9936159ee6b4add95f9dc7b32a4055599e67de2d6c0e2e9a53666926d70d3546

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 22:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

220KB
MD5

41c87ba74aeb34f853298312c5d64599
SHA1

9979938fac003fb1c0ccc4380a9ba86d07591d46
SHA256

0691445171d85bebc9e2dbfc67a743accf07c715c1e8944914e8e12c0a6a3a64
SHA512

37af7377c2c33be583852d77c6ee1c192886950d7f9efb8574ebd1aae48ecc3b91a05dbbea836633f56c11d022e02be2d9fac4d2a11b868e8d40672798160aab
SSDEEP

3072:SAp1rvbsJG/w1gyfkMY+BES09JXAnyrZalI+YQ:SAzEjsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433725065"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{971EF371-7DEA-11EF-A76B-E67A421F41DB} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2544	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2544	iexplore.exe
2544	iexplore.exe
2352	IEXPLORE.EXE
2352	IEXPLORE.EXE
2352	IEXPLORE.EXE
2352	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2352	2544	iexplore.exe	31
PID 2544 wrote to memory of 2352	2544	iexplore.exe	31
PID 2544 wrote to memory of 2352	2544	iexplore.exe	31
PID 2544 wrote to memory of 2352	2544	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2544 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7ac74997f78f64f8d27c50c494c5edd

SHA1
a412c10b65b76d93a1ca2a2aafef3b80b8f71c8b

SHA256
050a15c97e123fa8369af9c20f39974a7016f897221c5bbddf915301530100df

SHA512
bc7e186d88bfe024e27b9b406acef6a0b4ba95c0a1e0f5a06c40c66ca3dc45e0e8c2a5a0624efd94ddfc673b32043715fdbcbaa3907aad2df371d78c48261ce8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4554d7a4a84dfa1eca615916a442c92d

SHA1
d7acb4c8c190ead0843adff5ad126b37c22e4b39

SHA256
60547e62df2359403503044a990f043d5c7e50747fe1c8cbdb0f37354cf3b5c4

SHA512
faf7b7faceeaa4731b446d8d97e14f5a4cb9ab613977286e782c2456df3ef7df7b3dd57017ef7f1379a9395193858289f2a89b823898eae8035d6dd5d743761c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6de5f7c75adb745979be997bc3b79f13

SHA1
f17479deaca688d948aa4f68ed61df5804fe9d6e

SHA256
4521cbaf33862f8adc18a479ec451869e9cb664d365770063cfb7e72062d74bd

SHA512
dadf36e125429d57ede1a69c03f4eba3ea771a8c3d1af2bca6388c6d08b266d62b1dbf4ba9ad42e47d096cb02320916efe01036246ba4d5b0c08e23f2995f278

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f13aea910a24889613115b0053765274

SHA1
401988ad6405d63ddfd3d09405fda05c34b488f9

SHA256
0bc46323acb5ece2d69528f772c65e53b93dd4c65243c0383398647d3ac7dcbb

SHA512
80039d3413d1d347a3d422afa444df6ff7ecac6863bcf1e72c057f4fa4571500eb314da1b9f5ce5611b4e57bbc23691a8c3899c403018f5fac0f7f63e4e17137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca375ca0dc73696bb75a53dbbfc044e1

SHA1
01b52508bdcf20ce4905487dd7d7c3048ff4eaeb

SHA256
a26d499e4d8bcb2812125cfd04c37310a6bb87ba64bd5b61956134468855d101

SHA512
8d9694d38829af1dd6a6cc25fe2ac208c4ae94faef9fe7c00268c275a35a7629afc6bdd61de0e7764e409f702bcda4454fcf44c084ec77e50e377a820e82c8e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f76e2d0c84c1dc4c6bc8310d01d8c606

SHA1
53149275d16a3e9cfd46e32b2a756d7be720a618

SHA256
29f5a9df2285a900d6eb2b3d83f7ad36e0404210aa64f4b877cde042cee1037f

SHA512
dab6fa0c18b6d9b76141bae3dcd8f8949f45b51eb10a45f1dd28ea3845921e8c4c7cf234bb4ff96db973db498dd94967de94d0cf15a364888b83dfda97bedd2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
854341f5999bbcfe073edb33d36de704

SHA1
8a1e6542fa040a8a25a1eb738e9ff1f184e1b258

SHA256
117856d4d52bc68b1785beb6250a720875c9403c713cb8c3ffeeb72e552efe20

SHA512
338ab82be29b849f145300edc5c1bb746d0d2d33e14802bd7741c588ad48ad8d0a0d395a844a0730b50385afc6f4b98ea4b25bf1a4b776eae11102df0de696e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
436a2f35ab481403b528dca692f606a3

SHA1
842b6a15625ed0cc9c53488c3c8b6b92e68f128d

SHA256
e0086d31a5b12f6b9438a87f79f9fe508a9b767837e8719a77f6e1e001a0a16f

SHA512
e8a41b9215ef43325001fb928a8b98b53636ffbd260d6fb6bd17c5258b6cf21bea368cab748b17e3fde65ed6be5dcdf1924e78b5fdcc802819a59505677131eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee28c063a7c53504ca5a6e49d66ba744

SHA1
934ce96c03f2425f6e2a338182100ec2114d3585

SHA256
d05784257c4273103095b27c125dc28164b0cbfea938f144eea0bdbe13984445

SHA512
61c6eeef202c8cfba391bfb2c0e970b90b1d473d0ee55246e323b71c6cd1e8c8659d33de79a308e79f4e9567d72e0a856377231f77e0751f0e4c811168e0829d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
477ed0a3fa54e673473cbc9b32c7789e

SHA1
b47625cf8effb151602369517632381343f63d94

SHA256
03305ab33291995027f4537cbb1564cd7046e97cfd2166b63b09f519b4846cf5

SHA512
d4682f505715ca0dfe8122043e9ef8eb3dd24a9da6a9e7bf596f486f7d54e577f119fe249e5185324d65899a7989f3529a5b4ad516bf437cfa83a669a7e7d3c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2fb8def1bcca67a0199e8fe62b4ef6f

SHA1
0a2adb186bf86ffdaef7210bdcc931d7924fa3ca

SHA256
8e596ab259e8f70491a6b5ba097a17fc1fa604742a96c03a769ba502555a1db2

SHA512
153fc0a46915a05a1956e166ca90e19f1dc3d260ba80fd0ee6796a97e9b77eb2bb2f8d969d5c42f34f0bce7b36d92b1cc0b4753fd254a290f733286c85cf33a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48bc6017f967283d8896fcc13da380bf

SHA1
28d48ee1696eccece3b2a6ab8c507988d397c504

SHA256
92e098b81f35c692c4309fb47eeb916223a715a8a817c1c42f8440984327fd0f

SHA512
e9b13dbff553050011f6b34af6768af3fba300ac7a7a392e5b37031c098a3070537c60b3a22e981e703aad5ac3dd6ad88dd0855f5ea92dc6087680945f45d627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e42762d067db5cfab8c7a6aa7012453c

SHA1
e69c6b43158c5a17492d2c8cff1bef70b6742030

SHA256
b2cd2afd97d348405595feaaea559799c0af6c4253b460d04027aff549d22529

SHA512
d21b333fd12426625befa4c764aa20889598aca2eb4445ccacf266dd3c0665a9841daa46aaab83d285c54a41a1b28b5ffccea8cdfb7b673db4301d3c993f0406

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bddfe6b4d1dc0c1dae806bbab4bc37f6

SHA1
e0298a8f24042bee7db63b8059b7681029aeb69a

SHA256
e6b192c202152becdd8881886bae395c998e98d93417557967e55c882e11979c

SHA512
e0e5421f91e5b30ec7e3cf91de3e053737915193f3d63f78c674f1eb550eb9abf2f7a928269747b79461c7091c20440a337fa7d052d4b7cdaa3cb5053642df03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d9d5aaa5e94a4e8c89ae6d078d8aa25

SHA1
0707647bb3f023aefd5964a79dbc084d41ffa9a3

SHA256
b4313636cf652cd9cbb31901b124ec8ee6acdca610e47440ba946db38ff948b0

SHA512
0780d10f37a5d4e8530fe9ec6a840c96b234d10b222cac3f24e1b74fddeceb153c70584c27b3711018af2aebdffefef7ce31ee47b3c031b660e941608631ede4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c465b9f2034ef1f351add803246ba4f7

SHA1
c308dda319fa05f120224e0dda26f18a14808c73

SHA256
5da2f804a1536d22d08ed5459b3393c156be79ca588504e6750e0976bc29f7c2

SHA512
eb2c700fe9e4e13b9eeaf43295c520209962160b368198d832660180079b539e9c3a8b8f8b9350c0dbe9454303dc3e6458918b6f50ad524f539e8bbfda68321b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39adc81a255831d34a7c9bfe2bcd978e

SHA1
b9c7be2826fe18c5ce65be6b7692f93ded0463eb

SHA256
936a6554061be64e09b26156d2a4987405a0422b6f2ceeed73d5de9bc4c06cb0

SHA512
ef61dae5242305cb94d65bf1b66045cc52f92b36f6af62a820d97e26c2091b7b526b26630ac7662fb20567d612c121df2bdf508c691de0f77d1600d878a1239e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
307529966c4fbb8d31baef3951343d00

SHA1
f4c1b0b7d81ad59f3822f6b91724cf3348cb750c

SHA256
26bfee0caf728fdf9f5979d77a484c004a0ce2379defba0a9801f7afc67cb505

SHA512
45e499d023b5c44c167919855a0fd79f99336c8f0c6379f90633bfc32af34cca450672326bd301031ff37b30141921403630c981d2942c9691985f673431459d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39600ac5afd54ccf3aa69afea2fea93b

SHA1
d16e895fcac813106dc7c020f1429fed341c9069

SHA256
b8aa3fb4f97fccbfe5a28e778a7613816de7ccdcbae6f8a596443dd4492f855a

SHA512
2c8a32243f8a4a4f98d77094172b9ef959ae30bd181e441f29bfb869cd2e6e11d5aabef59619b6c50c510235bd18859dbc39d3a8382646fe36da9d8b3a1ea655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1834ee4826d2343f039f2d2c69d7ccdd

SHA1
1bb208b674406b13185d9ffd9d83b8a4b787b39d

SHA256
8ae2f946f144352beb0fb76b7b128db5d4ba75bc758054f011d0ad39c25a6bc3

SHA512
6231df8d575b39a944d137c49c9e91aef346928d08252b1c0c5ceaaaf262d166eade65f1829fd6e5701c2d33d8cfdee558de110f0c3f058d049c93988d6bcfa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE1BA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE20D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit