2a5cc3683757593d9275f86f6a12b7f4dbd0cfc93a919fa8c7b1a0c4cfc07375

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

27461f4dd141e67e395a2c7bb3c68ed0
SHA1

169b184da6212708dd7462f08b7867c525864bf4
SHA256

7573e668cf6d6d5912da3106f67d042950baf420abc7cb03d62f090262659771
SHA512

30fba84450ed8ba738a502eca08b799f4ff60aea27b59bdceed7bebbb99e83dbd0b12ef6737376d2e223b339bd89c7936ee503d6b79e5e24764a060cef6bfa2e
SSDEEP

3072:SgwO8RvoBBRyfkMY+BES09JXAnyrZalI+YQ:SgwEUsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432884665"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E11678B1-7645-11EF-AAD0-E29800E22076} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2276	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2276	iexplore.exe
2276	iexplore.exe
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2684	2276	iexplore.exe	30
PID 2276 wrote to memory of 2684	2276	iexplore.exe	30
PID 2276 wrote to memory of 2684	2276	iexplore.exe	30
PID 2276 wrote to memory of 2684	2276	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc12901722bde5f41d8252d3e3323cf8

SHA1
7eceb590e453043db2806e5d6399249f6548a483

SHA256
4cf8316b50fb9db9e5cd3da27c15d903f404e38896ae7a64c3fa0814dbab411b

SHA512
1051054f45ddd86118041c3c8692427f683fe70b99e51b3772aeb3ca9ba250a4c243c5a97620354c7e2bfc4573953a9954249808b13cc996e1886f7f05f04921

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52115bcdcbf96627f06b9d773d200886

SHA1
ca5bf141e9becd095e1a4fece13d96e0c0c9cb27

SHA256
2c6ea0ebfb18270ceee409ab71df34946ccb22f61212668711cab80c1f886308

SHA512
23a1abbad82836c7db04f9f9aed9c34b03d3e1d9d1d6412fd605d690d86265418c5bd659512d4a60fa67762e1cc0cbe9d01ca79f82e8b48abd2e39e808bc3e28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfe861a536ac0bfd96b2ebf3dc61b880

SHA1
a7178da2dfacfefa22fa6ae164433ae9b7088794

SHA256
5eb1d8e77f593d212e04a8800171d75e897a3ac2966832d7ce636ff26b0503dc

SHA512
91df73fed36a9b5a8be20f8419057750af47d7b791324534ac4c2f8dc555008983057d73f50be281a2a9c3cd7feadfd841d7fa77a8816c2597bd55cd2ddfdd26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7451bc9cd1bf067ff23b1d1dfd74d2eb

SHA1
023af52802aa1a72f8d0a51638c137832384c79f

SHA256
50d2ff1430e5710beaf0f2201f02ce1bbb0ef39cc90460327f553e49ba069583

SHA512
a2d36433105ad87f01708d9516fa48f5a848d2db103c6cdc3fc46b95fe743aeeaa7ba25dcb4fbae6f4fdff6abe6320376c4e03f164d0bf26c050816e9a085813

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7095f2b184cf5a171d1d7f20c2684dfa

SHA1
2d577ee3a90196adb8996aaa2d50ef16e5529254

SHA256
bdff420d9f75f8c64bee658c8178a2819adf247f640b87e645312557d416f4e1

SHA512
15c06b1f2605f6478ed2ce708f2d74c754558b16a5607143164fbbd6de5246ad50dcc32a16f51e64f3e37ca896fa26f6088f465246c54fd45a0fe0632b8fc110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26e63d3bb2fc45b644acda0168a7c47e

SHA1
663e5ac4e9cdf96154d37b5612a7a0044a19e7bb

SHA256
211b182c98c168577aaddbf3f530b66815cfa23c25e0af444e4c781b0ddfec72

SHA512
2b07b7aa40cdaa402ea2ce2e0e81459f374364f26381e5bb37c5c3f7a3c44ed4c32686bdb222aee8db868c3bc20b6a2a3d3336b583c8e2a4ba2f619ec8d076a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b2db90ee0ebf092641746bd073d1518

SHA1
076014b0b6d1b474f418d3f607fcd5e0ca668969

SHA256
8a0f32f20768e6d5ea6a36f910c6951122c4305ba14a2b5d6131444558d0af20

SHA512
490ff2aa862baec47d09f3f33885fabf316e368d7163548f6e2c7aca4b9b5855253d59fdbd8376ecb24b2fd766012fe5c1fbff94b83e8689a385fb74a2bd9613

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c6bfc67fecfe58a04895b05d3957bc2

SHA1
e5a062a9201fafdbc9a745fa0698a226291d5cf7

SHA256
59ce205d6b29b6d57e8bbdc5e278d458778776499c97a98f52aee3dedd5d0f8c

SHA512
236302a091ada660f057e5655a8957111e7b99a965fbaa11372dee1334d19302a22c817e8f9e0a41b2ea6531dc310762a769c9b4afc0e24b516d574e5cb4e168

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a19d85fde5050ac03f4d2107f07a60c2

SHA1
76146096656a7f7b0733c1739526e45ef24f9a60

SHA256
c52e11a9230db975d9d483c26fcab3f03acd3f47fba3850e362c1e0707a56ce6

SHA512
cdf4bf08d038836bdfd75e94ed5f485859ee21c6043e67efb9efb8b6221df7a40ddcb49337a7845e65d6a9ee97a2830f74406ece5022871caddb3e7af75dd9a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fae63f1525adcbe725e6a2b5e6a7860b

SHA1
5bcc9601f01894e2124d7f1886c61814d3006c9c

SHA256
2ab30d7bad2387fd8f9d296e0f4bd58fd4d2a236ca64d0aacf0ad3243685e9f2

SHA512
47da706b88e707c1d9c044c995ce7bcbb0ae80e6998a28a3f0cfdca972510ee9faa8a00046dd3ffc399ef2bef6c023d474a0c9359807986bad5191fd7156d1c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dee02f78d06a7c4aac6beccf8a64f3b

SHA1
ac511addfd97e159d639c7a41ec42512b77000ff

SHA256
aa7fda779b860e8867403aca5ca5be466b8343e0bf2e2db60f69f8bc9095ff01

SHA512
de3f4a13d83214ed6abe96efc9ae1958ef61ce86f7dfd10ecb720cd2516c24eb9c489b8a0b4f251403064b1af8f9eb948cd8bcb260f49df2e810827e09c733c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4febf7b3ba4707ae81ae2325c23be5e9

SHA1
6c3d813a0580cf75daf4e6432361156c7332afe6

SHA256
38127d664f406bf40000aa7771a8974c7f450d2c6ac5e55ddcc6fd30dcef5bac

SHA512
91595f4a2147d1b6bc0c8616fd3fb84ae8c186933c1b6f1fd865ad8724a85cf24ca621f1c8fd56380c6aaa5a384127b2dd950ad3c307296f99201aaa133d4f16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
324c56766e1ed014468d76fd0214691c

SHA1
0268cb29d9b2a9ea8d4238be044cc0d41ccfe349

SHA256
7a4579d2eee562f110b659344c9360272503cadabd99e1a857f48f9f9b2fe586

SHA512
59c52b984b39afcf0f509c07951b4aea99ff3233dea679a4500607ce0faed1f7b292201ff5ec23e1bb3959b86e379148d90f33a77e164b0e4221dd780f57e31f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ab61b0f28301f8e708bf0837ad38cf5

SHA1
09524749207d659fe00cd4689089d3d0932668c0

SHA256
c6d70ed4497a01b7310167acfddc87305d05e16326686a19bc90b2f8634eec24

SHA512
f0bd0481d8b9182ae2214992162453efb1cbba1ddcc68f4b38a56db1ce440c1879898cc27cbba76d525da6785d1398074f4f5d09afb40d05129c633b136d4458

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3425ec6d217422d7ef90efbaa53bae4e

SHA1
cdaba121460759184763dd6f69f2b746ee0c91de

SHA256
f55c0efe257c6001c6a35adbf9677336a7b2134e52d8b7434d9c3b15ebdf8396

SHA512
e33d3ba9e085227b08e87ba151c617390792c632e4763b586380d09747e369f96d940c0ee89fd0aedf738f58a4f504e28701c71f6a7b5d2571825943b4955140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6937955fb892637d0d4a4ccdee4d8a5a

SHA1
7bf301ca35dd3a27ec236b1cd34804740d55be4d

SHA256
26e801329dfefafac06a364a2ffca0f42439a641a7dbb53ba51f981b0f2e71df

SHA512
3ea9efd2b93a273b0c8522003a0749c60bd619169913af65bf3ad793c64ed1766385ac4a0600c6d50000d59bc9d1e81e29c6e70eecd4f9e8c0ab2d4a145f0f0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d0d1b5206f017cee5a0ab8dee4a5554

SHA1
bad5b04202863008f8db8951ad5ba98e0da19b8b

SHA256
e5b5bc24a81f11524173c22c02d627463c885a5c5fec26470b6f3b2d1a7692fc

SHA512
f2c9553035dc5e6d560e95529d6f60c1d766ae3685e352bd561bcdaec9ffad1adcac3ef6cb5047189858f1141b59fa20e868c15c89a7ae86ecfb2acb2226f9b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
977115b78cb1adec6f60a2348ddec3e9

SHA1
4ac056411632c677acccb1d0a5b6b044a263346d

SHA256
1d54a094f9046ba1c4bf4d19e11883bbbd7bad365678e405035435097d14aab3

SHA512
99f9adb138360f4b42da3a4296382f10b610534684bba1996923c54178d6578914cfd073c80fecb7a29cd6629e46e768098990235724835e8ab77d72e17baaf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce6aa38788be0431fc6d138cac4894d0

SHA1
9a255546eda5b39859be8a52733a7074abbfc3b0

SHA256
7a22c1338e8086f121c309529548ae3fe6d65b445e5f352bee7ad8370b672743

SHA512
7d87ad6e069657fd0b99d6201971cfc56ab65571342dbfd212d321c15ae5cba3cfe1327444783f5d4e4b9f7f3951e36e9983c810f34b5d74313870d0f4f044ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF26A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF31B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit