784ae4d7a77b53f0550ed4b106c72034f350e1a0af7d99f734ff96dc532c14b9

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

462f5e05d316844457375f72a8c603c4
SHA1

45aa4f232fbc6cec97ed5ca11767c1b8800a5e3d
SHA256

eea421610188652e90ece28adc9f517c2739b816c372343b6a9ebad2ff5e06f3
SHA512

4240eafe62e725641bbe9241938320820186f9e6b35e22d84ec263f92c3f202e96436c48788eae3dbbc40c4f3edcdc36629c962350a9b82abfad1fc1af1c982f
SSDEEP

3072:Sm8cT4pFTtX0yfkMY+BES09JXAnyrZalI+YQ:Smy15sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432886255"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9564C491-7649-11EF-86F5-E699F793024F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2228	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2228	iexplore.exe
2228	iexplore.exe
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2516	2228	iexplore.exe	29
PID 2228 wrote to memory of 2516	2228	iexplore.exe	29
PID 2228 wrote to memory of 2516	2228	iexplore.exe	29
PID 2228 wrote to memory of 2516	2228	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc7f08c1b2b5373faca85beee953eb8e

SHA1
2e2e2d590f0a1da22267e3083391e5ee7a06bd75

SHA256
f50fb83751a8f5e70375c84a514152a07500702cd4d2d8cc544b52b6f69c1696

SHA512
272ce5c3198b5407e7a75e300379f42895a3fb864f9261f1740d41c6f8c4d9f21f5b13c48e1dea98de3d06bfb9791b53fd14eae9851006581f49cce89fe13e53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d72aa980125bf14d8945702c809e878

SHA1
73cbed3e2aca6f4759ad33d4562e1919ddf890a3

SHA256
59e4d5dbe9d2a8b51a3adb0db49a00f26a20e16ef8efadf5d0cfe8474c81accd

SHA512
bd9c74721ad3436714d25085446434a461c79c2c7da5090fb004a65ef0220b1869a27b572f15b78ce833400c06674f6654d8de9729f8d46f4b46b7bb91bbaefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
091bfa3f8988301b2744a2e7758fa842

SHA1
36b0f5e1c6cf8da6716f85b9c5bd8b6c3a648f72

SHA256
393aff3d4a3b251e5e8bd84ea201ffbc8da3bc212a09e1c63b7e93cda6b2be38

SHA512
d0df868c26fa23469b6be22c5a8b38dd994fc69a46f53a497472ffcc7344860cb180efde2cfdf25d6f9cf4bfde97910c6037786840ba8370c430c32a92a83ece

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8d1c5a0c199c8f2d230946280f7d01c

SHA1
fda2ecbdf9752f27f93a3802869152cf41c5e4e0

SHA256
f0013bbb63cf9f2a3ae3ba0754049e0268949edb0252d80f81dcc53ceb364d78

SHA512
ae9d8262fe37c50856e77fe0f8b578ca1ce0e04b86af8a3f825dcd0149fc4d869fff26ab396595fd09a0b41cf84791268e8353507d317dfed80845ad55dd37cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f150898e43d9cc48c1ed5e7429f22df4

SHA1
f0abba4bf81da2c3dc66a0f7a15d0031daba8bdb

SHA256
15f64d8a26a621d76da51358ff19795f51208f3487dd2f3e6c23ae4e7b70d04d

SHA512
6ba0c98497c4d866b87b84901a70d96ab14dd19fe4eece997681e82341f276d0fd4e1d7373618804127596421749433902357a2677498462695d5ffc1094aa72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6231e76acd23c9b8f6d9a6659b20e377

SHA1
e9bb0bca0b5e59268152a5d94372e5e2dd63534e

SHA256
89046579e7f696e7f88ed00e6c4888465ee9158eece267082b1e5bdc6da4fc9f

SHA512
5033858a680a751d730dfe3483b3f385f6414d5ac372c561673003490660949300fef8a5d1bd009654affb285e691a335ef3598d38c202528705cd061f9a2985

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2dddc8feb4ac16a03091853ba6b508e9

SHA1
d98c87061ac9a1fea760d88ed4f230643cf2eb27

SHA256
be7ed6020d8e7cd2057fe3ce6c13eceb8882ecd9657542bd5a785bc85acc26a0

SHA512
e6794cc31c8c3100fb06c49d2c9a15559b6d2e771afdce5bcd48dcc50d63ce883e02356eb98faa5b9a3f9ddacc38d3f2be8fec749951c6af230796369b6c991e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e0fc24394cf0ce73d1c70f397b7f757

SHA1
feae2ca95e409b5eb2efa76cbd89e81e62492b94

SHA256
2a2c208e64d01c41354d034520304ace98d2f2976259fcdcaee5dc59329a5e41

SHA512
fe341d9391f8a27ca177945c234602531ec092e460640e14681d0da3762d41c41310ac775dc97ec7f6b50e5a4b7a532a9dcc51585996fbccea6a98f04884fdd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db0e19981b0e27a8cd4428545ff14125

SHA1
ca29751039db398aa7bc4a58a71b5ad6d78cbd03

SHA256
f0df568ff36f9a008188e5b6332f3344bf6d7364ee735c5da0bb25ed61e26ccf

SHA512
ef4daa563cc41c68d94784c701c92c9f083219b46e29387cbab746110f46b567aad5da49f1f28354c576baa03f59448e98e13f7bab1f7c843ae8c58f3ad9413d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2f5e5d8f7182eb5cf27d94c0e4e5d30

SHA1
15eac6267f8a6aeeeb01bc8b9d8c64d493aa6dd4

SHA256
0836e8e63fb99cc04051dc7ada7c1b6a8460bcc23306ecc1de41e3a4195481c8

SHA512
bf299f6ed87798182608509c86db6c62801bed827679702b35a97a4cffae0b9c7b4963b246650f015255e64cb4b8a1d42f3c240c3958e8000172e282fdf81e0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0bff95650754f3c3b79b1542a72581a

SHA1
6897e0037699c876c52eb9d361e0a4adee700c53

SHA256
9171315b90b0e64baff1f3ad86eb8ed4bfa3cc9f8c2a282ff090d3e04129cf5e

SHA512
1e42e6bf1a824f207682bf3642ca7560e11a1acbe349022e0d4704ab59b168ce3b843d76ea74a385303305ae93b5e2e5a73ff3b0984c2e7f3093b8f785ce03d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1e39fd9c67438f9f7125257f8655830

SHA1
ef50c0b00e9e5114b54c6f761b9aeb2459f8318d

SHA256
d09dc6e522f31f66695a5456daae6cf4fc88d9bf6089eecb6b3cd7e5f5e9c36a

SHA512
1f6ebea94b11a4e5fa96abd5ff1f916f6b40dbae7a53ece9e8f91ccbcadfcfc36d6a91bbd0b236014a0a26d93f0729a73916f5462b36c5f06cbb624b1cfb694b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68cd2bd3607e58377657a46a1608c86c

SHA1
4976eb0eec50d721c70d751101d2dc8ac9acfef9

SHA256
023482729f62d7c5ce6f96d5be33ab62b40b4bf46fe4b812372c8d8a8c5b68e9

SHA512
c86603efc05051ecfd1a03d18975e301f7ce252cac4c66c453fa8e9452377e8d1b1bde9c67800eaa020b0a0e4bc563535be087450d7c4ec1eacf5e0fb1e41357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dde7de634b33b4fd95ed7f9133feabc3

SHA1
e3293921f6d0ec6a8442e644a47f46c166cf4536

SHA256
01bcecc3aac0b19d3bbea159e1ccf1bf1631cdc81d448b0792d4e7ea78f7cb18

SHA512
84d76a8ccefefce71c7b87d476261b48c9772106f88d1bacdbf23fbfee33afe16fe87436d5aa066b2bd1ed316db0876fc0dce4638312598e5e96b8c4302ddabd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77cdb82cbdbd7983d203eec8ca5ce447

SHA1
70a6b591ddc2b8642c92a9b8a5749ac18f1d59bc

SHA256
56589dbc09be929dd1e4a0985978c0c4875c617a2fe60d835503f2d04da06535

SHA512
a4d2d1525cf462626af697d949f0c827552d8a2f2718858d57a8bec80cb54d69b29c365a1dbe934015c8d836ad644a47ef043042b6db70077f4e331540d5095f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1be0f6a44e6bd60755e24f35d00d2a3

SHA1
6143f9f341a79aa0c72ad9d1a74ccb0b9cc02be0

SHA256
6c93c25e2620ee44b1cee0ab8fa9b283e4ceb0923aa4d5096bd1cd7e404e4d64

SHA512
a3e9f017aa9c3c2aa22e9642122e46af635b29dd164dfef7296aab7f786b5a936ec2093082f213166fc59206b3d9662c81dd6f9caa51d37c67e68134f79f7142

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd26c6fc1d82fb25849206423283c24b

SHA1
0ef8d38812a6ff70383a2ea372259133060847f9

SHA256
d15ee9ac10b75f4f182e8f5ece43722b913ea5ce862d378e48663796ba1aa4a1

SHA512
4313b5ca481c546cc8fc382e236d0a0af7837f95b8b57733a1b7c8fb10306892b43a44936cfe4d5fae6e9390435db13c498300090165c5731c06b997ee3280dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e60b1a6632299f4491f4c9843a2c5fc

SHA1
47ef1bd564cce10fcdaa2404ebf80cb4b2a7b6dc

SHA256
b0498774403accbd88fd05015df9da03acdd4c8b3c69c393c481de9ecd6aaf11

SHA512
464d1ab3f1355d9316cd8f217bc9a119436d352db5edc8c737fbdd269fa2159ab841439ba7f698a2d4ba9741bc9649488596460972bb03a14555155ae5abd8a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e4a9d789bc7bb0ec624cd27cc254d5a

SHA1
556c81f880f096bfdc5633f29ecc47da287ad0b4

SHA256
c769eacf49dc658c2976d3379f7963558b495c2b15321be4221a54d3fb6e70c9

SHA512
21661d1f80bd9efa2608a449ddcd72eb68d06f1bdbb23b115f0795306dc070189c0970e87c0dccc0cc73b60379674f3f3379cac8f17004d47389b1e7fe8559b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF3E2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF443.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit