a7165a39dad2e48e237c1a8f787c4c7df1f1489e19f49370bd4b615159138d16

Analysis

max time kernel
136s
max time network
138s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

90a0a335a579b605ae1ef3ceaed22cb6
SHA1

7721b6111573c6ba0abc4170a696d2aed486a000
SHA256

b824790a66c97ebe0fa10dc892b17d07f367dd9b0e22ded718803ebcffb6d64a
SHA512

bd48ddd37c7d4b9109997dd6093ffa2c0c7bfcb7edd6138768d102f1c6a8890f8cdb857b566d4a437f3ff4ca32b0bd0e0baa8858ad0b832ebefab71098634b52
SSDEEP

3072:S5K+9u36LYAF0YyfkMY+BES09JXAnyrZalI+YQ:S5SKB0sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28997FC1-7335-11EF-B4B0-E62D5E492327} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432547635"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2416	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2416	iexplore.exe
2416	iexplore.exe
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2940	2416	iexplore.exe	31
PID 2416 wrote to memory of 2940	2416	iexplore.exe	31
PID 2416 wrote to memory of 2940	2416	iexplore.exe	31
PID 2416 wrote to memory of 2940	2416	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49b9f8e5b8161266a4d736456e649bd2

SHA1
55789c5c6e3a502ece847a43d14ef67643177bfd

SHA256
bb96773039912da0222bd9ade0bfc23940887bf1f03952a3d332d1b786a8f79a

SHA512
a26ee928da3892584a143e4802b94e4bc3dc1e05ec32969bc3fe2de932f42be071c78ecf7aa0c6f1c4ef61014ddb52e2c773b2485a749253fb18c77e028179a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2295d53603076fc2d8f9d1295e5dc31

SHA1
06589ab5233c334c8f594bb1ac9a31c1cc1511f8

SHA256
112d30fbecd91f174b8768b9009fd6d0f08f03d6e2d608368b870cd13570c281

SHA512
b7b62a68569968c5697aefba34bf21db1143d66a82b11f4546a0adb8f6a8f0b8c651ccb7a445fad23c764dc58e2af06038257c7fa668045cefb5aa9eadb2c473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2f9907eccddad2e64a1364a886324ac

SHA1
b4f365eafcc88e92712c15bf540ef370057daa87

SHA256
6269acd4736af8a6495dd7f3aae216710c3b118f0abd74342e3daaadcf0a57a8

SHA512
b67ea3d3c2061d473bb771aac8fc52de150ae2e6cce8d8fc470366672ad8ecc58f0f2bf97f0c6838d03be111d097d62593927c899539f34c9384609cd871d68d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee9b04a7e217bd21675c187324d6345b

SHA1
ef4556ea946b5beab165a6300161c1e5a1d2a9bd

SHA256
1ba9ff34400d8e7f6be22ddf53e634aa587db8907b4179501cab68a510294d2c

SHA512
9d02dc28ff74a51b7ba751d4e81569ea968b4c32e9618b1c97c9a3dc3b95258ebfcc6f86e2bce0646331a1dd50763433ec3c326f9b59f461d340e221a7c9e525

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2511407729937492c1d7ca35a09b276b

SHA1
9bdc7caac659b81b303f0672a5cb47ca446f3aff

SHA256
5eef1be3267c509c02ec1bbb0c9763c2d1529bf0a6f48ca1df0314c78e2eae3b

SHA512
14e9de94f4ba18cef1cb484d78cbc05d7fcc76875287fb42a16fcb31d99255ff3b5850a5b611328515228db197c3adbcce0984bdf335ddec0a3c3f618a54561a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45aa1132e64d8eb6a4ced4d16c2c2718

SHA1
0a39d029bf9d23fa8cbea84d58c474fee05ddbce

SHA256
d7e21a23cec7c63828f494f44d539e607ca2246d267ce9a73f474f922537a8f7

SHA512
7721000e6093d066bf6bb15a7986eac3f56780aebb3b6933e41b59e34531854398f50ca2e3643b9cea7645ecf889686231bc8e88ab758941424a977e5a44255c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b7c1f597cff87fe60982575d43dac22

SHA1
8f70e3c5f16ed7b0fba09777abf419b62e6b1335

SHA256
3054066a3e3121a45e03314d84f52ee9d6ab9e2918e74942fa98c312c5c7f7eb

SHA512
891593e7795a44f04331f787962e3346626d82bd8a2381a8514b344e64b61c72cc513740561effb12d1f7c32490416921a7186524a98cce3ab3d83a972e2261e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ff0502f698d8e4724c0ccbe2b275fec

SHA1
6971e22849dc473573374269c6916a4dd2c18abc

SHA256
5c66721bba0b4e64e9303d6545b50bcb87ee342284d0e13ba9bd7c2949962339

SHA512
3d622f3c7fe92008e1aef3adc04c17bd59106a2976ea7dcadd61ff5af622dd20c48d51dd8361b9c49a9fbfdbcadea6b5098e13916d36f3c2a870632ef4344c94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b8a165c7d2494d170c83b77a024e42f

SHA1
a7c7a4da1005b100dff1dc89f55944dd3ee21def

SHA256
c0774a0e6f041158698dcc77e269d3eb2d1b4960bccde192f7f123007d72ed4b

SHA512
ccaf4d49065b08803cbe40495f14ab364346262154cf9378a0e20de6353b8c0ed0d27ef74373c1bb24e13e7ed6fa52f999be1c4f290a0a5ce2655b956d8b92ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca2a5b82e5b31e3f59eb02c30f618929

SHA1
bb51f437aa64a575e5af20564dc4a2062f939e98

SHA256
286ddc78ab8338d78efa3a900286c49d4724715630bb193b3f0b7cfa4b92990d

SHA512
495b29acf248c95816ae31fc239d0f7500f7c33e35c769bf2fcdb06e0d739bc33d67e33e17e96e0a7da8a883359aa1d5be111824c0ca03c99f9237484cb2a685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96d9046b037ad763c4f811efc1b90794

SHA1
e595f6a27772f492714b8043d04bce002380879f

SHA256
5e8e78c1801228834eb1e1c0bf67c351198c4279999b2a4d9fe93581d3a1bf59

SHA512
680b8116a70da08395dbf4180b2a61e060422eddf01ac977cadc1b3c677a96a83fc975e719ec2f73545bd6b45efeff75ba59e42cc915d9840364683c26904e79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad37c21cd252a55482b9f7296fa0d75c

SHA1
865c2c20332084659f8eb21690c093a949d5fe18

SHA256
e8c68e0ed99e4b7f1986a6b41f5e7c9d894ed17056894b25ac6b869dc624ed44

SHA512
d3c25434fd3185aec9e39ec604c235e9da24550a7ebbf61ade96d12b92ffabade6e60d74c662e2ef7cf4faa46f5a0e856850b94fdb0a8c60ff3005fdd6dc0659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fc61ff3a73e3bbeaa9574472f84ea02

SHA1
b6fb338f4a3a4c2f26e16dca6d49cf6319a0f1fc

SHA256
41432095f13c2c8f2911ec34b701c0dea329b9c82e55aabe009df9f21a982f86

SHA512
1962b1fdf36cf5e5843f157ac04feefe71604bdbe90fd604f5712846b92cc3ffe39f60b7af6a7b62bd1d0d6061f04cfe892144d0fb4dfd5c9684d05da7929c31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba603b075690baff9f8d3f9c12aa2fb0

SHA1
1f2226ea6e0d372c6613bb91e9c75d53c3bd607f

SHA256
70c5738be0c729e252c751fe7db69d63fb55ecdf9c813312206cab72516e9485

SHA512
bb26cefc0793ed1ae502fdb64a6d66324d9494b789a4075a91dbd870efc93d4e112407227b3258edb7fbdd3e842298b4c88f79433f51c18f38d7d8d202f06c41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45b40569b872a5f4aa54f6556753971c

SHA1
c488d3c3a9cac2d7519d8d5dc280009840048246

SHA256
ad44fcaf30c38f1d1179f107dcd6fbd66556ee38106cd6c6cd1d7bc2fb8e27a5

SHA512
5009233a8237c315854060f06f4c61626bc3837822332088f307e9901cfb6453c1d7143085ee7c47773289693425f3e71c18a2f31c96e1b07cea447f27a10d95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d2e185cf9e88437c8bc5d7fadd81a20

SHA1
2a5d23a30117c9eadcf3e05244dbb2780a108738

SHA256
a845f9d449b7ad6ef08ae3749434a94700a7ea816d74a7b29567baaba685c1df

SHA512
7246f10c055effa3913d102f6986b5cf4d4edabef58a244b02d1c45fe063c66ce410a7bb7b89c407040646bfd537811802f48efe25d1bb92e105994d395b5732

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0875538c6f8b0a639a197af9923354e1

SHA1
2c3c04f7f195ffaa3af0ff22b838fb17bc36a9b1

SHA256
3487a96051c587bab6f5f8d300e8de7b73e073fe2535887c661978103120bed4

SHA512
9637a78609852fcf030beccbb7b0f59fe84fa1f95c1d8dc5f359fc82bb494f2574bdb556ac12ec98e2762bdb4d7028102544d16030e346427b903f0e9072bc55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06c029a68d3ca10a4b544157fb9f3b2a

SHA1
a9074c6796c01a57b5842cdc22024f0f38f27d0a

SHA256
597923f7ee7bc7ff22f89f3172553b8be122370e4ba9d66f32f77b479bdec8ac

SHA512
99e5a86ab3ec236e9f0113b56a0a817d821c7859cc125b0e72f4d63803e7183fc723f753509822857f639ee4e767ed3553f52e7c0211704af174a3f05fe4616c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDA0C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE67D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit