5be81a8e7e61ad61857d6438740f274d37c1cb0be8547278c863f5e962427d7c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dce83dddb64063093dcf0f23d35292f7

SHA1
18778a6f993d418f96a3b1b2859230206eb880d5

SHA256
d9deea9e4e3109751678c181f4043fc4fa942893f1fef3ad0aff380a6a058321

SHA512
a85a1429d16235061f855ef91b7f2f1d66d93d1f176c85036094e32e5a909972176c88c3a96591749cbcc716ec0b0ae470a5aaefb02b78dac7cf13d633a50275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62f3738b928e68ccf3261c7a530f8b06

SHA1
eb48d07c8961b49c114957d0d7c302828c73a18b

SHA256
34673c70ee25a2ad99809c5cb5a35e574b4eddd1d63081835f01c021d8027917

SHA512
632efb39f27974fa69dbf6f985c04fda1a658f7284fb2595830adcc0a37da6dd8863c32f0e9bbce9877b1ba8bebfcef49cf5e646584ec89ad53a9a8ab68ea11d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c612c48de592c3357109cfddd8aad519

SHA1
89d0eb175582a95dd1f92aa2c6f5d3f4298e9a00

SHA256
64fb4ebe62ad1356d9dab2d021c2d6e591636a89072133ae3f6650fc4df9c412

SHA512
7cf0d299ff89a7dc781871a009b783abd18b43d8b0f5fae3d3715760b86bb3117ab98c72f6e61f4c7ec276d8c6e77178f7f6badf4fbf8dca610cf58b7f31ad3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab49BE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4ACB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit