1d8c1825c413db296e4f37467da87f52e20aede9cf7490c47c15177e95c743fd

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-10-2024 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hjd7WQ3n.html
Size

257B
MD5

ad0f719dda302baed4b5e7573c1be082
SHA1

5342ca757ea26a08e2a512dc018c436ba04772cf
SHA256

51dea6c0abcc559ac3f851ed70fea513c66704f45b865ee62bd0843b737b6a98
SHA512

b6cdc50f1fe2e3185a8bfe61626f2ddb857c51acc4552edcc10b934c851b0c923ccfe972d8b577a13649bff0780d03aba94c0f59784fa2cd1b7452ca6edfeaf0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015aaff0081be304c82866b7510d8e98a00000000020000000000106600000001000020000000a111a8e4a43c421a541f8dc8a56b976efb242fae096f73405db74ffa652a656d000000000e80000000020000200000000e7cf44914ef4bfe702b7d234656b57e94408f43ca187384984f9f61d39ab10190000000089192132e11ebc0720c7b326da282663f4461e300f0520b03d28f9fe05bf2c474034951e7234c83c46ca8382a962bbf1c12d4b8055c3569ee38bdd9455cc33721d489a786716d0d0782fcea72a883f54af42cc6a682e79f972c0e5dfb8bcc17a7f60d966f7e75772f07968f0e2c322464c9a18e78110efe68368193c410bc92a1775021a7bd69d087094ce6021129da400000005a13c20ef7063647f9337c52eee80275e587d275ee071bf8eb7db5913aaa7ffa8bb217c66a17aaadf72c05484772eb2e3ce80c04b79a1bfcc47a56170e2ea1f2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015aaff0081be304c82866b7510d8e98a00000000020000000000106600000001000020000000ea5426b0f058e701d36c6977a79a7a753e5104a1da211b0beb939e1a63b7b95d000000000e80000000020000200000006bbbc5da85d79e4a3eaa41da2a088e6626bd6326cd0133bba6092f5ac95db18a20000000ffda44bcc7746711212ac6b9191d65144a6096f6df0789218f12103893e151b740000000a543f592b9843885d1af053f2613cf85ddf2e3a6c113a812f6668c8f07895ca02885d9fe3e1d48515d2a7c26f44886ef7b09177371a7e31e6f961d829276d8e5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{47BF0721-8736-11EF-9D33-D6FE44FD4752} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434747135"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c05a211f431bdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2364	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2364	iexplore.exe
2364	iexplore.exe
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2764	2364	iexplore.exe	30
PID 2364 wrote to memory of 2764	2364	iexplore.exe	30
PID 2364 wrote to memory of 2764	2364	iexplore.exe	30
PID 2364 wrote to memory of 2764	2364	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Hjd7WQ3n.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ac69501882024a3f52320074440a869

SHA1
41551e9236f1ff8be545f38ad0367e10f7d74d85

SHA256
48bcbec1e92a43c46f58a906e2f0bc785689110a7b48da1efe078f0f0058dfff

SHA512
a72d072e5d62c2fe787de7b848d53775edc254e28f7389dd22f1c2a3fd22160c139debb576d4329cfb3f6e64f04a805441654d44abb54ca1021ee09a4f7d5ce4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9b357e80efbaa9159b67b0a1dd913e9

SHA1
5d98f7f869c92596bba1eda6752d89c9b5753daa

SHA256
1015b9589285fab09b9b14d005e5b6c3d2c5252df18872830397a1dada210db7

SHA512
adc0e2784b186d68c6fa8ec120bf4da7e001892c3bd18ee618de1f75e47d8015c81291257a8996dd4bf90c9ef25fdfb62e9a3a7614e9a2a9d94412fec75d27b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d22d03577bd2e9e6300b45083a8ecda5

SHA1
762283d0c2d0ef8725fa25f1b9a8c35f6f984fe5

SHA256
547f2adbea22b6119574d576dfe3dc04e3e5729afa50d1ea0996907b3c093c7f

SHA512
68bbd1c0c68313e81b29999e3401dba56bb0d7e27788a08698e99ea648148893ad38159df2071a10d8f1510511038de33e05d8189d006a1d81695e08ede05405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1c03b6c0f4b67318fe3571459617f1e

SHA1
01b9b38303fd86ad240a700d0bf09061e0dd8cb6

SHA256
d7dbf732dc9881bc12e79e840d161e81fb4662a2a018e690204dbebc3073fd7a

SHA512
3f0bb7427ffa4021bf28d83fad41b97e621cfa09abe8af0dee3cbf50ece3abc6cc3fde8dd6d60e9a55909b399dea50a753c89f772bb15dbd2a384844e5a3a5e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72a9494402be65b6930506edc7b1dd04

SHA1
f7239c02f72065866a31e1cda7bf67e57bfb2d44

SHA256
9f85ecb081f907a2f683cc790e37e9fe65a0d8294f42abc21879eaee3da4aefc

SHA512
487e05a54c01682b510db3666f15d57085e649aab19a38fe38c7debba16209189ad7201e172cfe8c4de1fd6bf17a9f26c5304b288954de5c1a3c3c05833cb6e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f6f0b2b03a44d9cd016b2901b332428

SHA1
11efbc2fd5168f53ace340c320235984d287df64

SHA256
8facf752ebad3a52aae852db2cc07b4b28dd4de74028e8d2746a6d2d2706dc7e

SHA512
0c244c224a1bf3dba23df52bbe91315c860bbb72428e4008aea45d8b0e29e6892b4b287b937d4bc84c0dc536d6116695c6653e5bf70fa3fdd4086040fe2c3521

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a154a31a4044210b5561de21734783c8

SHA1
3a6d56e4fe73a1435bf179657c1742b4600c1b19

SHA256
fccb601cb094ba03e21210fa892fd76d03120a0da02de70221a567befdd91d5f

SHA512
1b1573ab32b9490abb751f5171db67074dd1fd281927eae7eef360a61b196a8bb739769f9e0fed6df8760ff8db4be61715730766016ab1bce3c1a8bb053c60f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09bf6c331fc2997a30d739f097e42000

SHA1
34c06dddf9b56ad38a0de94a4946e66e03430c60

SHA256
1ccefa4afd3fa6ed302a25b8d70991ea6bd7141b6f6ade18f053269623831e2f

SHA512
f23f85f7adbb6bff4c32975aeaad804c953ca510785554179ab50415925f60c5248d9cb4d41ef0af7de4b3db946df84b6c0d004f3d7b7b882d4488ee444bf6cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a63a0955d9aaafb16278da75596ab30

SHA1
e6799bc5dd466ccbd7c0d60f1a7b8ead5ebfae35

SHA256
d04c7772585dfad0007ccda1f7d0b852189f06e2ac5b578303473a3b356b2931

SHA512
b6bf32803eea0deb7d16bfb3e78a91aff2ecc4604181170b968c88185b9d4967b9d0fc429189676a2385d784d9345b1436c0365e1f26b5148157151b50822a74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3cbf29d546f19fdfff6da070f5e0282

SHA1
a69fa8d7508f756fb713d94e5f8a6d934b946d3a

SHA256
ba4c1daba53ab9dbf80a86dca5b920498708b53ed7536fc8a7cf6579a1b24783

SHA512
2caf9ef5d00886226cd090032300d33be4a840470330e293c41abbf03149e4acf3f2e5682a33f4f84933379c58eac09d4cc7334eb97414bfa3624b335380866d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a1d609c41f6f182f8ac2d20514c1f9b

SHA1
225b5fb04e94ab564485467ba7feb1b8bf11759c

SHA256
79a3d8e742eb7f8723bc64f44e4a3f0122f0d8ec3e01ae4318139c05e8b93681

SHA512
cfc3c8028f42a36193797307564a8f4cb399b8135b207b303441441e7ef2f9b2f47cf057a42629a39826013b61053e43f91b432239aca9de0f898f62650dd7a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17d9aa0e73dfef9bb7881248b766dc58

SHA1
1e069b794148ed3f49df1e4b9e9313b8328ec08d

SHA256
dcdc8e6416593559f608823a6a6944b7343e942b1d8c04d8938cad0fcec72b5d

SHA512
9e197f32f9180d919ee2a68bcecdbf04e2765578ab42365c9024b8e5a72287227c0956baa4bd793bea0ad40893754da0120c1612acda4292a71503e65ba398de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be24bc038bcb533b5ffca6eee8ae676a

SHA1
ad834ed95915c2659e8d7a4450c533648352d939

SHA256
e74df84e5b8d704c5e1cc10fa7d578a22a2117d563b9aa657a1be434d4e50a67

SHA512
07651321861f69e4a8f3f4b28e461436d5884fe9501c249487e270d87ca7e9d46c30a0f11f929590d273804ab5aa5cc4a3ee13922ef19b1fef775669f7a2c4f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed867b9d19e188ef798f5935ef1de2e5

SHA1
d5c6fc6718cace79fa480cbfb0b8e3f50a0dde7d

SHA256
9c9ee131e16fb887bb770d5adfb4408f31c6eb63abbab49eb579df302aea3257

SHA512
15056dabbc70a4ef2a06cda82c5732bd44c5f812aad1abcf9434ed34f5b7e967bd7495ae119b6e5560e62295d7dba57fd380b49b736a3588ed4781617a192b35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab5c8b43f94f98f352df904b90c74b52

SHA1
536cc43be506363e62e9c275bb59ff2c8f3460cd

SHA256
77c0f41e014d006452c03d28d43da12add3b8478827b6f9039a6c0113885a35f

SHA512
2e145ef813d94bfc9d6797d19fe18f846a517a5cd5da76b857a8b9f91916aeeaf174b0093bebb89333e66e80e164aa2070ca39a9cac86de04825e3a874080f78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2282a9f5500de6d8c6f5b45a1c2fb98

SHA1
4da363144a3f99d6ceaeb2b75c4c5fe62cf0af45

SHA256
f192fa9d50b38aba300b5361d97bfe05d6a38f04f350b6ada1dcda79f8fa80cf

SHA512
e21029c90b6f7a8f11270bb186225f46d137a90435d5203fc752734428a948b9b14123fe2b8b840083fb92fb7f1ce2493a6641196c150098d60070c14b6e761d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e9fc2c165e0fa99bef0656a82c47659

SHA1
55d9816c0fbad0a9f8441327d35d480be40efa29

SHA256
e6a03993aae0e8092dd6973e8c7ed15632cdb7f222240512266834075c6506f9

SHA512
46614dda5047825ba456c70f6ce8fef3947084c1a42aede909787b089e2a7a6865fe12ddbe7a2e6754500ba5b8162dd2258859dba753cdfc996dd77eecf68268

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8192.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8231.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit