dd2ef61403f57fd1897b2d7ea66f0b69e01fd4eab49605c5b98da3795278ce08

Analysis

max time kernel
142s
max time network
136s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

286B
MD5

0d91906c3c601ab03fed42f81c115972
SHA1

6f5031a58caa9c917183a481758bbb0d3d96ef87
SHA256

1a8c7f60a0ff0cc261ac9ada0e39f41996ed5fc9ef07972bb7fafa070064ae76
SHA512

336aa5249769df9120ecc29e9fb9eccb9e1fe6941fd943b33605d51bad87b3400c3c6b7d54758dc2b96c6f72bc7e37e558826430ce28c2bb1711a39e598444bd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6CAD29D1-A7F3-11EF-AB7C-F2BBDB1F0DCB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000a74859955549fa0ccf44378e833d9d2aa0bf4dc1b59a58efcd8706a2e93debd1000000000e80000000020000200000009ca6cc81fdb95cf2ce60875e808defb6ac175f7ec029861dd28b4a6fc378ae689000000037ce3e846e31a8955383927e7c78c462ecba7bd63c1e5249f101fb854193837fc59ecea873df4d39b311fa2d5d408a4b58dfde736534d23eafb10a4bba6e34607008909d0a013b33fd954a52055ef9ba20a72d72456d2b71518385555475079ff977f00e9e07e27231d56f9c409fcaf9c05048b53b6558d3f2f4b92913c5ca545282bc9eef81fd7398dcb69a6d3b1d6340000000f2cce46d4d82dd4f6accad72bc8f7ed1fe3c9dc679bafeaa7ae7bf36bd7fe1dc8fbf4b523de37179d9455f707dffdd915d780bbbb7243a6e277d4c2cb66c1863	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438346818"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000b67a31af8362ae3940ee8653c557815494396b8875680646ee1faac15fa7306e000000000e8000000002000020000000999c5610e32936aae92dde6bd02f4b9672adc55c7eeb06cb2a83d186fd5228a820000000d9216d11438a7b1f9da94f627ee16275721bf68955ce64b58b04c7373ff492a9400000009b37806919856a4bd615dda18428cdc5de46ce47f17c289a3d78edea748af13d1279407aecbc3155482f4aa15a53e1a99c0f7d81afa1e663e528faf44cba8e19	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80af3441003cdb01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2512	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2512	iexplore.exe
2512	iexplore.exe
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2316	2512	iexplore.exe	30
PID 2512 wrote to memory of 2316	2512	iexplore.exe	30
PID 2512 wrote to memory of 2316	2512	iexplore.exe	30
PID 2512 wrote to memory of 2316	2512	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5801564e5272ce742264ee9d6639b6d0

SHA1
ebc626bebf9c4f09ae0a7a9fa30206e10de14852

SHA256
3490231820baa01f9542ec7b767ac05a682203d049b023c615dd5960a9a4f293

SHA512
1a91a68059e0fe74c94081516756286e11060a262ed987ce66a1af43358aaf9594fca624f7afd8916ecd5fcb5e8bf0249ba2e42dee95d83009b51e33e6a8d243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e36261fba54dbe2b656b401bda743ae9

SHA1
543baf86e4068415d9e87fd8d1a1d07c8b71e42e

SHA256
10e5636f8177c1d452b61bffbda360e09a7a2269fbc38ff7ce484e50ee8cb3f8

SHA512
392200c118e08e1db97ce5032f9519ebf348308bcb5dda4aef41b293cfc009bd451fb81f07e0880c630074cddbe9eb7a36624f78c2e210ebef9015b4ff59ae2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c51607f0d6a1101f95b238316ecc51b

SHA1
34497ef032a2d91a425c378dce3c04418c7e5366

SHA256
b5c4404bc736128c2dba5a837812840ac72f49a9e5b4b79cb024def57aa9de52

SHA512
087fac6bcd0da4e818500693265afd45703d29ccf4ce684d9bff348220bcbed21409a8d966b4aa0ae06d435a3a5bf1dd0224bc1a254ec1701039a3e3aabca0e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6b793270fad0399db22b87cc09e711d

SHA1
b08fb420f98b7748a1ab3dc11d33b7bf08207295

SHA256
54d61363a3a4fd5122e6eb6c2c594c045170f9fdf3f75f9dae8a4b2e82934812

SHA512
3b1c9965169092668b2d3ec68f59cb4a9d555084bc1b2859ec92cf035b57d3346a28799e2d6aab8b850668af9831d5b74dfcc68943edbb31e59b92242032d337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
804e60504e03264593beccbe4147b89a

SHA1
8a5f4771d5bda65027dd40a1800b54a3d4353042

SHA256
a7cdf96d6f4c10026f6d34afc0ce533e641c0976ff23a4552740e2cef29986d9

SHA512
b09e392da8a73fee4c8ffb9362048a3317b1556b9c09ae60e6abb7c5cb8daae4785e58cfe7421218322cb1c6c4adffc874b64a2fdd2affb0e25a48a8eda3b05b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afcb282ba4532ed04111d00206a2be17

SHA1
a881e749e8f8b980ac426a13a9776fb132697cbb

SHA256
e23adbefab95fffbac224da7ec8d5c59500d8ed544b6bc3c4b1331d6733312a0

SHA512
261cebc1859824fc8203772d50345057d2dfe0ed4758dd0c09ef087eff341a14517f2c34307827d26ba63132a8191caf909ea751902093d882aa74db97052b77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f542548903a01b66c8d2ded08ca68453

SHA1
5ca96cd09c16ad1eaac07f6f4410f6ecfa4733b9

SHA256
60f7148846886bb6934d08d143bf335c798a91dc290a5a3d134080bf872731f3

SHA512
630363e321ba82031347b02cadca43a9d186ae12088585e7dc250284b195b63875c5ca5eef8a06611f63cbc0b5fc70e92d0ef3a6afd5b4e8ce9909f51f5f0364

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bd5b3159db72bb1bdddd8ee788e52cc

SHA1
abbe43d87a6966a8e800d809bb3eb01382bb2cd6

SHA256
ff6c6a3211d67b9053f01488e26fa97307d5426fa64d745f084f7296bc97de3f

SHA512
0f187722279fd45b6083ea6af801d99cceaad1406a3d0688d78339ebb9840bae7aa0ad0c4eef867262f2d87f83e0cd4d2465b6842d3895f3c7878aa2d7d9239e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc572f846413a805d65e17aad208a3b5

SHA1
2aefe7ec189581f3d96612e2413b95015bbd97eb

SHA256
cc0ce82b2870cdb3774a268eecd1a1d44abb07dc20f2d247b9f72117e1edc097

SHA512
c945f3e09d6f65dc2d0f9bee519c70673d9b4c251d3bb6063d3d30395491bba1f187a2a6f2184e5c62d86b692fe98a6fa7100b3fa6b4c6e4e00fd9bac6d8e835

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
012e78f40f2d6eb355940fd5aefd2bf1

SHA1
1768e7d94f07e499970aab94a27551c61502208c

SHA256
9679f4adc3d3156c4ec707f5452496e8a6da4677efbf8683e6e27b2536c41453

SHA512
4f7de2bbbd48413e9019718dfbf57ff81f48d2e12ebd2db1af3928be0d07c6f6a59f876ea43bdd38946322b855a8007a0bbc2447ee08b3e1ef812f44a859574c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4afca9fc2f4f53019be02bfb67f1b9ce

SHA1
a5b5acd7343f433a83b9ff3d5995512e74a6e193

SHA256
3083ef77d4f06916c31422099e00308c7b00a047797d7f8855e3d4047c979a70

SHA512
e38d83dd715a68ecc4590a72b2c1bde35c41b37063714fd00d2c5f865d30a33cbfc98eb37a29265773cb2fafc87fb8c544d4154e84d868b718fc644e4a9334ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7915ba28537fb50af81fedc8c5fafa79

SHA1
2747290efa611549513ed39137c2dcc4d4f75421

SHA256
761e56e24a9dda1449f34143fb05bd32ad3c32f8c9399c03213e93940ec6fb25

SHA512
256f04af58eed90ad15ec3e1df2229d42e81e7302f8e87f0457356ca35683af6fb4110eb717393105b28f05b09d1373791d516ab0b63f63d9e48894fce89202d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a80388c6afbc73e5615f59c0129ba06

SHA1
0f376929b92687da551431253e46f38ad6ab74cf

SHA256
0ad2f542b4ccfdabb347481b816da7c41c127728056a566f5f9ff2ff0701cb71

SHA512
10037a7efca8dcf082feaafb26e7354b04d469b19bacfd44308bf8d55b2aa338c5e332bce790f881f6fab99ac807adc89b9c55bc0cce7299675cd1986c5b8770

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b5f96dc2b5d9af356b51203fd03120e

SHA1
dc86fe19b5f7697c8cc210a1f3585db31b08a936

SHA256
d4cf854fec06918788c3a50665577c273990c047949412e19dac37fabbe52cac

SHA512
94396fe83c6a2620b97bce89edf669a49b8541edb0582503cb3e9213a5737d1b3497f51d027b18d41edc51111705c2ac83f581a8ca9a70a38eba8a57ab952e45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd2296ef8e2e2db3472a0997888a930e

SHA1
9c7754be602d0863128a0c9112a2a43d32871f1d

SHA256
612cc25cc945f7f86986095a97b55dc591625d91613e5e6e24296b9e985a277b

SHA512
d628fda22b42a88d596f70572fa077a00ec6319a19581796ff1abc227b297e7cdac285ffc1cac819da30808b6a75b98407ae47c05e195e760bcafb7539e5f925

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39583fad47dfdbfc598ff08cd418780f

SHA1
80bf730691999ea2d56f9c8927c610cf7d8903bb

SHA256
b9c2c98dbeab20f59e982d841254511f77c1d70216df21f6ba36e38a39fc7628

SHA512
a3b7f95ca189a2b99bfb0189b6593bfafd8f929a8e3a834a448d3ff749a08466dfd419a665bed9f09d694319d65755d5ed3a2204e134fd0ae536c54b6991818b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b1d3192291a1bc046dad64b554110d6

SHA1
4a689c2eb7d869a781471b78e2238df647857ef7

SHA256
ed2ba32f0d4809fed171e06c858f47fc4bf503cc07c66a5d2b40bbca15734a82

SHA512
9b29ab82542e871ef0896cacba96a061ff90e35c35628b0e7c712d58fd74a384dec3abed9f3b32f5e16b53d8a4808f63e87c616df33159ac5712ed89a95728ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDA8A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDAFA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit