aff0d5062bc4b3d1736920fa984701b5848c1e9053a0bb58668ead05dfd5eb35

Analysis

max time kernel
18s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/01/2025, 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

801KB
MD5

ec3d6052056c10ec6244cfc4685bc756
SHA1

193dadf75581a8335c65c73b177a6ade689910dc
SHA256

aff0d5062bc4b3d1736920fa984701b5848c1e9053a0bb58668ead05dfd5eb35
SHA512

73bbc7d224d550ecaa4661d30213ce714805eaaeab97818c72cf9401387610bcc7e071430aeb30c15cb9e61e05314963e32c14f8a6b9371a03cd4595decd0437
SSDEEP

12288:u02eu0bHs9YnyQbxr5eVNvYhOH6WtAykQAsmBhs5Py6MWe9oLqdsS05P26kGi62J:u0257HS

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8BA5951-DDF7-11EF-A8EF-7A9F8CACAEA3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d08b2ab20472db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004185e6506f28ca4297606e715b717c100000000002000000000010660000000100002000000097df657de86bcb8cd82839b9ec7a5c187b5a2fe136255494ef6026bc4c322fe3000000000e8000000002000020000000510e7d297813860bf130ebf8679848d3479bc2c47af584c0e5b4075908fcb1f790000000f015fdd7d6e1d83da4ddf9509054a1942588534b925262dfc5711d0c412ccc3fda84c148ddaab221e3365d81b8792e8df3ff0fcdaeb9a6c339fdf281c511d05bdf3bc24b28bdaddfe5e71e5e036c120fa1828e620d3c7c5fe19bb7103f46fceb9221a04482fc8566d241d2163d53720d2c557ceca61e6c854099f042665ddc890a5401e1e271e2d6e5333a4ada051444400000000110d5f6120dac477ed81fb15ce41185069fe2908de5ba14f8e5ff29d0a9cf4fd578df65bb1902a0357be44de9d46c3e2048f4ce3077d5d7189be75a6bf513e8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004185e6506f28ca4297606e715b717c10000000000200000000001066000000010000200000004c236c9d71bd206eb5af50e37821e9160f5665a72007cfbd9492051de2b01458000000000e8000000002000020000000ff76abb1206330c9aa4dd711a4692e6a46824357ab20727a5a897697daafac71200000000c9d6e68b104ca9e78e32b26ca5406fb4021bbcb9163078ca14e6d6664cfee6d40000000be0b65e38de7e3764a82d9cb6d6b891d2b995b34e9148c46d32c990979e30b88f2bcf237fd4c38f3953b1d606bf522be3379fdfcf722ea611767735907eae223	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2800	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2800	iexplore.exe
2800	iexplore.exe
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2688	2800	iexplore.exe	31
PID 2800 wrote to memory of 2688	2800	iexplore.exe	31
PID 2800 wrote to memory of 2688	2800	iexplore.exe	31
PID 2800 wrote to memory of 2688	2800	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e8bccfa24e96f1706162db77c7871bd

SHA1
602ab79cfca749ed8cc3b6b10968ea88ca4e0626

SHA256
ad7f34045b6f3811ef9efcb3438ab3d835519486872edd161b110f0317a697aa

SHA512
3f095e98db0156baeda20c928cec5eaa8cf56fe259eb372b02b528cacd1a127315d8c0b806711f8565c3f2f5db19e144b8bc4de53f2903cf9484045d2e8e2a09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea2045ed6d36be6fa45e089b9fee1c7d

SHA1
9fd102081b2c09ca2486f28d5741c8ca88acf4cc

SHA256
ed46311d44e8e88cbd458f85c3dc582a556eedcddbb6f4d8722b36d62d111980

SHA512
e3b4206b3e6632f6b250facf5c0f816d0bd1e907ee026d26fa96be83ea9ec625d63b7c2aab3be0515b98f6746a7568400457890ba62eca647e64a706a0ec1d76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee43e8d0de5347f686b7168c1bcee89c

SHA1
17175414f5beb7a9dfb616a8c1c43bb332b01dee

SHA256
5051ac155165c0093c1e6136d3c35bba79a66ba9b4dca494573ee6640833b326

SHA512
5ecaa9447c96a36e7bcbb74c726aa2cda84e673f1fc6ece553bbfeac0e8d7ace7e50d87d7e97e7b9849faf8552b3c4b83e8a62e069fa5b8fbb976d81c3c24ccf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8e0e37ef02d7aa740fa2b6335b154fd

SHA1
66807e4c27e29881238df5c78d0fcfa13f35c23f

SHA256
746ec75eb60d4d65efdd1cae686f4596fcc66d50ff0624d12768f10076a646e4

SHA512
e2c63e73ed64b5a6c90caa84351c79ecd2d663e68e432c3f8b5ba4f3555bea762c4c18d5cd2f68a8d697a6c9c37ecfdf624110b78844ead641c13d0cb851a719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd57826ea779008cab61014d8dfb2190

SHA1
c81c8096033189fb8963688f15be0a7a6fe7bd52

SHA256
a093711e473cdbdb3f8bca34f0926161a46bf328a7e3b631c1118726a943c2ec

SHA512
fce6e039173efcb07b3647685af5a434ef61705998b43b8c733460366bb339ed8949c73e55c8fea8070f25dc9dd0279e56c35d5ce0b957203a05a40d1a449106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b47b606924f0412336aa60478bcac3e4

SHA1
153dcf94d4953d0fe276252baf18d4629db20964

SHA256
abe7baa49dc2dadb062c4671a82ec932630525fd6081b89018ae7e0ea55fb048

SHA512
4486769e405aeb74bde564c5caff9ab08d0ccf66a9a1674620fc9f9aec9b9bd9a7c75cbc56b4a9b51add7f923c182a2a9bf5b04e184b94ad93fefe46dfddc7ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0403597ec31941ddacdd94d893de50fc

SHA1
0ccedf455338b983186a0705c08c63a2c087683c

SHA256
80fe8e8543eec5553746199770d820b71db983225aae5a90d6cbe22e85b98604

SHA512
8bd0544f2b396e13ac5ea2c21cf7119e5f97790168831cfea06baa0bcadcf1d37c587412aa5411010e636c23ab414241d482cb6345a8b30fd506e9809e63c72e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75a031b22c25f75718cb6c2a5e2fbdb0

SHA1
46ca69ab648a213849997d3b1606601eabbb8455

SHA256
1546f1e54310bc5b6ebb32fa8a07fc5616b1e98a5fe76804b97c9ddf34da60e4

SHA512
d17ddc1a878361db365323c2eb6118df2be05c9dd6d88782772c0d12189ac26d91b3eed211cb3f481ba96f18019d46593d51a6f287fe81fe638653b32b27be17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
212437210c89f893a9a1dd23d3c34e1b

SHA1
183c016542e21c83a4a773524e769c8aeb70227d

SHA256
9259afb85a431299a733af6f7b0b6cfa7ee746b84d5f139a4b5ff9551f518913

SHA512
146efc3c8f9e269ee4e47af109a2f91c4d3d5eee96554c30982d783886d5f6f1a61f5fbcb3406e602f7a6eb2a2d3845048a3cdebf0d52f37653aaab4f612bac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
543055043a6f2be0d2ae10d5c10f60b5

SHA1
5d2b47f3b0759fce09c5b2357382b30f2b024577

SHA256
ac0d72b039b0deebf538840ce46e2ae87d190e5805e405e48f4fc82b64dfb74c

SHA512
15e277c4652b63a4d4e6c2f3fad7375244adbab233f9dcee147cc4e4c10f15cdbc6a59a4245cc8924a7fc25c911919308a262488b8dd6715a604812c5bd9695f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee0448f1d09068a8b69fc1a060a95920

SHA1
bbb861b26e439d4d1d9690c1d608acd3690e8e8a

SHA256
deee53ccef1d2b58ad00485bcebde4653b4d6fbcde0421d202b3017bece1cdf0

SHA512
f0b592ef59ab79d681c9b203e551e8a4712fe0936bb9d9ceaa98db9f39e4e0204c4b3abede75731c311184830632377733cce099e7869f614b550a93bab85a76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78fdddf374dec392eb1af3fec494220a

SHA1
17ff57a16cf3afafdfc5621a8d98a3db5c351bb9

SHA256
57bb0eb9804ca858556fd12c276893a39c81dccb56e62ad7ebdedb8072ec7ac4

SHA512
ff9254cc68ee3cb1eb6f5996b332e2085bce445cfdfb8209563b282ddcdc6cc00a805c67a814c9abd05523980800f7f80441885181fe317d51e51b3514877960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9fajjbh\imagestore.dat

Filesize
38KB

MD5
a6d4ccc642c4c28d2c7e4db35977b81e

SHA1
d2ba1c4da53793eadb89ee00c083c19e97f23171

SHA256
12869331ff4ec405d6f1ca8301daf598b63e53728b433141428a6ed4a6f67aac

SHA512
e30c569cc3417d8e244c4cebba13ee96046ea3f499a1d8b63847ac1927542c423b4b585e169e691266bfee06e44f13498a98a49333d526c5a338700dd0920a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\favicon[1].ico

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3E9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar44B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit