1bba80c32dfcb4f17e4260f942ed28c642d7c9e1932120760cc816e98ba50a0b

Analysis

max time kernel
137s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

ac1c971b07f415e30911d5671b6ac69d
SHA1

a16dc4fe8d83e590d4a71542657be325df893d75
SHA256

aac79810ba1a549b8daadad01bb0fcc277c60f1bd402631f6a3000d83f0766a0
SHA512

4d5081cdb50982ca05a114d4ec5a8bff0e655a80b9ac528a093f1454f34a157d7faa2af8f2739a5eb1198a9dffded77994e18896b316a3c8eaca798188a606e5
SSDEEP

3072:SKDGug1QJc9DQyfkMY+BES09JXAnyrZalI+YQ:SKCF5DNsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433080192"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2047FF41-780D-11EF-B2BA-D686196AC2C0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2360	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2360	iexplore.exe
2360	iexplore.exe
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2588	2360	iexplore.exe	30
PID 2360 wrote to memory of 2588	2360	iexplore.exe	30
PID 2360 wrote to memory of 2588	2360	iexplore.exe	30
PID 2360 wrote to memory of 2588	2360	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83aa57f6e369a6434a43eff0a2b7b8ac

SHA1
0fde3e2c42395272e7cbec4e4fef7d45bc0afec0

SHA256
1696aa639b980f151445ff4f8805025d5769c00b30cfdb252326828e0d109762

SHA512
0103681856573065220ee475e6f8fd4d73fee4c5317aa038b3696b52fe03e8d34f30274c6b96ad7cfcbbbe2e1bf9976a9bec331e661bc421c851b45ac874d3bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ab247c859897707de1d4510fb9eb7fe

SHA1
eb43e2720311fc5b810cf4cff424cbb51b4001fc

SHA256
ae374ec40dbc4e5444b076c31f54e11b1008650ed5560e5e285919b1ab6bcffa

SHA512
08f1750512119715492e9bccff533965f6f602b2b535c88fded246f7184b28e16a96a8f7e184a40e9fe92e82495402727a423341f8da507405368abf8536fbdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
249b9597d5fcfea6ae743b48e5e78179

SHA1
1cd3da3cec9a0ec972be79201c1236c9837726a0

SHA256
df1c755da614c40809cb029f2d296121c10d7b05345d378a1ee78f5c80095c2d

SHA512
ce388b6b8c07a36e6de8f37a1b75825bc8c6afb76f257b0a5af5d78e4c5224ebf4ff5a78d657d0391e31a42aa8504c623858ebec5b9cee356283b201eaf02cfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f6cf05dad07f58d4635076a0d33ddeb

SHA1
2ab3e0a096603fa8860841c304c99cf1165ef401

SHA256
c7fad19be97f9c2152af58a9bc2e36b2bbdc91c6c0c7708c3fe5fc9f0422ab11

SHA512
33141886e87801a30a7c455965204d8ce8c5e30594debeb966c1f8baf4cc74d1c8f15d42c3048669aa609ed782a58cc240c1f4aa11a10940d99405d12d7e4e05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad692e5fc53539829a92977c6b86910a

SHA1
1c8c1571e1359e1b75dcd1f93b371ffbe2eb94fa

SHA256
64cc4b8d814a40cadb182a7f548d4a05708d868a676c4c6952e9ff0e5ae2c668

SHA512
5f567e7810503cd0cbf685aad0c44b10e91d8e027bdc1c84ddeced18feaa0ccd80ebdc62ab0438067f47d15c6192de501c605e4fa4e1ffb2868848d8c2239053

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c18fe54ff03a2580d845ddc04b9cad7

SHA1
ab7180372ee0ad0684ecb847e1c7d50f52349794

SHA256
caffd96b38d68708d150b0d4856cdba40d05b1f1954cb099c86db3f6c7d5e209

SHA512
4345bc1940cf373f44fe5e8633d66075c5b2803a2d4937410b4591801fe06445afa34323183a625e48edf79ea068109aaa3cf1cb8084018a20c1e068d08ab67a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c94152f764b886768637dd7b3d47a15

SHA1
998fe382c2785a1a436a28816c8ac4f34db5e2cc

SHA256
2392929d5285221965d9121f96cad7a1a66691830638aa5fb6e2c629d6cf08bb

SHA512
047c1c4c1c9fc823a305cf9ac23c42637be5ebc10d58c3ed4b4566b6b08253e417c58f51bb5370d48c09deb16ebad5ab9e9340d9b3e24af0b67ed15a4c691cb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a963e23437367653b208ced1f742e064

SHA1
0965f32c612390a1d8100db6a44eaa6d3f9fdccf

SHA256
0ae2a2b6ad7f85da716039675a693311f04f9ad9ee32af6cad33fa21ed158dd4

SHA512
4ef3be7adf0b8265eb03d27a296d648951e3e82101fe03ff4b69ee544fe25a6552090ae139a3662e6c4980903bbdbdc549f63891cb2b46ea0ba562689f1f83de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ac329438a06887e5a549849715a3367

SHA1
655e34249f7e7556e1797cbf122405c2994815ed

SHA256
2033e56eb7d5851982ae41a89fbfdcfccd95da13754d777bf6c39304a76c79c7

SHA512
6e9e106d1880194858ba66c53bafa48996849cdc79e6795e5d10a9f527b61b4f5563502ce1d3f68bd8186ea818674b38a3aaf045d2c8c10fe8cfd754b89350c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
788e5682e8a2a465f9eee44ea89a973b

SHA1
660d8028923feff656e7e6b7bf1276556993289f

SHA256
8b9338ed4f3c2d2f381d041da30feb7d4c668903c5357eecce1cc722dee5a62e

SHA512
1b9b02a3def82da09c9c101d9a1d4819d4de5a1601ba04426ac8e63acc5c9f5dc49dfcfddd7cc527078564d312791a6d2beecf63df00a2d4279ec96a488745e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2985b3b2941f7f1d120f026e89be7fa

SHA1
a939cdc8d6afaa93a91ec0500021a18afe2d27f9

SHA256
406dd739e2f512e3ddae36bbf42c255a16ef52727698cbfef87b9644953d8aea

SHA512
f59f0c32bec417d4cd4a7bf98fcc6cd21b2f157ac1b8d28e146371599091525981bd8622685715ad24c51f2f4ea3778dd7162621140d6c76b7acc7998ecd3eab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
897f03a397fbac686dad040254216087

SHA1
1cb14ff0272192d756ddce6e06279455e27b81d0

SHA256
0b468ad12e8214810e297d2c284bd7d7b1c47158cfe149a109eeb83fd172d8b7

SHA512
35ac3b5e6db4d29c04f67a485fe55c06a08347644869dc618d12785edf6f026b5da2f6d611b4667a255c3338c185e916f47513d67a8d33475c9f44ab8ef4fe99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e03627ecbb6cee87e9a412e9eb95aa9

SHA1
8c873759d660506e5f3b1ef42f71a6c898166c99

SHA256
b48d4a9868e91033ee260f969f9205bd9fe8e9e6262ec655f26a94824b524046

SHA512
428a789375b5c1c8cf02628bc1cba14c8ad4e163265258f2e6c02502d7c4b3c674bc42385901dc9629aac047e6e99c2dc5b5416b8f7e880049ffe8fc7097db4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b1233bdc47577dad0836156127cd85d

SHA1
68bdca3d7414fbc5bb2eae9ea8130010222364ff

SHA256
a3862901b1b2cbd144747ec22907b9565c24a320875b62881c74503c56cf1097

SHA512
525a38adb388080930b5c80829bbe3902fc4750d2332663696e089d02be0bdf6329803a4820bf0c4b4fa1fa59b09525dab37ec12c773845170ef400678169df4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ceadee20fda60615d1ef0ca698362e04

SHA1
bce0d4ef02f42553abdff9b56ee665d493c065a0

SHA256
05c39876f5ae2401bb8603f9cc7b45e0d3000b005ffbb39364efd4661b9c5011

SHA512
68fdac04b0d02eef1bb3651dc96d49e583e4655c516f8d7ada8ebca008ee1fdb4d3d31550feaec77e487c3e4d4ca94133a472e5fa0167f907c8e321b8e4e9045

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5af75f76196a35ca8fc0a4b6e56ec95e

SHA1
10ed90da6ceff4f395db7a7ccec7bdffb3d11747

SHA256
3403e57ddaaf37834ca535bd62ff2d0a984ae86a4be79030fa00e58223399446

SHA512
7ef1f85d2bd8129fb108f7975dfc111b483ccea79c06e32f3a7bdca6bf2d376bf54c8f343f7fada0c579b7fd05469e0b1a515a8a835c2213efff49082fb00d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e13f7d1edee11841d752565837605947

SHA1
2f913588300949169eb0c8381610f17b4c9d690a

SHA256
fd432494ec5cc93e1b9cfbcaa3400ff3405a102f8ede2ce3b3e98c011516b572

SHA512
ae5d3c11aee07d83e817352a0bb023943c036ab4218e6aed2c4bdaf98a7289dc94aeb5b634ed13257fd5eee1b34b322cbd47aac7693b0ae38f1879ac1f35dc41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0247daea3ae33e668830bc020f1416cc

SHA1
4a15d6092f76fbe016f782cc6162dcc191f73444

SHA256
fac34a436eef47f233ff720dd6cd0208ceedc5850a3e1d3a2a52bef50b2b4f0f

SHA512
852714302d96fa204e5a8f4ea6e3a38440944b6985255bfc6b62a2ecb9202b362367fd056d88d3a2f305780b21d36e87c89d5e31c8805817ce92a80e58bcce37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e30ca4dff3f26e9d6ef6dc6b73d922de

SHA1
dcc998cc967a311fa28d003b4becc041eea67931

SHA256
785e2eedf457ef0d3e7fd79b11a375af1658179a6e36745c05b0ce6b5ce3bb64

SHA512
1a0853f6001914752a2ed1675aa6e857a0f1156cfceba55879d567137a31c980919f46d9d99413ef2fba2f7d73d6486152ffd684c374341a00d9b9c111936286

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b89226b7caf1e57709b05d44d9821a74

SHA1
2ea1471b8049b1697f4e4fbd97e3f99b0dca4002

SHA256
42c03b8f6b17c45ee17246832f99adc15a05fbe26672a61e6c2b9e2ff94f41e8

SHA512
746324f36aae7320b03586ebf820ed63f484cdea3f3a9e09ea3cbffc73b97effb8ee7b7ea394ca7a395fb0a8aab01aa8c3533b2a2555d3f4ac4ad611525bdc8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9934.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar99E4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit