b824c4a31cdc2e13484c306a453436f3fd7313458569f4436c818430976d0859

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

29ae09b5c8d57a1afed4f0f9821dab20
SHA1

bd4f2c61a8f73145d7cdc3bcd49d3ae53bc785c0
SHA256

b7be52a4c7fa8d3af31d8625737988814a4f3a63732b4e32ab9c0eda20377bad
SHA512

095ed24410e4fca1c0c77a79e3a8b2461791d760559a0b55d91c8061edff7a596364018e976a8969807964391e18361186219eadb6385fe94ca638a72f2531b0
SSDEEP

3072:S0GaQf72SJB5aaasaO3zabLgB6ZmIUZtjbKnohWb1akEcHghiMR1yfkMY+BES09M:SpIqgsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432889047"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14F2EA61-7650-11EF-B1BD-EAF82BEC9AF0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1272	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1272	iexplore.exe
1272	iexplore.exe
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 2500	1272	iexplore.exe	30
PID 1272 wrote to memory of 2500	1272	iexplore.exe	30
PID 1272 wrote to memory of 2500	1272	iexplore.exe	30
PID 1272 wrote to memory of 2500	1272	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80ad999379fd202f802f019d70e800b2

SHA1
7fac7c4df8e3bb42e4ecc184906d51fde4f27746

SHA256
f6b7abc9e005454a7fa88fb89af01004699503a512433b58e9dfcb317fd77e3b

SHA512
954cb93df4bcd4efd5e2f884cf6931c43e5882f718bbd93460314e85e6ce1b3bc8e69fc9d5ed57d9be00e75d14b9934cd9f41db861897fb9292d727cb78824b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e3854074c7b4c9f632ad83e4309a07f

SHA1
63e3167f514ccab91df5fdee8c20d0d7c741ea65

SHA256
36ed08ab5fc52dac16f5982f648e67ebc3a105de8fa1cbb7d92cd1aef3c9fa7b

SHA512
8ea91706b3d25f598d93637dcfc4194bdce559cc838f094226161ebf93720fa1d9129a2131fa4558e03a43b20d993a8e43579cfefc2198980d1b8075a71f045a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a795f91a9d552e88b026bfeab1a8ef5

SHA1
6b1e969de9d86f94717ba3e0d733f0ca1eec9818

SHA256
2dd684759f99550323ea1f6567496de956e38034f18240fba89b7d02e7c43554

SHA512
1ee92f58563164c8029ea7b6124247ad5d5c65898101255f6e8eb7b2ce23bf6e73236fa5031a662f560cb44870f7ce82e09873de6343c9308174f63b142130b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ca412d71b6b21bb5d4fcb78b3e2f74b

SHA1
f7a34bbce12b24c92c1edfd04cb587c2fbeec947

SHA256
393e87dd8298d286b78d223fceddde6405cb8ec0e89dbf0fd6f5d2546fa4c934

SHA512
cd4091abfeb5b09cbe09a8c596e120f5fac6665ef291b43804b66e6d2336c6196cde8e12af68203718101ce11097d91e358089dacd4fa4ecda2b0273531f2823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5be051b769c7c28b5b46baf35746612a

SHA1
b80176b48d4588eea775962660917df43209d975

SHA256
943808708f4ec539a2e4f5f4d7263a995e600d172ddd9011e53551a1094a62dc

SHA512
4c320b33e377f1f2b6918db74bb1e174c662d7b334977b7080f13ed993687396ea69bbae3fa8c6380ff552e82115a395ac44cef4a1479412046b1b0153390737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eefa24bd0d8107824030bfeba78d2efa

SHA1
2a2bb744b6f0691dc4ee8009f3dfe7e7e5ac4116

SHA256
fe098b07549ff79d34ad9a840d71aeeafd749306523d3b506f8f7fc56d4d6f35

SHA512
647753b9d90d2a7dd465adc2e1fc1e57204d00cb5c52c40adab85226262afbabf7f01c8026fdd3981f70e2287e1830494ee3cb0dc9b5b6e78b053dd10373e60d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1609fe5b7999889ffd76423022a9ade

SHA1
fa12604be846451f827b63389b9a1782b916be7f

SHA256
0f45a807fc13e4c69a3ace1b96b2c1b88ba943bce3a60918d9ded7a529d6b902

SHA512
008c2eb5237d3de3dfc0b60c0d137ac590ca7b9e487de2ba19b2cd8012d9988db1dc598e0bcd42051cf705341050c119381dcb4839b4bb779b67a714e782f83b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f314ae11fd708267b7541fa1dc5e25b5

SHA1
ad8d79f8bed45921225d1338a3d09ba0175acd12

SHA256
42573259b3028976847832a1ad3b65fb686da2df4c0a78e18d5f0caa9e07e378

SHA512
5b2d74f8b284c2410004bbe6e7e5da6baef1d15487676975378aec0069e842b32721ec25a6dd3f0baab876afb620e2c416b3afa505567bd10c61248be1102fa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9a474d3c5cc7bef5e1b40c23d59f9c9

SHA1
dd41b35e96062a38866eda26452b7863e9078292

SHA256
2fa9d14cfe6c7e186b0c479ae36faec5cf327377c290dd80e54751eed1089a05

SHA512
bd5ad344847b868e0369206ede70691c16eaaa8ab02d794ce3612cb392e4b5d8830cd9a49cb4553536de37cbe7924a448428c8002e85e60b42706a9cfc9e1e24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67c66a9617c1fa9b109d2f7090838068

SHA1
e9bfa80e38067dff1d00ca7bfa191492fc72a02f

SHA256
36476e49c83b149d00a93e60f38589d1f8e1a422c503d63ff7a05e12860223b9

SHA512
f25ebe23181f4bab19b9cb0d4350511abd8a7cabe04c338acc402e6e3063da678aa025037b711624bdcd359457fcc6577dc2da1017ba23b692aa413589448aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f656732ea410357fc661bc155150a913

SHA1
6d97c8538aea91441b39dbeaf927c2d74d1da03c

SHA256
a17ea1e7ff538b1d7356113baa1484aa2149764d1b0e2eed75a53043aa233dff

SHA512
fd6fcef0d8d44270cdda71264d5c553c00242605b0fdc1eca8f005f57ad07ff53236b4675734399ec00dcff5a85e0423a62a60a6922fb2525f97e269da475179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1923cd2d0d3f646347f291f7c8521fa3

SHA1
8ecb1a5639ff766cb8319e9726b4f405631cbf39

SHA256
2d48a150b95e51e65661f276da93c5b49cfa6be8793901ebf3fce8c8f6a45fd0

SHA512
20a2f624bc8246ec06ca3ab5eb0398051593ff3a987095f95ec81aa75485e26c26e0429303a2dc94f8936bec8562b7861bbae507caf26579d3fce04f56d9cbe4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6263e6259199fbfdcdf95d833269cb6b

SHA1
f71aa484adfe7be9c6857b16e90bd1df2a6ffdef

SHA256
8ec47a5e8d80e577abb75b3ab2849658f2980a31b7b0b6be28ed47944ea271d4

SHA512
04f50a722ba3c8ace6e81aebdfddaa7c7be878e0c254578029398f04a5679929ee26d6b5e7c8d1823b72d0620a90b1c67e23cc6288289c276337a6706d529adf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cdcc10c208da2baf83b0bbe5d1a7abf

SHA1
07ecc143d95464db5ef38cf662bcf0234a07fca7

SHA256
3789b42e45a341f4c2712b7d486e01dbb04568df0b54f2332dbe7ba6fd0a9750

SHA512
0035e0cf40b655292236c80486057213e8d0e6d671a666e9f58c0c00d9eda660450279b4d1f7a08e9da7cc18824dda5b68923b8db9969439e1e583fcfb240ae5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d114ac2d3986f38692960e0c01c1cd2f

SHA1
68f79f6af8586175de3771aa226a04751b414a62

SHA256
4bd5a7afffbe98c48a2fd149529468744c132a37121aba9f21742e8d8f96db85

SHA512
4a1dd73f42612db54f34d236aa6c6af546e22ec84b1aece4e3e29461dc3744c7a399d391fdc8065d246ba1a1bd123ff070b8c3336ee8dfac6dbc50560cf95b9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a478b4ec0d0079c8b683820de4c3c4b

SHA1
955ec99978ebdbdb3669214024a2e1bfbb30e909

SHA256
531d26753bbe458e4b2c8feba0f2e56dc9c51305f127e0ec6d08ca604d63aee4

SHA512
9241a22230d7868534f8a26396ec7b5495e6353aead957c57f9526e7af66d0bd10ac505412fc18d490c505110d548367b1b5cfa04da848ed92cf08be5f40bab3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
596695668b35c5389ea7f661aaecd7b5

SHA1
2740d15bd1f13ac90eae92ad469d2f5de64cb5b4

SHA256
c13825d6f25ff4a5c46ae9c4356cf662fecf83318332228e123248408d210413

SHA512
42b9610b86266619da8744847af79451c1293a8da511a5755b96b6c4e219bc85afad03ab1f494e6f9a0f28ec8b059402f73e417e543cbbdfa2c5f3d3cad2eafc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
337d58a58b57dccc2e11f1437a2df047

SHA1
fd8c08014fa0d435ba72d311aed23ac150820bde

SHA256
ae66db81571c7a59563f07bd24f690220327112397006aa67ab1a60633e1080b

SHA512
8fa1172f18674c055d109b7681cb570e56f448b9da4834d1fbe01558dbea2ab600813e1d629dcfb3634f8dd4a42a0435ad037dc95a804ec08a02a1162e184b89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8a2e3997f2a48c65644c143d1f25584

SHA1
cddf94bd02fa61f9f565b860e4c2c3f539c25763

SHA256
4fe9480b4b2551daefe3f852bcd8d0e249b57ddef56fde56d12e1f6d39261b61

SHA512
f04f2e652b513d20166b10fd70205626c3d50d65ca02c712500ecae50a0cffdcfb9975e2cb8ba311edd910417349157b6a1f53393fb1f672d0935da2741ed4ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0a4b15dce33819770fe0ade776b5957

SHA1
73b0802d330453ca6beb96b6950050826866d9da

SHA256
ffef415506513dbfe115f4b3ee2693376ab46eda3b74c0e535e0c36cb4dea5fd

SHA512
b463d2a962b233e6071b98fa8e1bc198be92385509f6a3856bb79d8107411a9dbb676481b941afab7e62a68d425823d6c1387ac1d60f612f1509be5bdeff3187

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA88F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA93F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit