81d38df7d2da68eeb3b27015bbeb72eff4b6a28700f4e3237b285c5c8b03cbec

Analysis

max time kernel
136s
max time network
136s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

00033b5ff5e774eaf281a99e49bdf85d
SHA1

f5ca1fcc70a238014365c7cadeca4b2c32132ba4
SHA256

39d07de3024f15c2ddcdfae1b98dfa2cd1110a0303f2358adca9d92979623f16
SHA512

675221f6335e36a5832dc21fb10b859c3613be44b7854b00ab33387bd2f6b239f6df9ab6b845091d4c485a91f21e846634bd84402ae381092fbd4c5f29266fb1
SSDEEP

3072:Sz297ITJQZgyfkMY+BES09JXAnyrZalI+YQ:SzRGdsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{660A5E81-7B26-11EF-94CC-EE9D5ADBD8E3} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433420908"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2404	2056	iexplore.exe	30
PID 2056 wrote to memory of 2404	2056	iexplore.exe	30
PID 2056 wrote to memory of 2404	2056	iexplore.exe	30
PID 2056 wrote to memory of 2404	2056	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce921f78935cc918dc949e421c082e0f

SHA1
a779a13d16b96ff9dbbe5f1038bbedf7ca719d68

SHA256
c2bd47920cda864b4e672040cdb036bf80af3ff84b605381701865001eed41af

SHA512
eec4eb6ca9839a77160e446c0c3982ca1861185139df77cf494e7be677167f0030785e98b1e262a058924f2cdfb6dd7db14f00317b2a177077382c61023a6db7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d6e5a79a92f8cbaf313698f361659ca

SHA1
6bdfdcffc8c59711324cb2dd1a8d581d44a34127

SHA256
03a5e5af98ea6c83d5d9400da88f99d1ec9410e636ceba322b507c9593184a79

SHA512
e5d340553e9bc58482135540a1b20082bacd85a96e7b9ee2d2ada3b1d35a086b65ad87e7ab8427cfe98e4b357ced8d9584fbcc538849eebab7f505e4240f732c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
449b7cdf91a111c1c13ef41b392f2e2a

SHA1
ea789d7c9ed63b8d08c0616bbac6f37d4a3f285e

SHA256
f1150e0f6732829c5c0d81cd7bf7cc3b31d419d2b0e4972ede98fd4fbefe3710

SHA512
89951b4a80e163ead335b35e37929906f65b1cf3a314eca2ab9d10a640c6a388d1e2098aaac44702ba1fdaa836de9d5c9450b851ef4ae172b8e752b4982b6a41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44b2fdf52c7346951624aedc736c157a

SHA1
c005bf45a2d752bb2ca9def64141032dd6347362

SHA256
83522a3e9adf2e555f9fb342e35b7c513d245f001ff7a3cf554d542bcd0d6fbd

SHA512
590f27757287cc42b246f8dfbdbb7b3f13999a06a85ba43898cba0e4ea98f0fc5be3110a84893b122bbb20651c64160d58ea50132278e81b210f798015685786

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
636c4cbff58759c01eebb6e7c429bab4

SHA1
93c6a8d27d9ed087e298ca52b87baec785418a11

SHA256
b7572e3f51e7ce71d4bd5ccfefba4fee8a71e50e463302d99e5362091d45b6e0

SHA512
efda263c6a71ee5988e2e7447d7106da17bc5bc57e19d1450f82fd2eb73aab49a09cbe30c2dc2bb79ab3d8e8fcadade4e896110980c4c39ca03c46d4a4bc13e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9b717c5a1c8e87758ef9f373830aa86

SHA1
cb6c05d7054062a53c47144cefb3185942941b4b

SHA256
5f29cff79f13c04ade96f685e0106d157fb62e1308531d66ceb879ce951d7786

SHA512
1d777cda0387a79079af9d73e3516d319355ef6167fa95450f43f34eaa446c02ee290ebfd1347f9b8ac91c6eeaaacd1f344762c3ff6074d92a7099dcc948de6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5651124e1c23c74619f6ba67a880703c

SHA1
16fdd9ed0c13f0589959be012b41aaf7584a98c3

SHA256
ed2cdb75da214de9e40ae43faf41bafce07dafa97d1d682a02a3ae077280ac40

SHA512
7826c8033d20a3499bb7513ea4748e27374b284f6582521da97fd60264af9900ef184779320b7bb5f2e524b35e134bd1b4bcbbfbd7ba667457e1ae9485cd9f58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b99d7b9d404c7376d02ed47147a0792b

SHA1
38af152aa80fb910ad206843c2b25feb9737e07c

SHA256
bba06e6c37937910c300f9e07f8df8dc105b959acdcade273f60712992225d04

SHA512
c64919a61d1b397db649491a040eb8a82debfd00f2e44625f0779ae713904306d5c93ac13c4fa2e68fbfd18b8d21cefabbd6db095bb75ff404d70262dc08b9c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31e02e464376169ff41b11bd2b6e220d

SHA1
98ea18c2f3f47ed396831991b347e57165dab262

SHA256
34f1cc9992c13532b7e82923b51a52f889977bba683e2e5affb2e8f1caa855e6

SHA512
af94c63422661ee42a3d152943c14db4d35e1b6581e3616dfe08c25cc7fa46d9a0db3ee0f21d2753a19df34fa022bd6fead949c8064b360ad188a5a11315c220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af681bfe07fe18362c1e238c72ac3c12

SHA1
6e5c1ecdda8d454657fcfc96a84a18b1d7cbe7f0

SHA256
48e61480faa482c7e00d773ceee4393bdf4c02f66ca08de4e6cdca1c2979491f

SHA512
abfa3725a0b89aae0f3b089bc959c745b8c480f3126472c177c7745b67eac60d628be344f0a1b0997a4ecfe1a02a73cacb7d26d9862f40109de73cbc37ba19e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8ac5ca154c6c96e1a9b33ea5e79680c

SHA1
910b37ceb9f4627c47817009849677964ff98217

SHA256
a6e6fb62666ffab1e6bd2bbfb89822595fff8fc8f66cf7993115c7d35148fc93

SHA512
2a02428de28167d0179272164179a2ee4d15d671576742779a72c4aaa87a2a0e5c3752c4da7ce651c60bebe746f54871351a531050360b59ff57d4feff044986

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d403ab30f6b7cc33cfd75a702159125f

SHA1
2d6c8bbc2cb17f66bb5a0491b31ef4cd36440dbd

SHA256
cd8b4dd252a7991c097b25530a4c565e117880966906ded59643ead1ca9175f8

SHA512
a679472bc459cd5932d05803b6893653cbab92f3fb8238056233e8678304e08bc608c63d4f502855d21ada3c2a3396325021bc1a5b034e0202ad32d6b92ff0a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c511efeb4424daf7ebb903788cba379d

SHA1
f2957a9dfdaf6c5b521e97f6ae878fe5edf0b411

SHA256
676e475ff5b9d08be0ca2cba21522e443c36cd284ce199a075f20a2b0a8c07d6

SHA512
11f69dd1d1b7479f51191d4dd233860c81ec1b93768f0502a0216a95683c1ee44e5cb100730eeaefed01f16eaeb47a7595dc6df2686e3ed92b901e1402ac70fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cb53097f1f0d3b3793878a95eabbda1

SHA1
982f271f97f1ae55761b8db749059556be58c410

SHA256
6148611cae9eb5170a7aa7f05c7682566f0da2f9d838791b69c4cafbfefd702c

SHA512
8d092e858a1b0cf67f2932e6f4c0ae552ce06f0b4f874085761f5f43de0e3aed89de186600d356e15d7cadfcc532ec9c168e9ea4cdf9acb6e1835a020a8a2e41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
709d04f0b0b8695f0b47c2cc794d87ef

SHA1
6f4619153bfda33316b0cd0918150df56c637aea

SHA256
b58e451141e13c119ae57d9c4f9ba063d99d5f3e25ef4fdf21dfaa0a9e9e058c

SHA512
131c7f942d82560cb70e218a3ef13d9bf2cf083bdb3433a74da770f85b6b1edad1af7447c3ce54db9a98fcaf663bc65a78ee00b6f70e9d7dc7fee7b9724b50ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ef8a33ac9151197064ea29c9ba9db9a

SHA1
dffb19099b8518cb62815bf89f961eee3b46efc9

SHA256
173ed9238b3325b32f649572ae7d06286cc979515b2b198fc7445b890c5e5aa5

SHA512
103bfb0286e40391237969346cb77b112c5a9a4cb4d4866a9b122109c58920382bd617e6820fc10db96ee948a642f8fe34f9178c2d59e7091bb45b7ba56cc277

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47418f8ae781c93fc733cf51508549b8

SHA1
7c6093a4eb5c8a80dade9b8df4ad1962a11eb355

SHA256
9925a158ae552b76e327407a672ae7373639a75de61d9f17bda6c0cd896370d7

SHA512
0c41810b5fed5f6478a7b0aa32e4fd11c967f86ad117c82ae39cca5ecd76ed302854cbdd2288ab3191a2cddd5b1f4ffba77999782a360bc65166226e76d6b930

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03906fc94296447f5cdc4e0bc279e5eb

SHA1
65ef53c026cf25386b0c3dad01cdb9d59c22ca46

SHA256
95beee071cf9f5b8ad4f5150b18bfcd59af74cb69c11dc54db15953319030429

SHA512
2db18a3f77c9754acd8d915f1261bdf0cd59cc8a839b6fbf309e1efb6bafd2c92b5ef9f8c8b7d034538c6ace98f04df911e4f7fd0c112bcb851e4d0d0757883f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bc94f18ae990ce4e7d895d8f15e456e

SHA1
2ef5a051407550a621d799137670bd4867a09d2f

SHA256
7e8272806d381f9ff859bf1d8623dd74a976c2318ca3eac21491c0b42921fa02

SHA512
7e64fcaf70c8753c8de036086431d2f4f6cf939108d6a46b673604c7aac781254b7500c4b732e3ab1f4d6858a2605bf178777943a958c5369f899290853682b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF1BE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF221.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit