Analysis
-
max time kernel
136s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28-09-2024 02:02
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240802-en
General
-
Target
sample.html
-
Size
220KB
-
MD5
a68501a2ee34f26d87e7b3a827632d09
-
SHA1
819112b1c9047154ff500719d2f10c307cb6831b
-
SHA256
32048f1a1e97dee0382a8cd7af6293341b804f4726e7c2f918b6e0be5a873b8d
-
SHA512
544fa41d15a7cfd875343df15ecccd08ba2abfdcf602a38e9c35b156a0c690596819c8e343007ee97e193b14e25300de00f37d1b00097398719dc5a5f277e57b
-
SSDEEP
3072:SeCl6tl80QDdyfkMY+BES09JXAnyrZalI+YQ:SerK0sMYod+X3oI+YQ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433650793" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A98AAED1-7D3D-11EF-856C-4E0B11BE40FD} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2988 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2988 iexplore.exe 2988 iexplore.exe 2088 IEXPLORE.EXE 2088 IEXPLORE.EXE 2088 IEXPLORE.EXE 2088 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2988 wrote to memory of 2088 2988 iexplore.exe 30 PID 2988 wrote to memory of 2088 2988 iexplore.exe 30 PID 2988 wrote to memory of 2088 2988 iexplore.exe 30 PID 2988 wrote to memory of 2088 2988 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2088
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e2b5ab94ec6270d26708e07395d84ada
SHA1c3aaf5d9f32ddc05ce7d15e29e63b1b6f8dcdd8b
SHA2563117345035b5a351fc85d1eaeafe650431652883d4240e93c9555efb6b19a980
SHA512070a609f40a3d3f8eceb21d229d9213d21202e1ee95cbb53bedfd4f67f9178cae2506037ab43eac70809a34a5f7a2e9bfa880be0fe0efe09d4bc98b4e1856cee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6b242feee4edb08faa0e686d64a4eb6
SHA15a903d9992f2a57169f939083c331b81773de575
SHA2564272aad732456491dd32344fc7e56e280a74d24f717e74a643be7bc8ea77cd43
SHA512c3646d2ffd4ff285a06285d6eeb66b5cfcb266fd3a31932d51b0c8a6fdc1211c2481dd4feb2ce5587bc9379c7f2e615352dccf91b52447d358729f93d6a1b667
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c692c22168ed0dfe513f25afbefeaab9
SHA175c464390c158ff2068df22866a7384e8e596d7a
SHA256a530e08be489212e3f9e37a93dc62392c5f8ac19842f3ac3dc0775748d3ea61d
SHA51226fcb348430c0d848a413d54c7ac90386f826aa21460b58ac091a0a3e69ea3d9e5fa43af122142c5b4c30df06019cd12bb0d8ba30021985cdf0bd4c928bb1061
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb2e25cce956731f065e77ad1c08d58d
SHA17adc7c1cb7e88da1487514202671b29a8a249b5a
SHA2562e50676c4931ba5a343c3d31237a6d05ee318907840063e487c7f48b1ee23df8
SHA5126804cc34b971f2f16a622c36ecd39996d72124885fda658733343b77df658c1a92b106ccc78868f4d123308a1e3d69631c74f5c68b6b547827432dd887176ee3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5148a6298bf74727b73ecb112bf84193b
SHA13434f11e3cc3b466006765b1b94f4b89047d6c1c
SHA25662cbf0d1ddf8b9aacbec2c58da72d46bbd843465750f5463a44dfb6b86648fee
SHA5127f577395703fba1104cc215ebefaacd2552571bbd52c014a9a77c00dc001951df5c1d4e9a9049b70455e8b1c53a0fa4bbdec58762132908d976541cde2a52c07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab86433a8ed228f20a80245dba6b6815
SHA1b6b9bb0d28c8d096dbd7eca4c5fabcc7f56f23c2
SHA2567b4f7ffcf9fcd4910c1362164bb3387956e7062630d94c392597a9528f0492bc
SHA5123f94f45bfd0826c8e82bf88a6fe9c518da18f5a2e67ab76d67d3c709264824894c459980901192e9acf0419c91b45def08e437d610ea1271ede1e1eb6acf7134
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b01a3aff118cee5ef0fa298915ecc838
SHA1a06c11440908a2cfceb01f182cbdbf88547d3d98
SHA256635684acdf0f8d0a068f51ecf25d53e083e5f75420a02bdae456686d629158e6
SHA51269c551ec17554f19088db46ddb05e34bb8962c24663655a3c712db785c6bb5531770cedf7362ab7283786de366a36c800a13307a47362d2b2ddd580b82d8019c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51743b42617bdf4aa8ace1c13b54daa99
SHA1e640acc0ca86a6f426eedd58c864171a3660e191
SHA256e5ebe680d20d185b3705236f76dd63f4454731f04eecf99d5ea59d52f173c28d
SHA5125e03f649d448ea1354f3c9b9d8c09a7f0d8b2e8ed72319e4e179590ce0c4a85b874a37d4a960d2138bad96a4321dcad1e8054a98f72c599b5b64f45263c7a317
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d41641a6087934063ab4c34bb2750f2a
SHA111acd24efe044429c56f1d20bbc0e9f0d4a387bf
SHA2562f983f177d16e30715addb569ccb7699110f77358fb86da92a1e7300f2d59a02
SHA512fdf66d3c4b012aaf6f77f78c6b6200a71910c1e3feceda2958f0a4a79eb22adb18d46c5616d7a0251c26f0a1b87346b188319b47edb68462a0ef29b66b034306
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530ea266a10041c59f5b96d08eade39e3
SHA1198a1b4b59a5b1ad322af2693526d7734135d764
SHA256df58c4f36311d15763414379cb1cbfb533879d382d73270d27271247c149c10e
SHA512e0b45a16fe5a0f3cc9e4f10361846aafcdef984fa0214c496b65edb0d16054df6c5bd87fc620fced7c1a6bc6826efab2ffab0f60c12dfc41c7e89426c235a7b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e9e31197bc93912fa9b0e5bd996df9b1
SHA10d68c12f8354a1e8fef15abc449b4f5444c5132f
SHA2569517e72dd50516595a329f23a74c952081095c7802e06865fe36e4da5a14c1f9
SHA512720ae0e625754d2ffb5ee96f633081d63b2e0199295616830f5260719e20fd34e663eb515325e272c3b08c47ebd65aaa95458c5846bf4081a3db85488880cce0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e649c2ce17602d1565bb0d2dbc702b2
SHA1c9857c8ec26a72147af9e53731ed57d172510983
SHA256a4ad9ba5e3a71fd9483bb4530b5f10a69ce400364c1c6a762e782a1df046ebc2
SHA51255066f517879803b62c67331935f24e888f698809def23c1d8557f0efb08a0edb606e21e8ab8098e47b0dcb761083f80d7296c4e7a26538469e53c5475d62aa6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3015d719b3c211bd4211415a7c42e75
SHA15552aabadc08272df6cd7f15e101dff38ceb268e
SHA256bd015d197013b4058e9da2318b1d89cc8b892b748f14b9ca890f51b4d7e52a6a
SHA512e5227e93d42ba5e3624a160b17abe41ba5ae57a59fc2636f34085a8ab94fcf86fe7554aa7d5939ea7e9eacbdc39a6d4c61627848239a4277afab834b3afb8f8e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b234c1d47744432a09f25af8f38f9c5
SHA1b998a393bb1949df94b46707533b4ae3d4496388
SHA25675be9eb37d5ecae64228a66f3639f3c55895e9ed3452ff1f18e16d505a50304d
SHA51283c348f4fd9262c3801d9c139be89db7f11dbe819d80b5366976472730f7cafc0738e94d4956994ece31f69dfbc0f93fc7788044f86f1f6432b1cb54640cf02f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d90395fbcc574df711696ede7022ef4
SHA154879ce451cf9a98836a5acb40838d0e4ba816da
SHA2560bdfd29fedea523e590d3f17a4175cd71be0e91a8f3ad9e3675fea9974451874
SHA5127e0ceca00a0c2aacada8b5d168b535b0bdb29734c4c5eaa90a50f8ba5ef87217ea341fad2e4edb2547d4d250e76c7095a2b1738d4cc6051ef033853520204d88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51833c41cac6dc564f1ef9e7d208249c6
SHA1e283e473cc482007d1edce3621bb7a45fcdbf5fe
SHA25662e9bb4ae9316317142ffac83bd4461086e12461999712c62248b6d0b01d121b
SHA5129b319e9321a67882b938d57a595c6eafa40d40095d97c5418f5308974cd5adf235cb04aa0c49ba7e743c70ad11abdb6e4e62664f3e8e7a427b2334e1837ebb84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb7e084efc070870126af0e8b5ac8637
SHA16f75f5c370e7b89f08037e9e29c018d1bc917d88
SHA2563f65e569517de7cef771334b335e492006e08c18ac660f3382015c6070ade02d
SHA512fed7c2eb2ffc74998fa24b0d1e3942759ad1285a04947d0ed48ef605529260b57794a51270c924b0888bd26c28c233215ba074164c9c13231a7b4ace78a1b553
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e911d549ded9460f663801253bcf0cc9
SHA1457013eb25229443d108c8f5b420501a6c9adf56
SHA25634b9c593c5e858cd424bd255a2dbd48512a48c43f1f9ae75a169fba83e6c489a
SHA51211bfc79b27643f68c41f7767f51ad1667cbad5fd4bc9fecc3b7cba708f95ba7918d03ed5be9659f29429265e6016b4b0b7d0cf06118288b0fe8f5a2bf5e2b25a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5470f402efaa5cc0daff796563a635194
SHA1dc8af0d4f15a049dc7b6857255bd7b675c1284fa
SHA256eb3957073df9fd916394d860abe3faaebc29415fa045ff0c01fd15d8cd4fac17
SHA51235f20eb946e27b012568139eb20d6a934b527730a4c66449e872079acf763160ac4c8f7d2131687283456895acc51b466c44ee89f1daf7ad4d7339643074ed86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f61a240e21c5549f4f39eb47e0333079
SHA1edbda05a0ffe4ad11acd4d0c602ee063f86b433a
SHA256d0e876f579e9c1fe48717c12b87d2e7baae20bfb9897c0a4b91e5a491711f75f
SHA512f620c760ef664862f2eb66d4bccb9c15025cd47fbbd928de8707ea9ca2ed826ff93e28ec7f3570d50743b1aaccf1bb9f19a484903364a1505efdbc4a1dcbc048
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b