19a4a1ad22e9a9ca5c220335da9c6cc8c4160e41bccf056bac2ff98da2438d05

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

88bd3bf5b580416cdf21143fc25f1f7d
SHA1

fa8ac4e5e5bfa2cc817c18c1dae90c1ef3e718e3
SHA256

02806d7e1fd381f19bcff1cb51ded59d8db1dafe99514e5278d2c95aebce94a1
SHA512

1a0507e359079efe90ddd5514b733f415a67084a01843dbe45a34ff26b4da65c6fe320dc97e52791bc17150c625e7ec057c2dc4cd1d01e03d9126d4128e38393
SSDEEP

3072:S1I6LQJVF4EyfkMY+BES09JXAnyrZalI+YQ:S1geJsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433711570"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2AE58A31-7DCB-11EF-837F-E61828AB23DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
612	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
612	iexplore.exe
612	iexplore.exe
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 612 wrote to memory of 2600	612	iexplore.exe	31
PID 612 wrote to memory of 2600	612	iexplore.exe	31
PID 612 wrote to memory of 2600	612	iexplore.exe	31
PID 612 wrote to memory of 2600	612	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:612
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:612 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19eb071cd4863e5f874e6e176b0eefdb

SHA1
017d3626ef9abf4147863ddb997cff3d1b995052

SHA256
2be515b69ff704eec8d429d632cd0568966ec8e6c458f8f5801d356e4dc5c349

SHA512
f9f1a0b409f2830a2a412ba60714b09acb70138d61d236c0f8e71a903612f523fc80643b79fa539992a7f04fe6783250c1e40c057a502e6f77d021a399c528c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2ad69d4aed0f03fdf530e4d6582942e

SHA1
a87e38a2102e8810406907e11e935f9a8e34f5e2

SHA256
e22049f9027a42d76510c8826fe2811adb0a70a63e892ee82151cb95842c35d9

SHA512
39b2b03b712586d4dbe8ab40f04e2fd34aabba5afae8b8fb97af71870685e45e764a669c05390d451747d5fde3d659e432ce6ff56fa416c1a6f40b30bc05e863

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2fedbd1c8415d4cf3c6b594689d4bba

SHA1
a9b75397f2a9faf4483061b6ffcff022eb73b573

SHA256
1a0b41dc7b36fe19d18a7886737a2ba4ff10b2c4ccb399c090a816af578251df

SHA512
244ba8a73c03099406a5f36d9e40c87a90060f63ef100e443960df4eb04fd631a91f80a300cd12e16d1f721ad725c8fe94c376269a8b84c6d6d9e8e1c3088a69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c583cb588c6c92d8e1c0bcdca20beace

SHA1
1474786243b8ff717d1b00c07dbe8a4e5a5859c0

SHA256
58acb9fd3e84b459ac57b9c70ea4498c841b5160f85fcd2110203e055e4d3bd3

SHA512
388b05f79b305242c4608247bef4259afd19c79efa490a20ff3086aa99b9cfd8f93320c781dda858a53744d4f24d505c051ba5933c8b06e8bed29ca654c32ccc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
485c3e4b518124cdc900d97edface6f1

SHA1
b5a1ace052742d691061f49c77cf7688452e909e

SHA256
48987cbdc86e71637c11c7bbbdd8af205609bb50fd3e27437e2e39785c4ed496

SHA512
5d9e901f95c1f6884f7d5c81033967fe5c28d2a274a8cc8a00701b12e7396eeb0a6a8a73ee7e7e467880685180ea6dce18d0a770ada2bd7ad5c91a54ad387901

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e14a05becf8bddd44bb70f5a59925ce

SHA1
107380c026069369395c5d58d84966953f2096a6

SHA256
cf6c9f40a4b563fd8a16451ef54a35e9639231872fe5d891caef6d76af2d8d2d

SHA512
8938e4b2b8dd1c26e1c8a5b594a91b1e2ba70d2cd01fa496f683dd2c8c1af5826e80ada5c3d5e4642a6faef75da9eacad236b2bb49c16e898b0ce4881b9c5f44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d003f97542e0e55f99bd101476c46684

SHA1
1a85724f7e605b84e3fa21189e15d6b1f92fd5c6

SHA256
cb6108c5e84ab2207df690e6819b4b3863cb5c98576bc3a1884b48209f3a54f6

SHA512
2c00194d42389ffbcae4f57ffbb69121a1fe4738a8d046340e6018b3be4348c609afd33d778d03871acef0d950e2416639870204d1e9356f1ba2d2ab4845fc8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c862f4ea5fb7177f2a4d36cdfb881904

SHA1
0bd6a7e7fd044515d3f75da618d874410ec33b9f

SHA256
e6b6af395681b950d72c8c55ac7e306a97121238ed3232395ec624ab059dbc96

SHA512
57d94bb69c3eecaf42e44a27f2caa686a67fcb29e6870a40cd55147d63d69d4ddaad9b7985ec5a609d70f5e3fed11082ff08d63c0c0525ffb8020fc28412c760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52ae3d0cc8ba5f79fa5c8cb51db9c580

SHA1
d3a06ffe7dc3517b5a1791c591e2d5147860a463

SHA256
531e9f41f512b918ed9ffc5dbb02249633fd72517baac557f8ea62c18a2b77b8

SHA512
faf4a67035ab01fdb0668eddc515ba1ceecbaa50e6960f5fb116f920a6d9336d1a401cfd797b184567db7710cbd9501d40da218290b23608472794ee1cfe94cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85a675a7a186f2b6c6e5820e9e85fd52

SHA1
4d0eeff405614183a96673dd160edeed0498a990

SHA256
6dbf5c9060a9ad8281045b1facfd2b776e233df95f15057a23ba4fbe54ae44da

SHA512
c8bb0072d059942aebdf756ddf4df3a070226793cd4e72ffc9e0dd054701a39e9024111af784b348ad2831a7bbf22d2de5759d8426f2c32bd5760d367df236ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38568829c190ac7f472e67728499600c

SHA1
0dd62d2ad8b8f29aef47c5d6469af3d752a7a53e

SHA256
ffe21b452a3e339cf533043948a1d1f4ed11549a808816aca432d3b9c3c17b2b

SHA512
923794ab056ad4bcf825f4cb8c4b07fdd24f13ed3d491ed0fbf05891b63d96d9c82271003cef71e29f69d0b97fd5d93714fc4b336bea01c10eebd3b87137eca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c21254e432ff3da7032297b3ac7d759

SHA1
5503d284fe579612824275665c3e571316d886c1

SHA256
6a766f74a255125d2dbad89a8ffef10a5d605ef9a7ea456d10b2242ff145ec6f

SHA512
f7e03e1318b64a65aca417b9c46194450d23ebe8d0ad5b4612cb66daa2f3d52f818647a907dbc2fbf9ea3d9e09667b3179bb8176e5e618696fe0b12eed130f09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
545e790286cf923f1bbd2c76ac6e610d

SHA1
a0b524777bb1fecab95e955b1f686f8b9f6a9e5f

SHA256
22b0f748476a52fbe5c93171cb0f425ed56d98a6ab07bea7483f34800724c18c

SHA512
2dae794ce834c67db14f48283d7cc164fb6bd8a3ef83b352772d78add95fa97abc5d887b0db3ddc080591a661098f645d10ecdce109983de1b258f05bc446e87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb062fbccd97715ebe0426234620cef5

SHA1
7c01cab30fea09df657f898357b50eb3b01452c2

SHA256
a4b8208969b668efc26bf9bf2fc894d142fa421f2115d8003382005c7b41799f

SHA512
8a28f776b573fd908f9bda231506e5ca2ecb33844671ff8b5189fd24532a3e34748d4abe6f3061852d769aba9ab4f54f52a6a4c264e794282d8c387381abd3c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1f6f9810c91541ec556a3d15a6bf23c

SHA1
7dd2f5921b1a3668d5c2f3157dac18216957b31e

SHA256
90e51269b0c35182a626aac8e393357f4fa264c2d1327f727e3ffaa5cb1e6785

SHA512
9d96685db27e78204685743512381524b166b7324f278ab9b7fedcdc955984bd5529d08d01f6a8e87292b2b6eec64090c0cbb03d288f243b1c4cc11ddb39a72d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0568c8c689a305161a03ee53ee84a03d

SHA1
29a73e54525dbc59a99c43b5c4e265c4f44ec0ba

SHA256
ed8defed88e8a8aabf641afa31c6b53dce4d49494276f237b3322fd07e09d498

SHA512
1b4f0343f17052bab5bbc26fe9e549e09fb9a114f58722e742c428d7975d0ba16240b157db3ad63014a35313b59abe8bee39c55f07e9e63edf5f6f61b46eda1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da1b535756a8be0890766cf168e449dc

SHA1
e8d21788fce8d4af1b2b37db457f0eda03617efc

SHA256
27cd53e29068e56b0c2dde4a169a0d8cdbc22ff8652d33af1e210f67e7d069d7

SHA512
ac6553ef36f8d6f7085110c6a52d5668828bbfcd98ea40ce1c4843c17940ab2e7daa8cf7e568408035e45f1ed1b6eaa217684b17c921f93547c62845fad50e9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a03332d34dd0b5fe89340831595f6338

SHA1
80784ff77e0733b4b746bf21fa011b22a8b3c875

SHA256
01625068066384da757bbb0e6024963ce4b3834c0467fb55458c73b0340c041d

SHA512
f82cc061760bcc52e5cf46123930e50cd1e1e0bb7e8c7efeaa27164ebda818369efdce27bef22f559eecd16389647c639ebf4af414b16849ea775109d509dc29

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE83F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE89F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit