223b7d69cd661145f16df096f2ab8e01b6c96c90bbaf5b98a361b623776dc6b4

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

7404db66750a5dcd3f3a3235f6ce8348
SHA1

4b31f5009c5ff683d4831b3c1a775b315a993e6b
SHA256

3e26344f4c1739c597606e2f4b67693c6eb753f525c3cce73c82e352450c746a
SHA512

524c5dc1926d0594b0d4a4ea85d23f59f6e02d014053766047def5073cfb61af116dbc2d8e17785a179cdbad432207e75b1839d1841df3e11c63c74eaaa9ba8d
SSDEEP

3072:Shv9oG8JzK6woyfkMY+BES09JXAnyrZalI+YQ:Sh76+sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2EDEEC81-7641-11EF-8202-7A9F8CACAEA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432882647"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2516	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2516	iexplore.exe
2516	iexplore.exe
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2356	2516	iexplore.exe	31
PID 2516 wrote to memory of 2356	2516	iexplore.exe	31
PID 2516 wrote to memory of 2356	2516	iexplore.exe	31
PID 2516 wrote to memory of 2356	2516	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
741176ff80ed41dfb0e5609239a0b24d

SHA1
aa860fb3a3ee09af2c31024186c1e84376897ff6

SHA256
a6107ab402b2181fc847771330f55b92d8f67aebe942a27d3cf923c9e4207262

SHA512
b90cae0ebed332b03d221dfafbfc81f7ec9a14e25917463bf567c692cf1fa1e53864ac879e38b1446531166ee95e077d4d9bff01595bbeafc4a6d3ef29c6a4be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f4919dc6dec0210980a2cca15b31391

SHA1
3113761c0ff45df918a793b1df11a6afb0e1ed6f

SHA256
e709cd7785e0d53a64321f63000640d56acf595ea68b4e3ebb466324a2874005

SHA512
b862fbd6cf48f684e2e15b052cf4672068e682aa9f6921dfa131d7813e2ee46f1716b5b19b5e7d09370c16d28df5b2766cc3e19b841353fae4a5304afd411636

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9279cc7a020372056a9453a84ed52baf

SHA1
65c537da6adb3bce6e5411b5a5fa433d963b2750

SHA256
7872b9bf9e606dd8a39de78bca6dbc66c9e77ef71e6447df5d6941e1e72a11c3

SHA512
a3a2645f6adf450234cbd2b5fec3c44058ca3aae6b19a4585e12605441dd04d095539a7b0edd707a4537bb7ab440fe1de8d8f9fd1df7832753a0103027d3db31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
536661be45c473668afe683c5ab30354

SHA1
0ddbd49337bfe6f2607a53c165c0881bcd11964b

SHA256
9b49e61d3a07ea55d779c9a8bf4e3646bd06f34a25b880a8530fad6214f1fdaa

SHA512
2a65e6c0e3248b0d2abdc02599b653325f6982d5e5787945a726aec00837a73f530caceb1c60cc0c9f65b6022ac20a1b8907f92d77c88d8db929a394f36bcb6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4356526346dc6c50760b9727d830a269

SHA1
c2f17e2c16d69270f874a0af704c473cbcc2178e

SHA256
9840ff7044bb8d6179dc360b4e05990d5d77617942fddf02198d6c19d72ba1eb

SHA512
3ef928d8d4030e1f43b04de496fbba10348ef875e50f571fa22d2c4b95f4cd584927643b742be5f0c263f5ea5e7d561ec29c7a438690d65cfe505d3b36536739

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4ca9ca410a11de98932421b00224260

SHA1
1461414b62d583b0faa103f000d0e79927718da2

SHA256
8ddc152a290cdfaf27942383ff69099be3a511e96e48161716b982588bb5e831

SHA512
5f6844e88ecd79ede17c6ae3744a09ca115b6efc086781d0c150376b07a8e55f03795cbdc9dd2a4a31e17ed533d4856436720981825f818f10c59f33505cc131

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c4d97e4e94d52f668b2d3efd4ba3f3c

SHA1
0697383b7b4c293304b5f488a4afdc7f70b95b0f

SHA256
e362b63ac5d0d7bfcb95039051e69da9fdfba5c917b13d7349c13e90fb584a58

SHA512
e73e7a56d657939a6cff0bfd32d4237ddb5426278595520cf989d456781c1f4272e57fa5fbbbff9b9bf421d72fc1843a434949053ee18ecefdacaa089dfedc4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02964e5e1a00b8fd27b70b48b2861d8c

SHA1
9fb5a244bb140c1c3ca353268baefc3c98be670e

SHA256
37c8c8a83c75a5d173687ad8ac4d4c10d0f60c5ca4ff7718cc319c4b82740829

SHA512
f44316e5653408e5c98520d223e5ceb5d9133bcadb944d7526c702c1bcd2ed608da82749b153a4e377af003b7b9405256e8f46463e09628600dbd1a203fb91d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1e2e6316c0e56ca101f4335a843ea55

SHA1
658e0a721ad74a2f1403a4b21eb750897203167d

SHA256
2e6459097ca4d02e1e159f47b153a4323c4f71f5e1bb24f37752a771987c9656

SHA512
90fd590df7a4c35a382d3d7945c43d47892985a45e7b50157cfcb4120cc52b1cdcff05ceaad4f6043268a659cc595d070577bd1505db822c50c819f7c8d2c17f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
993be2187d6066ac596fc4b21b5751ae

SHA1
46afae1f871f5a1bf41a4e9870dbd8cbfedafdcf

SHA256
717b1542bacb2435beba5adb28d1f0d084e50a0a17e44a51f04b1ca93dd86412

SHA512
3e4dbc23e160d6af7cebe3e4c3370ff18bb5c36f3c09a4165a761cf61d859f177ec7ac6418b8fab0e5e9d7da8271136b494b662ebe5f52611ed4e3267528798b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
319a5b0c45dd3486b18223d5f7575009

SHA1
a7dda1f3119a447b76dc90bde3b76a27d3d4423c

SHA256
6a781988714e812b4102b65c77c87492c15af007f001b7988fb454cc97a9e03b

SHA512
52ff46b8717d917c8ebd57827c2d19e393c6d044234c7368d91654b3fc9e6e3d881b6a68ccf58d7b41a75bbc707c65bd505169cc9b6827cdadaed289a7ee0cae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e250900a1565a4b0f815c0e826e172f7

SHA1
f00baf8761da78b95c7a07d7a92e048d05bb9a28

SHA256
af199063c38344b373cd66db44dee8794cb3a965fc241a60a95d0ce3b43948f1

SHA512
228af967a9816a27918ff4e155b9b902e70fa91942e8dab4deec955f3aff05d17848ce957453197ab8adb83bdbcbf462e0cb34c4ea3440f4c3c2ff9622767be6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b5cb3c7ffddeb130bd941684a1cb23b

SHA1
a8c23380d9330c2b72b9efb60aad02eb46b448dd

SHA256
8c42ebc00b81cc0a8ea0bbead50dd294ad6d50bcee6175c1583c1149f5dbdcef

SHA512
212c546d18031bb5ddb076d0ceb0c88966738422173c82515940b1327856479778d63e2dfa3d68bb4e0b42fb068f1ecda1fc6713fb731e7da32a19626f27c441

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6878a470b9c052b9078516743d016d5

SHA1
7c29d3a4f500225340507f645210823d8c54cf2a

SHA256
cb88777fc841d8e86024a090ef363515d05751a1d71c52783a746a06339d9be5

SHA512
1deab31de074e09f89c317f90f137f77002781befdfbf68603496e48deaf7d0b7adb653b0e1262a31a71c04fdd0bd6b528854168a458c4ad4e09b63e2ee386c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3766e76bfe467f479863ecbcc4603292

SHA1
ee31f277cee6fbc49c78458954ea061b6ce2959f

SHA256
3926f3e4ed839e38b0502e020bee56ff759f9c912a57e37e5d376dc9a4c78ef3

SHA512
7ae880325332920f73439a9a88e4732e05b773c10982828e90f6ae9ebec4ec4df949b930646290a59c28ac68bbe825379c664e07cd806e6a42aa00082f175629

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbf72f3f32a25c277a9fcee3da5e0f7b

SHA1
d56b43ef0b4a3b034492c6d2b6c262058ebf276b

SHA256
2c177466a04f4b1d5dd912126a34c3cccec16b1ab29f3ec5702a0efe6ad60df0

SHA512
65a578bb132c3126178bffb7ac01715478419ca544639230dd2c924650829901d9e8e05719e39cb0a4656679a9d3731d0975ed2df51d4d505b99ece29850fa82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73ea639f9b759e880f86973bd751cb84

SHA1
d19ed472d459354bf9c407cf36c8f373cbc0806b

SHA256
b67474f83cb6c37e7f4cc594089d95f02d30e07f668f5d6e1ce8fbe35d1acbbb

SHA512
26282815013e544155740725ca4d5381ec602b580a83335103b9410e512541ad51f30b9db2eabdac4731aac73baf6b514f34dc593bad4b783af96377a62f0828

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4c42e9655de3f56a6545522aca4cf0b

SHA1
2e6190526be4995e8b811c9d2a60b82be6378f6c

SHA256
e0000448dd9a981d4b2159589b1ecd40f0a440ffe8c0fcc5fb18846da50d397a

SHA512
a219f01880e510b43e76a1aa1bc87e611ee6f9f8575f4792ce7cd7749d9f74da39954bbb4a0e98e8632f46b3be08153f4966f8347cb52607b20ead084efb9748

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8faad6f826f099e18ded71f207a6e1c3

SHA1
be73d43c7ebdfcfe83d2fdd7e97345c66cebeed5

SHA256
490df631452e3f8f1318efa186f1569a69d40800a76b9b6291c3df1a6551403f

SHA512
ee43af7fc9eda869863e92030dcdc95adf144c335c66f2b8fa2f4a41112906e56317f36d06eaf8f99d147eac55b4dc294dffda969f996de587437d6524e45998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae6c12b4cc5ebe8a7824933122a73b3c

SHA1
c27e96e61f2e4e9e0ac232957a77c21ef14b1474

SHA256
4acd23876bb7075fa78384c61ca88f25eb2c4cda99dc7e93041cad3161a9d852

SHA512
de15c42872308b2aedd5d73e280e6f0b7fe5e5b66016b43903ce96a79fbc43c59929457c992932a0587e9ca9d8183d4bab30b2b736656d41ea37c0058550f9e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCD21.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCD91.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit