096fc5b95aae0d949282500ea826db5047a7c448b2398cf11b851b8b2a39f462

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

ac8ef27f7dda565c0b5c05c78ebbfaf2
SHA1

324a811b321969ae1894a0e0ab860e67a5d8c4e6
SHA256

b130bb9272bd9a4f18d4bdc4f688f4fe0681f4d2d87f01226db6d9ae25aab8c4
SHA512

d099c33442364989d5beeb1fd9ca6faf4ce5a0ee62b150159f01e9997a6c54eb60a23e1a2dc1fc6fd56771fb9775eb37b3bd174784c0d3fbbd3303e779cef48b
SSDEEP

3072:Spt1YPUVZ2jGv0MyfkMY+BES09JXAnyrZalI+YQ:SptFijlxsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433074391"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9E9586A1-77FF-11EF-BCF9-7EBFE1D0DDB4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2632	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2632	iexplore.exe
2632	iexplore.exe
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2656	2632	iexplore.exe	31
PID 2632 wrote to memory of 2656	2632	iexplore.exe	31
PID 2632 wrote to memory of 2656	2632	iexplore.exe	31
PID 2632 wrote to memory of 2656	2632	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
465b0b55a2de537c3ec93714f8ee7f33

SHA1
e8255480a90aa0f4d914d03a0c35f3babda57924

SHA256
70bf13c7820c13d2b4f46cfb2a1a46f83a0c210232dc3e81b6940e07fe61f0af

SHA512
00f066c91e6056289d5a7ea67a2c3faf25085a93a9736c8ffef448f35c953fd54ebfe143fa11b2b6969e48d912069855a32d8b312c2ad09f791277e9e2e6d8f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b388c064e99441ab126e2b4606e4dab9

SHA1
3b9f34490585f329a953e7933e818332fde62b09

SHA256
0d9edf47fff6b1051c092081cb9094f2fc1f7e4a2a970736c67cb78b235c45c4

SHA512
fefc5cf2fce9a141c1634d01168a3233ff1f799f4894e0fbf55753c1e680a1a6074b72a2c0bce84c25494a87c772d7260fca5e812133c40205c7c3ad9a2e35e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d99498628cacc43d2a0c0e06bf91a1a8

SHA1
fad71e608c4d74a41fea015211fc97998cb1a92b

SHA256
f5040ed1c7c13a2d2fa5e59ddb1641da0f5f28ffef3732b0cfbbaddb9d9ff1cb

SHA512
289dacc98bac6a39bdef1998ba85b1a9facc1ae0f1108eb8f9353598b8e0ac737fcc67e7bca00b2687e4702942fb09b9ffe3f1373d06ebd92b31647afe4cbdae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d716e9230f055e205a3e5e892e08859

SHA1
52eb3a9635765520b20c549a1a30dec62f9d5186

SHA256
f8ad63ebe046589187097ffcfd67d302310300a837d36e13a3b92fe5cb2d7dae

SHA512
35588fb5e3a3a4bec177a5e6441b490a7c5e21ce339175ca0825b981128f74f37a17391901ff378fc55856cbbcad47cced7e94a3fe6f9d974dd820f42d250988

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6d426aee400b0b0a9806cc9c8a6ea09

SHA1
c3ea16681cdb1030f7d0e4a1323f9473aa8e67f6

SHA256
9dbb67337577bb981dfeee1ddf31e966b35463816d5610f233b841f555b3bd3d

SHA512
30e6dfc0da877e421aeba6ddc251b7cba11783db33a327150aa2fbe7c8cf352a26233fb694ab1fb5e8cbde731d995ce753c6242fe378fe0735a2f5e6b75e0b52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bdf15815172e27acd7022ba7b788e48

SHA1
653e65eed43a1846e9c431791f53c6617fe1a04f

SHA256
b83b8a573515ad6f26015d00c17c0ce3935e758415329fcf54cff85ef9151ae6

SHA512
ab16939491695f1f0717e11871b3cf72a8880492d3fa17844f16d088f67828e2bbfb2f74699fad9c718071f9981a5d369775120756e44e843b93afa7349c81ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4afb59b9b44fccdb80a4508d495d59bc

SHA1
99615514da6ad88b14f27d5b815e76c26c814cb3

SHA256
f255797504234c69610dbba0499b6edc4f7da59ae0c4b635d57b83bce406d48a

SHA512
e493cc31ee24824fc8f9032104e06b21054567670bfe48f97ae3e5171be18654d1399c8a5e3a2c8e000029de414562694db72df4ef8f53185d6c360d9e05b48f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7982323aeeaf1b451bfffc4b64811ec9

SHA1
347e0621ac1696e3d14a452a693164e030fdd784

SHA256
d3db7397b4de011669afb58b294886c67505c4f5a671b5268d6ffbfb281d8219

SHA512
94754ba21d5458d0b77f6a93e8603eef0da74deffe0dc76d297cb109b3c3902ffa553062b46e5bf7209a2a8493ca0cdc616db5bcd310ea5731e8304bbd740ce0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b5815aa0b06a56945acb4a097b7c474

SHA1
55da00d092915149881fddf863b810155971d463

SHA256
ac974d3b3266eb1e3d7a255e5f9ac9cb1fb62347f7aa2c66229f754ff449053d

SHA512
8499bac30e99f24202b8e1638117e2cfe2597f7922ac9d3ec97fe94f6b26986be7a5d6f77f430bdf58a994215b390bfd67e463800566920e2439a2a359aa23ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11996e43fc27c96130bed98f062e1134

SHA1
1310bfb4f8ea78f1af2e3ed59c2840ef10aabf11

SHA256
48f11010dfb56337db2b7e7207935ea18acbeac078734c42dde4f1fc770986cb

SHA512
0f3d375745de3594a44159888a98b9d10234663b73270df3f03bd9f9e58096a3d5738bde2bb83d78340b1e292c90886af55b0bb622cb6a4e26ede02eeeec841d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e77326d4dfe1f7bb108a1eeb1a74f909

SHA1
c4c804cc44e5b89ad6dfb17689dfdfe86941ed3c

SHA256
b82d511dd059cd7914286a6a4c2bfecf48568dc71d1fdadd0f7cda8f7e7bb413

SHA512
fa761e097150a26c988e3aeeb3c6e8d98465c5c694374b3b24cf1220cf02a5597a10206506069d1cb5acd3012c0d791c732fe83e71de91f6ebf86c23918f3335

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84d561e745a53233cc2b193e8693caf3

SHA1
486a1b57fbf4a75c44a7a88ee932102c26a57352

SHA256
d7a019ae91060fa04062ce0432a0bf3a7e5664f10359897d63ffef22c9e5b76c

SHA512
7a8d298d4aea3370a792b3dcef7f91100fa7c14d49a60f7609a0778709e2d061f78a70ac8eac7f1f4b9bd4e6273fd457827e3a0f0c6d51879e64b790afa2cddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1af81aaf99db6938d97125d34b6d44cd

SHA1
6a213e2a18d5c64fd6457509828e3b67c3203e7d

SHA256
b752afc086729c17e39a522901c640eda2a449d7878a45edd424c29f5a920df1

SHA512
3ace150dff84edf4b2a10b41664b74edfb8cf4d2666724d8e419a6ebc37edbbaafab579d8d127a89b4013cce851336992617d18fbe65816832dd2659e8697b60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ee7d9955372fc5e5554d531deea42df

SHA1
633afdac54df806280139b2ba86b4232347a0512

SHA256
fbe961c3d2f77c25a3e5c72aa4f7dc94b0d998bee6c4fdf4de1c94677009e018

SHA512
5713427eb17d61b5b24576507777f7162c191cc5b71ee8923226dd05502ccc75e56e7af965ca9f3f7cc6346983fbb1b8ef1e1096038c72e9aa34b736f8092d49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0db341a76de4d338dacb397757e95e0

SHA1
58fad7bfdf993ab36d4d4b1b5a022a3c20bf6f6e

SHA256
baff0688c57dea4333ee6af16d174e5737fe994458c2f9b823552d015fafaf6a

SHA512
be49c5733124c337f2c6a59b4052deacca7c0847b43b051131954e6acb24b2caef25e977bc9ddaa9de2a89da84ce64793c8ca46e04813629900c355dc0a41859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba53ddf2bd3b35aff8148d28c735a0df

SHA1
5956b10b925c8f430ef42ee7e3bf249b0c7d9d3b

SHA256
a48ab7a5dc4870153aec4c0b063ffe9e9334db1c75bf16fa2d17893adba14c65

SHA512
815ae2f5617c5a2483b5929eec8ef13576433536e2ec0f504625233737ea090b069cefd55d346eec3079999ddd1506a4e3ba7f1f977bca44c89680c96e9af270

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b839e832086aa410b0437f86e5de4b1

SHA1
fee0773e91a919e5085fc3fa24a0d7ec9b8aae51

SHA256
641145f5d998d629dad064b5ae3d7954e9d3891437002b27e41dc613045d6929

SHA512
2950e48faa3469782d5d05e951d63e2a00a0668ca4d4a3a5600b07c51c1bffc12f1f7653d40c8ed3086ac0db58b117d91875f34b82f0993a925957dc41278b22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
553ebc9874c29f029cf9af705074f023

SHA1
b6294e058495bc3ca2cbb7593e35aa631485a8ce

SHA256
2d615db5b6f5c1aa2f15e2082201731aef6aed7d30f6f6922503675b480a681d

SHA512
18fb6d163e4ab00ea40f562605aebd96654eaa33705282040bf09b7fa3de75e182b545aeba1346e92e4d5ac5abe4d7ef863ebbf294755fc6afbc343d5b0df235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a70a471ce2b2208777e5760b77c0187

SHA1
e7889b2ecc3c2c56b985e802c8ef2321a6ce8700

SHA256
5f56e81e53e08ee86dc9135aa77865826e147cabd39f45aa5985a63b752e4f0b

SHA512
0ced196a116846f20b69dd1d4f182a3c50fdbc53f41c991afaab731fe6cfcd5fb62d3d15cb71a1d78f9dd6ec3a87abdf836c6e37d9fa4383d63ebcd199e155fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabED0F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEDBE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit