148e4c8e99f4281669edf06efe06a2d665fa52465845ebd399a669b21b65dad5

Resubmissions

28/12/2024, 23:54

241228-3ycdrswjev 3

08/08/2024, 22:06

08/08/2024, 22:00

08/08/2024, 21:53

08/08/2024, 16:19

08/08/2024, 16:09

Analysis

max time kernel
5s
max time network
3s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/12/2024, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

13KB
MD5

67d2b578e5dc47cbdfc65ed262e16ede
SHA1

aedf2e8344506c3f622c7c708dca7620410d6a16
SHA256

148e4c8e99f4281669edf06efe06a2d665fa52465845ebd399a669b21b65dad5
SHA512

fbc12b7c0036b6012c3707d319d4c4ee9d3c67e70b2cb50e78014123e2daa39b29c540ec87e2a9a12d36bbbb48185c29de082e68e741cc4698843f0dcdc9998b
SSDEEP

192:2335phvCphvpWPlphvf5+YUXmg7J7bBSagVSOphvY:i35nKn4PlnQYmmg7ZyZng

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{261D4031-C577-11EF-ACDF-5EE01BAFE073} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1924	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1924	iexplore.exe
1924	iexplore.exe
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2772	1924	iexplore.exe	30
PID 1924 wrote to memory of 2772	1924	iexplore.exe	30
PID 1924 wrote to memory of 2772	1924	iexplore.exe	30
PID 1924 wrote to memory of 2772	1924	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d55b425a90546d6317c32130170d0ff

SHA1
a323a1c5e77626bb1092e4d1c70dec5e2f567b10

SHA256
1898a2ce64fc24e1f5e2730f57771f51c09e1b3845a969ada9efb1beb8c3431c

SHA512
5f99b9e23480470d070a1ccc61ad31435cc053e51084f4c32fe8b5e008e34343968000fe6fac4ab0bf75826ccbbb45c9942decab13f5c380ceac3be35a7cc92a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33cdf2a01f0092a6bdab14077dd41d39

SHA1
acc605178ab5f88ac763103b3d6793c974f50b9f

SHA256
6edc5fbfccd1cb119b1cb7b27c4892e2588560420f4b4e9ccf0d363a58effe7a

SHA512
59d832393d91617ad1c166e71524089b8914a4f713fa0812e8a8fa6b58f3fb500dd8c53ecd2fd53b9fb6bc34b2f0492bbfa601b8e747c91efe79bc740db991d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57a44a93483b037ffdd0b39ff64413bd

SHA1
e9b06bda46047af534cd685bf494277e2cb2e518

SHA256
70b1f22e83c9ae003567b60317fbf29f1550abf02527df209aeddea3d06ee340

SHA512
d2f5a4e19cb63ea6f7a1f6938eecd16b0c60deab7c8fe4512e350496ccc4b917feb9983c35913beaa4f47c2e95286f1ea9a29c7da5e34b985dabffad8f7c593b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c33fdf478d790f713189797acce660d

SHA1
6a4ec048bb57ca6579e1430b010877f8cb762e08

SHA256
f73c72e64a97ee45077bbbf7614a868d80d0553a318cf0c5439be0355fcc6719

SHA512
b96bdcc319f4a792002803290dc44372dfb01d5a28cf05c53e33207465b6a113ec8913ed9183b8cc493b2dca7f494c6b09f7f1be4df3856de455c1917d9af34f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a0db98cedf3c3c13bd7b374a6345bcd

SHA1
7e7490f6bf3622f45958fa1f13ec937f32ef310e

SHA256
214b5115f7c1c82059373258400f8f86a762ed61281edeef9675bbd1dbd804a5

SHA512
1f32ab52eeb641571bac88c2919db967b9063d1408a55c56783d01b2243759ef7999abce1430c21773334513b0dd67c291555d6906282b6478a25a44717b9d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3858f8d9aca4ba7efc0f6c17e0c8c792

SHA1
2925121a6dc7a0af2606a73937e836ef7e212e26

SHA256
d2432c04009ba463962a013f74d60012a9ee37f561c76f2e1b7778fd1c9abeca

SHA512
dae7b2861a17dc017a1f06a334ed730b61e4579132726f8b8cb77197a3bb9cedae2995b0341456433092caddbef394ac2dd06711cea884eb480bd00a941fa2ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0950a6b8a6d01d7bc19db565baeb17c2

SHA1
a37ea637e729ae96bff9f0d0333fc17123d9f89a

SHA256
51cfdcc7a185c6873d16bc320c8c99b400f7e1511ffd5edca696b4405d92d8e6

SHA512
56936f2613ab62b292dc91a991f40ad186cf183d1624f8ca9a253a71fde306fda67a4d8dbab2d819b6fc7616a0933e51b4c4c43de2564ecf28339669aa324437

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7f7536ec9d22a0491dd78ac2d3e4121

SHA1
a11c72be32bfdd4ba4ee697cb7e117369e0e5533

SHA256
b3797ad24d38f93e29841c1c50306ed6284e521f820eb66ed5e682d8817153e2

SHA512
dc05af29404da8c76a811384bb3f8f54ef6564fd33b3b5d13a162345170868f6225d172c4eaf6a43caa224ddbaee69a667bc58d54d05c329f39f0bbe836ada12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e95b8d6fd1fc551d0ebcbc33c0ead8d9

SHA1
16516f076280469dc4319b245ce883fd6d083b1b

SHA256
79e9c9b0e3f55cba810566455a20f6a32489c014ed4ec0c79ef12891458eda2d

SHA512
007e7cc95da8eb1dc013213c85d6985d208579698d213fd2a2a6cecaf07a2f15ef94c44ff94baeef1d72e0e3fffdc20b1318834a1c26a0104eb91991524916cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a2050b420ed9f249ec7c748134dfb70

SHA1
1d1836b4245a0cbbf33d9286605fc338daad101b

SHA256
520a2e3c3f625f302137c6f88f2ab80e5833c173b6c9df3743269b987a7eca77

SHA512
ee926b0e13387aa5677ae5d13274ddefcb7961a8be20a920ae5e86d34101c124b13f081ca8dce65f0e04b9edaae469169075145c1ac3ea4f8ee5d74a993332af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87bfa9cc0e7a3000d7e117852ccb9505

SHA1
19fbb7ec6832ddd69e94a18d6b8a36d2f710810a

SHA256
1149c72ce575f8e20ca446b2ea3df89306bddf4ea944618d9c7226752c15a41d

SHA512
b6c388240edbce091e0698ca2dea37c16d184f7f7a524b5eff8bc36bdb276284010ea09bcf84f7f5c9ad1230646317851dafff710fc48c85083ec5d5a3a01d7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
248b4db228598b10ddc0b1161c2c2f13

SHA1
ddc113fdef15db517bd83b2a3b16b45c054fc5d3

SHA256
6f9f52ce66b9f718c99ceba752fd29b0a3e54c43f06f4009af343e2f2e9e12d7

SHA512
8d15b4fae77e392c842efd9e28f1170a9d74e8d6451bf94b1318c4ee4710dca67a7ed94c611cc78df8a196f99827c59b951643bff60befe9b1040667381c3061

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e542ca99d5ba194791663f41d67495f

SHA1
5faac9737bc28e88e98f41a8df2a969f560ce0c4

SHA256
a532931f725906af5cea9dd7937b6f9a46bde5fb97df787aed97ca58aeb4558e

SHA512
6664433cda60989f03b29c3267c0eedb3ba407d359d3184ed6a25d1d7a640436e48c14440e21bb9f8c403f5fc0c06a7c387dbe3e8b0dddee84c16a9903bd0623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
d8b68d9de3ff860fe87f8b96868213e7

SHA1
8d2a98b223e269bc39f53de3b44d0f3ed6fc7080

SHA256
87f0a7f6ac19090f0fa75005a4af447133a9d2307ebd2aa81f616e10918f2dc2

SHA512
876c82a1d295d17986b8883de62c31e50c2a067053043db0688fe023226b9d20653f391c68f4a59b32b95585730132c5c15f3477eb47332879d64700b9a7f0e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab58AD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar58B0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit