667ddf6f4d5218d556707fc7ab587ee18c14798f364f62b275b02bfdbf0c9bbc

Analysis

max time kernel
141s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

41KB
MD5

a832238633d1fa016c4dd37d2e1c8880
SHA1

d55792ebd9315e531b92fc89e3ac0af008c94e13
SHA256

53c06e18953a50f3b40ad17162f1b60812b4f152af75a90e580fcf33394e59d3
SHA512

7e4c0e54bfa16a7edb451e8b46c0677f74efbbd930e7ed5a7276b16af3b4873cd2d07a98b8491ba96c79b2717bafcfe8926ec7f1c30b352e51fc5af956cb1efa
SSDEEP

768:SkJmh0OaEe1tGS6FQv/y7JHSBc3Z8vffS+ylUmg4J+iGGl5sl+rjhrTLj+8fSMyl:SImS3Ee1MS6FQX0JyBc3Z8vffS+ylUmg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000002f6a8991eea0e3406419b9b7d8ddaa3b79acee7e399a2eb98a8d596b5171e6a5000000000e80000000020000200000005d0dc8744cb80587009f963a739a19fbc6074ae04c53d45b71770634f21c49812000000044f69b28f5a498935c264a4eec7fc32555d8d0e24974c0839b880b84ebc639cd4000000068763304b99082b0d92db9592d2d10f155c3eac0cee9ba316262ae43ab5f5f231c2625ac7ce76203669c5e907ef3332186dab73655c64cc97637448fde1b5aca	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00a921e8b50adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432927172"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc500000000002000000000010660000000100002000000046e48c2ca05fac24055e319613fab95ac2d36345fdc319684d377b85395d3a31000000000e8000000002000020000000e285152c401e4afc15cbf9ee44a326a17aa9f704e69fcf8626e6d150346df0939000000021097a55b794f92485d5250b180196ddc5d37ca3b6984d71b859eff0e87789d9ed5d009f3ebe57317dd72876a259eef4352a0833d3d8e98be12a6708c55baf21f5cb0711df2f30e5e381cddf33b8ab12ff7c9e7e764a1ee12d7bc43d5b03b03acacb9fda9673ccc338c5f5c68d00e0aca5853f117ac704d087565af81223a9a19363235115f70d3c239546ac88b60519400000005874c69a7cded5f18c56a8f8419a2fd0fd705a1a5aa71136948e2942be07145bec8d8616708e1ccb81cbb209d638bddf84d29395339d3f8bc3da843352a9883d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D17C1501-76A8-11EF-A073-FA59FB4FA467} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3044	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3044	iexplore.exe
3044	iexplore.exe
356	IEXPLORE.EXE
356	IEXPLORE.EXE
356	IEXPLORE.EXE
356	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 356	3044	iexplore.exe	30
PID 3044 wrote to memory of 356	3044	iexplore.exe	30
PID 3044 wrote to memory of 356	3044	iexplore.exe	30
PID 3044 wrote to memory of 356	3044	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fdb7ddb8d60c07c4f0df3d56c65d059

SHA1
36439e49fca1a14dff25313e235bfc6b1ee1f1cb

SHA256
931cf833fb12e9eaf33f23fd17e7ffc075ff978d9ace83b2b41f349ab1a5f3c9

SHA512
0883baa55d0da22eda61200efd0c4d2e4a95b66f9abda7849eee87e66782d17cae551e77d6a98f1a6af87638166cadabe22727f38499c3180c5564ddf5a69b70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2555d87c9690238ffc2b07e50b974212

SHA1
b20faca2e03cce5318ed734639da1fda273e6d06

SHA256
e0eba4f8bcae618681b7f4d1e016f034a54d2ed011b1ad1a9a04ab2bbfbffe74

SHA512
3df6a0729f9c98e5dba2a062ef63c05549a2e5d7d41b13587fb1f8654e508d5412726933ead6aaf1e3c75932fac56479b7b6620c704a6bef3748d0b7abf7b02b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a982457013edf778c2836cffa7a4d37c

SHA1
3d1cf6c9882a7b9b15f688760f84bfc4c03797b3

SHA256
a730fdd0f891aa3da23456f83452a0409418cf7f34c303340dfc170b41b72321

SHA512
f7b1fe2443afe3e162985fc7f75f057961f6cb51c47aa4384a0963c5dee4a511b248f131c710247cbc96d8e7dc6cbcf2549beb14cf3e45885154c2aacda91a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
268b76cfe400a20c74a04563c9cbe358

SHA1
30dc0c1cddc2aa0fa018103731c4a4ab1e68d343

SHA256
3381a5f3ac9b4656269b993f4c91120a845ed7680f447dca21290f9eb61480c8

SHA512
53f60a8ba9aaebb618e14b47d1a43f14ea05258e00e5d094d5e8ff87460c58fe5a92f444d959a7e1c821378c2094bfef6c85e3a30fbd1ed98cf980e785aea9e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25b9176f273e28a7ca16f1754d711b1c

SHA1
57e4e8248a0fef61bdeb312b9f38051dc1d7c889

SHA256
75f01780625480b5c8b117848be31d3de196089533604105c9ca4f1720dc841b

SHA512
829075d8a165dfa6372df0085c44d4369140e4362af50af0c8fbfa5b8140ea05c97a61c0fdb8e25669fe4cb7df1d266ca23c50794a15f3e743752b19f083e5c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48cd73b6af5cd2060d3a4c6107160a7b

SHA1
0e0b055778269417baa8872549eeb71dd255c6ae

SHA256
80961ae09e41b6e11d94f6678084bdcb3e60c7a51d11817347a434a5f2c973a9

SHA512
237819676b621cfb365063e82981a1abae094ccb2a3717dedb7f449978b64cd7f7b2d074fb77038c37b9d27c82ebb17be50f79894fb5a7786c0db90ed04cdb73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
868fa8cfb3aeeff78af4b95f8e187ee8

SHA1
50784645d2b45d8bcefa59c38bcc97844445c1e2

SHA256
442368b973b0b7d21df9cf0b0af3131de10ff9abc85f65c9344dfb1fe25d6783

SHA512
b2b8c38d385a79be48fa8665c8ff0b203deed6fce454e4fc32d172d4e8e766cb7f44dd31b5c2acf895906c9ec8ec61303d315751acfd082ae581aeae9300b3e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89cc006237088e818ccd6b65b5e97c9d

SHA1
abda70a4990967fc12643f4dda2d4677e231340d

SHA256
da77db831f1bbd343a7965f81b4403537f17d9ee68d0cb46bae3b1a8aafd88ef

SHA512
d0baad600d8109ff212697fd10be2442f0be7d01817f77f60c713f7fa0005b3b89b478e97ae6e2e0abd974d729b74ba80955c3f20740cf44a7707228329b5490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c4274ac2053f4ecdaa3c1438987c799

SHA1
94d821367e7fe5a450da17e2351fe015116c3058

SHA256
3748194dfe2bbe630abda18dcf6e67121448af15bc6fe26f1b946c05ca54eb13

SHA512
73f5d1cf58edc154aa7c2f6060032f04645c889b5cfd65ed0331ec487e4f081db6d3c4ae965575171636f40cd3326b7e853c79cb9ca5f77e0d2da9d37f27e015

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecebe58ffbb0d072d0c122b9ea23fbfc

SHA1
5ac236ce97954d14babf462a9c6734042d73e4c6

SHA256
9987d12be2a3041e5393a7ab7bc66f807027f15beb9f91be0ab1036c293c4e97

SHA512
e9e5b75e1fe835001ce3497f33ff6860f44739d12fe22e8045aa3c0153098681a56bd299a13da52c9318a0766ddf9bc98342b327b526b373a95dd3fc1d3d8e2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b23bd2e645d31bf5c5e4d398280a1f75

SHA1
0d81abbdc4f7aada4b632280be0b1f3f4f294130

SHA256
d76423a24a93e7101aa4f72500fa8ff24f785e0f7e94b040afcd01f5f698f7f2

SHA512
01a2138329711aeddb1a3a19d579d48acc1c18b60d5d626863cfc72482f51e771fae3c79685cec8be76608270e2cc0da8dcd0592815845706644d7fb9811d686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
087e7b6573aa4472f939818efe108e02

SHA1
60763af74fd87f9fbdaf1c1f43625877299fb8ee

SHA256
af65177d51e37b320b1fd7abca7aafdf248992971ec8733063b4def71ccc056b

SHA512
fde7a267c6386b9a1dc71e889b15e2a895d9b56fcd7c468a7565eede80f879d6c2601cf9b7918ba9bb4b05849dcf276354c9593cf08a021ee463ce9f1d8f92de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98c499f9655ec378f32acad0a3e8cd5b

SHA1
90ae5f399c773cbf6dc933b763c71bd358cf475f

SHA256
89a7e2e15cfb2c37317ef78e6e2225c9222f19cf13b44ed615bd5df3b64c5909

SHA512
7705e4238437823c6a99076ae1eba49604e43bebe551ea220f97042b23195b7985da877c12358088c1fc52130a4264e3b64238a0f643cf81594d20e90bfd0584

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6848dddfef70cd38d744ea20c776aead

SHA1
7ad0e7cf4fc129a6824d181469cd63b87d5df79f

SHA256
c412539e63eba0605efaa05e9944cc58898effb43623cc629c4a6dae8b2012e2

SHA512
e544c75113a6687c5d5e5d152b29d1e97cae8b8f3780fa3a88f57deb86a9901515ae699c86c64fb1be3f6738ff3f045eea5a74dfbaeba6c5f52d20c69537f107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33a9cc6e1131713822fd8716be386917

SHA1
1e343c9da874bff7ab1bd7db87794be665394cb6

SHA256
8644af796bddbe829c2fd891bb086c3aad152e067230d45546733571f028cb0e

SHA512
ebc002f1003f3aafd66cdc90f12a8a38b62af85459af42ee8596afc3f6ad7a3cee775d341e9970524fe73c975c89597f8b6d9824dfc996b25c1494601e83c66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDA3B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDD0B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit