2ab315537510fc91d73825d0d6661e9f4b141799877e2f5159892886265f362e

Analysis

max time kernel
9s
max time network
15s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

1005B
MD5

fd879317e803d0d934db5bcc5ff8fcc8
SHA1

21b7954728b3579bbccddde44255bd8173f96f64
SHA256

2ab315537510fc91d73825d0d6661e9f4b141799877e2f5159892886265f362e
SHA512

2b274bf9900fd88d8697f67fdd82db000d1c1c9447ef1d4fd6b0202ac74008142ada2e30beed8f3b3e6e5ea8931f35cb21d5f5294ac9721a366d0d675043731e

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F1C5C381-8AC9-11EF-A7E1-668826FBEB66} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
840	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
840	iexplore.exe
840	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 2804	840	iexplore.exe	29
PID 840 wrote to memory of 2804	840	iexplore.exe	29
PID 840 wrote to memory of 2804	840	iexplore.exe	29
PID 840 wrote to memory of 2804	840	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:840
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:840 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
19f9a78931a36d847b8422e082cb0dc2

SHA1
36e0bed8383e4374410e22e2417e5c592736dd0d

SHA256
489881f536227958a371e9f4c48ad769d84ff302ac739cc20241824c19b96cc8

SHA512
dfb5862294d6a666bc2161c1760d75eb5a263bc51b4f0bc50642953e2010b8e1acbf84c099cf8c7fd259cc824c48776561ca34d496453f33cff9f1483594e95f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7074570014a2d6fdff1cfd64cb1946d7

SHA1
2bba85fe9f26e0d09adf1df84e31d95ae810e61e

SHA256
d54e0727af30f39d2c277fbc3c369f9c9dc0695ac1c61de046be6a5f4cc222fc

SHA512
db7a9508fbcefc9286d3b85c533d2cb61780aa9e312204167952524f31a1529ae3e2d610923cbab39e213d77f8c3378b1d749b87f63385446960516c76d6a359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ff0537269fc74473f4dcb0d9885e469

SHA1
50ab96d821c66e562ae29cc4bb600b8f30c27fc0

SHA256
86e1e66c4593036eabfc7d9990313e6d02c48292b91b385cdd9b16f7cab372ff

SHA512
fbf930326ca074336e85a4a23e6cede3970935396d4c662046abfe73f74a6c712a16dd7c5423183c00feee7eae73af2e6bd50ff57c261ddbff8edfe34edb67ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
587f3db9f869a9fd5489abe603132269

SHA1
9dfe8fe726612090e1823c5461e7d1745182e1a4

SHA256
9b1ec630c5724098c8335731ff43c7d9931276e82b194c70a5f844c5746b1252

SHA512
577c5962f84e01e967c696f9818cadbf842b7c447538a32fe63741d15dec044e3042cb202680564014b48e83ed60f5802696309430968568e5a97c9436daeaf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d3e26131ed038127470ba58ee94c150

SHA1
b634395a93a85624ab6f793593df1c6f2593a295

SHA256
4db1f1895c319d61b37ec53b97017dd20d8553229dd019ad82122e947b7e60db

SHA512
6939a5023c847cd5bb9f2633d43abecc1b5771a18deb81e3721e576efb7e6a370b12b9a3010a0bf2b6c7c4847928c8bb995c30dc3277821f381454cb2ff87293

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba6a3781fba4e7c936d8b60869218870

SHA1
ec84c1046f8c3a7094594958a2c2eb5e1f9e5e80

SHA256
7c7a9655a1aa726d9709b7a5a94046abff3fa0b7f78a4d254fda44ce7b2765c8

SHA512
484f36d6e77505d24964064e93ad1214bd2466b812f097b30a8e98f16408416926996ba2d4d321fbd07a3176efff5f2465c8bc6526d427bdd277e10d6b3cab96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
755ce80729b3153909ea780de96b0317

SHA1
b944c9c9e8d32ac9438a3cb0e363ede56dd714b5

SHA256
a460879255b81bd8d87db01465c51ee028b1342002a47851c349ed873b5adabc

SHA512
49b8013f7f27aebffeda69138c3bb489d54eaae7c6d90e324012cab549308e58861de0ccc44a5f57e496939ea9a9a4d6198c0e6ef75142e08e6902d706b50afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e15a707677390c3d638dc0217882cc7e

SHA1
854a1f169cbe15a2b3c1311b8d2a16704f9fd3de

SHA256
a760e9426e96ab37b0c204b1d3cc8f928785e768903e16a04bacc208ed8560b1

SHA512
4bbe02299993b01aeca5ddd304e5ca9d095011cc4b4349cd874bbe59f6a535daf52287ac408267e93f5febc64cec0867270927a40b45cc9d5c9b6b43d21d2151

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f6f62c23c1f4aa91fb3155006cd6b56

SHA1
123862757f6b37628c0e6cb13d6178dc21f2c70f

SHA256
02b20d2a4987b5a3452ed2b6c1f5e086eef58cdc27b8140f6cfb6417cdecd5d6

SHA512
9fdb1073f098e6826f096fd24073c8dc5c8de6ab76623aebaed49b7c29677cfc14f4028e7412d5f9cd246cec47e5e0c114290745abc93741672042306bed7295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfe4c768a6d5a69fb831976b27c211db

SHA1
c78beb4947b122a17fe22aa95623ff6a082447e1

SHA256
a279abe1809d294e0ca9fa0770c8ed4f293d2d1e695c15e6c7c19d6972632ca5

SHA512
493cd15b2e1b411902b09397999344e9e971f7cab178d9ac7b82f1bc3d37ccd16f50317dc3a2192e98b21041fb059b61c0f0e0e12415757c55f07f60b6dabb19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8993f595a0365a8ff5581cd656262f1

SHA1
f873853fe0ab91519ae3892c59a103fb19b1d686

SHA256
c11047a2cc3d3b4b0798c898ac41e5354698d00274761225b612a661a7a559df

SHA512
c6f493cf91496c73d3b221d7cfaae5193ce81905a8052f3e34de1c19ba3ddcb2fd6901896c48f377f9231fe5db8b5e0d7d10ce9964ce9be7ea41b1a973f4f03a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02a6e63c68be3cb5244b05dea7f1b7f0

SHA1
213f463e56f1adc30a7c6148fa6727f4f08efd08

SHA256
b498a5a9859e9d00a7ee505305e97da0af2cc355aa6dca17c7338915add05c10

SHA512
e394e677151937ff1fac3246f245543e85e7fe8479ee528b61227192d747055e9599bbcf3696b03927f43b5d7f52694f0de692caa5329000cc34c4b26eb1f51d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e4afe725d43a1974b3639582251e0df

SHA1
73b55dcf71a50c6921e2719625af170777a0934b

SHA256
271d7e83414e052387d095001c60d79fcc73c25a71582038b816ddde4f2ce8db

SHA512
ed1ae3606f63269f1b3a200be3d7bac00bfd4fb9fbc460ed879ef0dfc188f5d79475df90c3227ee863126d16ff7bb741e4e76910ab72f91d89452935bcb08f5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22a132d40a5fb35c6454e6222fb887db

SHA1
92d05d36797b675b1b1587d28d77026a416e2b63

SHA256
74ddc1981670b62ad2a3a066c9111b85d2c9c0b61472a2cdc799c0a5260611d2

SHA512
26516bffa9b1e5944f77be7428dd69e9ea3c2972b45819108d2e0a5d85e0c2b4450af48edbc86ed4c38c27fd06b42ee6831be95ee9fdf6b06b35a7a3fe26d965

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8b952ce2d1bff2bc404d1e6c6e5b3ee

SHA1
d45a4d9836eb22e22efbb0824dfc1439fa80f54c

SHA256
15577920be6e934b50347b08a127dd7619fd7aa8491ca23c9e136681e6d2cfea

SHA512
e84d6b158310db3f774b506a304fa7cf41ca9e25c88b2b8de01e72a3465acc6959f8166a4324627371a3155f485ad125c113bad80fce830ffa54cbc5bd36d3f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3647aa76023d60f83c759e9bb185b9a

SHA1
2ab0085e60dbce1fd4e0adac0a7ff02f02607ce2

SHA256
eda0792b0b60e74c569b05fd5eccb68a64994b5ea6ace8a16a7b6d4ab7489425

SHA512
d302bf13d85552d51e3792413c0b342c702af80f5b24d895fafc346f2adbbd782dbee915b196cd819ea3548b70a1c0056036b6554393b5ef68f42975d6d898c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab348A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar349D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit