c8223069ba9a9a44ca5b0ee8b4d1ead8d066ceb2fa24cf0716ad172d77a31fd0

Analysis

max time kernel
117s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xz.htm
Size

6KB
MD5

cc72b4a6281bfe4abb2f7ada6894ef93
SHA1

ab3ee79dcb486127c807051195b51d488209cc29
SHA256

57161f7f88c5102b37b25826a7028fff989f1bcc3a1b96e8fc0db9f76a3b24a1
SHA512

b97a378f9041319ab705ad019de821c7b3cadb0fbda7c729430ba1f48131b2924fde9d677e49102a76a57406f47c76ed76f77d32dc6984dc40cac35dd2987dbd
SSDEEP

192:S6xus6KUmnk3oSYLKJkitEB7kidsdqqs+7l:Sqvf1pQ6BtKdqqs+7l

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000487bf7082f21bcd3b0290436d74ecedbe4edea7ea1657055674e9e1a87b5ee0c000000000e8000000002000020000000a11f38bd42b8fe0ea53b2e14a3c44039cf7b1a404601357aa01591dcbadd432e20000000f28148ccd5aaa338520feea92e880fb99d14aad9696892e7d183b20cfd9a7361400000000327eaeba4e2e8134c5a6ca421331747b809f4fb3da7c9b57f619356cff85473ff098288f5e2925fa4f1e2a06c731d66cad28d1efca4650e8606c8ffcd2238c0	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0a14871740fdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9891CA51-7B67-11EF-8002-C6DA928D33CD} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000017cfe3e451132b357a488f635a1f9720f773936e5204fa0c858e2477892fbbe000000000e80000000020000200000008a1d263ef226806626ebf41c1449dd56c673899a2e2d0b2bcc2129ffc22b06e5900000003a848e07b24a149ea9abd2561f17fbaedf77bae299407d432fed134b4387ae39bf9fae0017867f987e9157085d8e1c07756ca544183a02896effd676996e4a8866e996048b6ef969d68f37bf08048c7c64d0321ee024ca31e466e85c1320ff39af00bb98684455672133464fddeb3ed366f1f8e8bb82694a2da300e8337e80ec24f531aebd1354dbdbf46be0db92974c40000000153a756cf776ff8b12b897a1899f4cd98eef6283d4e48f1a1bf6f00dd2d44cf3887bbb45cabab316af00141054196a6a52b3f03d176ecd381c155c879a38cdca	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433448906"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1924	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1924	iexplore.exe
1924	iexplore.exe
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2920	1924	iexplore.exe	30
PID 1924 wrote to memory of 2920	1924	iexplore.exe	30
PID 1924 wrote to memory of 2920	1924	iexplore.exe	30
PID 1924 wrote to memory of 2920	1924	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xz.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52b5485891e6e031cf129c37257e271a

SHA1
4d135b27e7bc6313b69056391b9e71de52514d11

SHA256
4cadb9d51c017995c5b97efb9a4bf6d37efac6506a44961ffc9590f8660e4bd8

SHA512
a3a03b5afa8bfcfbe7db3ba7d47adc90203039e6f8ee62fa64fb6d62320ad264bc494388534845991e8623d7c1af0816809fe46ca64bd05b8b7e08925dc13e90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbe16cb193b907a1b003bd6966849387

SHA1
c1869fc1754763de1cac3f74c535deb332263125

SHA256
9a1bf5744301c8a873b7eb97864fe2df95f875dc74ec618b466e99b4420227f5

SHA512
130029c4ba15df0ce768c6e3674ebbf45b055ddb43bf58971e80ab88de6b4ca5fe29f623ff77c1da2474a00361204ebf44739bf58b2d5380c4b5c7be8462ab2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa03077f7f77e93c4e9d48b1ded25f7e

SHA1
4ed389f374c970ce105685b413cad601221eb0e4

SHA256
badd83f4e97ccb6d2382a4ebe474f2274563adec5a8a5d76b89e5566431fe7ee

SHA512
f7e1e013535e35a9ba8bb75299576df68ef3be239a373cc35c1282881541881ba059e340b4570421ff0b985d5f2e201421b9beeadd0050da1c583838b136199d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24474e87380e80f71e739f46803ca173

SHA1
11d56d90c0d799330849cfae59dccfd5d366ce44

SHA256
96b8cbb2407973b4b237cf83ec24872cbe8aff4e5e65c1104c4e7d204250792c

SHA512
bc43e0e3ce6feb0a1a330bde9b53353a9ccfc87538e9025fd632e326c9f89652a8266d4f812c260f99125a480a5f845cd74a8877840167c79a0ca37df273216c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d558982066ee375cda71c1f7e6495910

SHA1
9ef5a2fe12969722c54e0ee120d76c736b14fd2f

SHA256
069b5eb46c49416c68c8fd1032a07eacd6581b0582bd10e49f3b1ee7b1124820

SHA512
1f0ebd7ef430c2b955d32028cfb44f3f8a0a23259fea6f7f2d3527666cf28bf5fd33f0e54b46bdeefea997572395c117d9cfdd08c8aeacc17a66363b3a21a259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a55e99fb082ba9e702b4d945da5cc3cf

SHA1
e52efbff07cbd88fbf4d88577b34b1dd5462570e

SHA256
04bb06515e7e8ebac8a64b9c76a8d6974570055c4e3a3be971aa786f5516476a

SHA512
ad74eb9a1e4d717ff2513afafb7e0b677d600e672f3739c69ba26f3dbef0ac2c7cc7dc896710add6f44e250f64c17f436093f45f0901cc6710790f4601fcab9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ee0735028498028da5faff3356aeb21

SHA1
fe0973b4198e08d14962ed7f4226b7883fba3f86

SHA256
1bc7795363ef9b0ce6fa17b1d0f41cfa9614c4aa968a00479625dc4a5ebf5a82

SHA512
7e88ad6053a3e2ed8129cdf1f63fb4d3434a9be4c3d287df2485d09b742500d4c379d0f562986015a6a082139f75217c1ddd3f8de44a9a669fd34a1583596af5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2da22f532be52d91dae10a2497743358

SHA1
709fbf009974cea998648f631e80939b9e5e763b

SHA256
afd4f9544675dfeb24777f127c53acabddd9daab845ee49f4a775f9645d3f97b

SHA512
37fccd4d4586d55245bbb99cb82723439a666d11406ec311f2517e0dcc1b28bd90bcf9bb84b60dc24bcbfd9e50cdd9b9e057758276f06b45f5aaf1473c25ea25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5c730b1a1a1eade1011ca38db33bc01

SHA1
21552ac90bf0749713bf37065ccce2db6f4ba6a8

SHA256
8e0f52b029d37e4428dacb86b1a5ee5309c4e06c06a62b56c4c09ef6162faafb

SHA512
790246c5c74983033f664685a80ea1f6e890b27ee2b95c3b0deebfd079b4b2ccbdf411939291f6b3c338cc95413bf9ac08b2f5337ce4fefec6353a7828809718

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b981c35b94f61304b7a77c787e13d7d5

SHA1
b48111e758c568a5a4108ff2a0f1d7ea7a7a0a69

SHA256
34d7c834e52645abfb7bad0aeafb81a756856258a08aa6e014db0e170f9f10dc

SHA512
487ca786b2d697c983ac4fa44de8d4b2cbf29e0eeb2765bc5b3ff06be616fb1f36c74d3fd357a0466ee7f045288e2b99c72d5b1f714ae24dbf3be36cdfea4997

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80d055ce40c203b19f5864f448041e95

SHA1
634eb9f665fe4432bd013525915758d666b6c92f

SHA256
7bd44abfc50b7eb88f29a3bcbc19fb9039b08fd1fd4c05bedd01c6b78ef7f21b

SHA512
625b235060252d715b4790e7737321546888f5ca43d3003293624a419f4edffed5b5966793dd2098b4c1b31ecfef273dad5f3c91a3fc8bb634983ca84148a312

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a0f0e9d797c7793418841bef88d50d4

SHA1
5638a8b22258d6bdc94788a2c3b96f21dcb5cb7c

SHA256
315b3d165be0dad062459020c19bfd4c8e7966083201e214b71a8d264b5931fe

SHA512
d1e29cc8fd45153ab847e7eb1941b2d9bf09fdbd56fe712edd97150f9994401150a966e9cf867f4aeb6ef1a443a79154ea400e2d222f48de6a58f2a62582a51f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
572f14b6faedeffb73c522dcf17e217f

SHA1
0d45097f9ad9b1a34063cc92e49c98522bad7f2d

SHA256
b5381ad35dff797bd8618247729599fecca9e707f4ad2a448f13286ee46a83d9

SHA512
59086ac15a0a77b70a9ea17990fb91f626f816b3258bca5da7eac0cff361fc3fac47f361645a79092e1f4ff1b3cfafb198fbbcad710fab0355fd90e932fcc313

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1944e86a243a8f10c693125a7edfb50

SHA1
95a6e86ac484a2b73cb5553dc66de48b6f2e431c

SHA256
ec15b00afa730660432b59ae63cfef581be71393170738dbbb27a5b3372eb904

SHA512
1ae2ec5268aa6da4533857c0dcfff68923d9d3c9b5be6c15d4269118a39c27e83f53710afe10a25fd80490213f9b10e8122217d9c2bfe47d6726d780686f81a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a6180ced7bf5477fdf479afe4f02442

SHA1
3cd7fe9dfaa0120468cace2b133da7cc38be95e7

SHA256
e7846710d069b1ee73d1d42c3f25ef8462455c1a799f141bf8697ef3bf1aeb98

SHA512
4a176920fffc03f2b1006cc734284fe5c3ec5fd15aa0a9d5a0d205a5aa44d7df8b65993a6c2d1d768f4caaf3f3bb2482fc479e2d0cd44b2b871aba168a845367

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE86D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE90E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit