d0ebe07f9a924c46ee702c913c1c78eed91c1fb104b965c7a41ad7d0dfca0e21

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yCttpNGcq6.html
Size

10KB
MD5

67b272639d80ead2d7c20688a7b64f4a
SHA1

540f1017cf750140aa45f395171dcb74838a7b54
SHA256

d0ebe07f9a924c46ee702c913c1c78eed91c1fb104b965c7a41ad7d0dfca0e21
SHA512

8b7a94cca7f9566262eaeeacabba0c15d07637660f22ef9a9b87c3f8f4046a24fcd981d4ad4e53344dfb78513fb3fe5406ddacbdc2da91333d6c5a5d29a64f31
SSDEEP

96:2wJw7wzVe1hzmcpWZvZIZZOfRr8L3ZPRe5mvtgCsXe5oEDZqZQzZJnx/IJ:hOszV8ExK2Rr8tUoVNVYCJnx/0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434999696"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b9600000000020000000000106600000001000020000000520018dfbc72db59de0e03ec9305fc658f14f488df3bbddfcd54314e9d93c8da000000000e80000000020000200000007013aa9652dde09c1af2c212a4306e70415991de5aa228247299ecb71cb7e13b20000000010177d53364911dd58be7f4af651ee67ad6a7654582bf2e9572c655d521e355400000005348ba1edb0ab0728a584e2766d59fa3d3282dda843c7aa883184d5dde2aeedf9e06538f637fd54dc521335ba88c8a9d298ddfbc15dc91eb96325fb71422eb94	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50A69171-8982-11EF-810C-FA6F7B731809} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b96000000000200000000001066000000010000200000007c2310f86f144ada827c32775d2390ff42221bfc194082f70b699383882b6fc2000000000e8000000002000020000000d54d46c8c7944e650b1f548628ab86ce0b1fe13f4bf481a293ac00febcf96b7190000000d74ccb24ffa2b43322807b7693dc76d77801378a12a0f45aecf3ccf59cd0aa5f277a7536f7f113d17f727fb1287161877d83e990ccd490e664af496c752cd08d0c115dd154d15b24a79d0761dd06e683a927ba2b8feb4cb1809f4a4e57b7076fcbe8219f517a9318007be804c41a4743cd17e566f38a8af2b6af97270181413bd3540c74ffea456b402d0681aabe36f24000000092b011270bfec18ac36f753c3aaed91211a08bd92f8f5984b18be0cce795fc20a588bdae3b066196a4553d04456b5305a0f135c0e188b867f3f33e3829a9229f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0fe17258f1ddb01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2320	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2320	iexplore.exe
2320	iexplore.exe
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2284	2320	iexplore.exe	28
PID 2320 wrote to memory of 2284	2320	iexplore.exe	28
PID 2320 wrote to memory of 2284	2320	iexplore.exe	28
PID 2320 wrote to memory of 2284	2320	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\yCttpNGcq6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c8d645de1b897f4c11a9d059153304a

SHA1
fbef6278063e2bfc9ede886365cd4ccd5d6825b6

SHA256
9ef5c5b2ee440c1fc9c6c83c5c71516b629b44ec9e2c5d4da361560bb5a8d751

SHA512
ddb591da73fb11cad51827832f9b9d3f30f044a031d32dd727a879e22b4a2121ce55e389286c1855e8e726bbc1d9115b22f3599fadf428f1f89fbe583b1162de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12746be658ab0a0fa1c8cba6b4fec418

SHA1
45da69c43c3acb4b44f9e56156e7defbe87acec9

SHA256
bc8b0a4f5c384b1f7468c5312bf9555ab9d60293b684444ef2550c30a155df2e

SHA512
82783711b75c61e12f6e9a9ad3b6b8bc425293a9433f1a3e8149746d354e53f8cecebd47af0245a28a087c025cd92566df1d10c31a34ad72d81b6957165db8d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33a2fabd21e606ec8938686651aa2e60

SHA1
5cb3666f2c425384e9916def92326346e6486603

SHA256
b1f10d1141569b17548c6a4e6c39bb3e9306fbc95a0dfc03aee6f6301ead5624

SHA512
bc733820f981ad2e7615c89e20e2295b90e217b2b9de04392ccd41d0e2351a4969937360ddac258f41417e09467780424e8f536f43145173b2863d28a2d20cd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebeb7c82f083238b71292cbc7e417b48

SHA1
2220963e4a6eeee67936e7e66ff29a76811bc984

SHA256
2832427246a745ac04e9935f5f7d7cd307e3caedbf1d020433f5981822ada4fa

SHA512
6f13ffb0b6a41ec9949b4a926ad028588203275b12c36b60e5505ef00c4a193f42a2b66e2172b7bb3fb4b33ef472bf73c2301c0f054c847be0bc33d06f7701c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcea83f2754759f87abb88b7ed34d33a

SHA1
291864189d3fe7b24c445a724968a86bd2f2904c

SHA256
16600db43f41320c2a771127c6e0314f926f532b7d64d11ef82672b6ba25322d

SHA512
99ed948f59864833eebfad4571f63bcedcf591c1a51f0c27a74db72a45d6a8aa9f69818d7fb7b9b1827f7b74319c490d9bb966e952515d22cddaaafa362f8d43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7896415e98521051961bc22d26933d80

SHA1
203d425fd04ff04329afd023363035b71a729f0d

SHA256
69180ec9e31231f5ff7c895b32e68e01147ac1e7a464cb6ebcf04e13c7b1f5ed

SHA512
a19d9b01a3dcbe7a748191df8ebd48394ebc0290be4af102c0a1564078f947ee8b68ddde9974a026068169f3edd4ce1266d8a86f0f11637ae51aa6260b65c77b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97f169f22f9c282677c6588dcd650f38

SHA1
18b85f2ca70012e2daab858ebea5d7527aac5130

SHA256
5281be105867c5d97d3a9024d7c0d753572f90da83864df66fee51b9115c1948

SHA512
31090fb45924b077a4a5926bc7b88113533cda42ba81e34583b80e7413c81c620ffe75715bdaca992346d84bad6fd9fd83454bc7c1f80ec5c60e484c3d36485b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f30648fea16f412802c9c974d245c93e

SHA1
4bf55e35ed9a3de223ac57b361157daf136fe2a6

SHA256
1737a3dd55aa8d06983355175ffe8a2a475027bcf7604592f00bddb9af6da6df

SHA512
2f8b2f9511b701583b77ebeec895a0d64b19b04bf4ecafaffcef6b66e61c8d0e9fd0432d8dbb3375907b0733d7ff4effee4335b82552f4a4497e9d77187ed2d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89e4c592ea13a319757eb116fec62e6a

SHA1
fa3cfd2dca833979b8c5a50144a7d9678222118b

SHA256
5e49f35b39826b32f6ac1f3f88d3802bcb5e1d933f0935c24a0627471332d368

SHA512
aaea6a69279db445bb9b6ee32dae9cc572960976b92aa52913bfb150b761862213b4b875b42df4ffa3c62d064104accbbeb352d4d61cb6d8114c0f47a2c59f7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
223f11eefd3d6bd0911bff0f42f05646

SHA1
44061be44a082f52c8261b23513fde5a913d822b

SHA256
26fa4552082a994c9a58003a0b4a366893b2efe8f1cb5a7895088a380e00144b

SHA512
0011ec7bcc07e344f972a5295379b2d20ce4e334401e33f02d2e4b1647eed39eafcb5adea09b10c1c4932e7c184bb524c94a16c25087dc0a8f236da9a7b55259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
615f8fb412d1c5dc3fa5affcc7f8c014

SHA1
5842065cba95a0575c19cf73f9ac9ab1bf17013f

SHA256
a2f3297d9bf2573c8022685906fd219551935f08b934da4fb15389ae3a7c31af

SHA512
f011a8fdcfdc5497e8f6cfce6cd5d614e78e26b7f5810ec54698ac4644a98deb3813838c8718bd0e2f5075b93e12c03fd7cf57394602c77d2c3679daa0e7f9c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39ff8455b0d99b40c0b131f6200f4f58

SHA1
d54708ae6c9eb5b049aa63caa10decd8e237b3ae

SHA256
50559094a737eb15ff984f824561b19173942febae3f209a42ef50bb4af5a86c

SHA512
e4dbb09f9df4dd665668cdab1355219c1973e192b896dd1685735d54c918fcb0cff799d0794fb52684f1d59d4bcbcc4032a6c27b1d5eb85837ff93abae0ab45b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49edc3c017127553490e1bb3cb7ccbd9

SHA1
10728e0378c0b251f8d0a08564e92d34e47c0fbf

SHA256
f86d3c51e7bd7a54e4c1cd49ba1bc3100aa76cb99ab98c3b6e1fd4badf51a0fa

SHA512
773f4ec851433ab02b2bcefb70f52d3d430dc35edf08e2bfbca1222c88e0ddfba81d3c5bbb7453a11f7011193bcbebcb47f5bb614c797f146d6a5c49853d36fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aba65e15ed58209e03372a6c9ad7189b

SHA1
fbdd121ff7a3672eeab2fe3f49472c235d413229

SHA256
0c1ccbcb736d29a82f176a91eb95f7fcea1bf6d5ed5fe5f2a152fbf3a3b3be3d

SHA512
a2e455786302cc84ba58baf6726547d992ad33f0ae75ca630c25c59ab8b770f9587572bfab8f42384ed8b80f816cb9fc63fbf2a0a7efc66e848df81f9e90fa23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5be19bd887d707adc69d97ff696b20f4

SHA1
9163d4d66d8be276dcc6ddb27a403cbe79c95d9a

SHA256
aa608e770d4610db38d2d7e94b2dc9d7b1abc264853ca31e9bbfaf8b461c1aac

SHA512
3b1b7cabdfebb804c33eaa5f2b269f5627cf9658fb9ca6423bc671b42cc142f66af376690ac02953667009f6d4ea9003275fd9849a0b0ba1c5a78d9c71c4642c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a396cddac430bb20b337fd791f37547

SHA1
6524af7bb1eeeab9e4c410f69c12bf4b97b5873a

SHA256
c5e64ecaaa920575398edfb510e2868da238bfd60fb5055a8035247eefdb2ac6

SHA512
ce0602919af8be2ea70ae766bc12bb9e02e38fc7dcec50c4d4bb260061197e0925984d27f71a2b542c910cca270fdb3b5dad62834d6e7f9f86dde154bfe2be37

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE7F2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE891.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit