5842375b33d1461015322baac92a5d31e460dcc3b85e1d30d20196af96f81612

Analysis

max time kernel
120s
max time network
140s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
17/03/2025, 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mal2/breast.html
Size

51KB
MD5

32b7055e66439065de5ea5c8cc51ec80
SHA1

b3af36490fc9bec19b6041221191eadf582e14b5
SHA256

467459cf4763513e74820b221770142c560620d749fcf588fad4d38bb3d15cc7
SHA512

fc9903fdeae2e21cfa58e716dbc9892f3b4de4e81286a22ae9e3a084502d161d14257690fb1f0815327ffd3140bd0fa774683a120c32a41bbb8d849b04abaa34
SSDEEP

768:2XM8+KzTjc2gqtbminV1FibevwtqhhftLEayWud/DGC/QNZU50ugfCTgccp20t7j:UpzPSqh7vRXLExvrGdC0cK77GpN+/UI

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000596298383b88f045b768ac3737055a04000000000200000000001066000000010000200000006453579e847fa0344ed3018975465f5f10d25dc266694b68e183ef7b2987beda000000000e8000000002000020000000f783f77e70b9eb02b38645b135c17b043ce7685305472f95397f5648d7f48ce59000000072309f0c40ecd681904db76eb64bb7b64acebff8805875d37cac17802506b6c0860f8a0786f5fd1e63dc484555505b85e30c96d56dfd7683eec8a54dbce0d9f699ee2c01ee460331d8183930ed02cd9dc8da3c2d70c0536911aa43f98bb20adacfea063416ef69d2245d3e5df81c1a2223d181a8ee35771048e7603403089faabba50cc4e67739bb9e20cb66f6924d224000000071e1e5990648ee76003f1503cdef6fca0e36b8b51afd655521487545ea5d8d841f05476aeeed035438ca037e69ec8d274e6f2141d2b5bf8a69cdac5c057706c4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "448341756"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701de68ae796db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B64BA431-02DA-11F0-8389-EE8CBDB9BA03} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000596298383b88f045b768ac3737055a040000000002000000000010660000000100002000000033bcee67a35b13844ca457eafea82683a6382b980ba49ee239de03c9c61aa072000000000e8000000002000020000000026464e07ebe22486f614c3e8537f7ad6abf9f042c7037feecfc4a156228618920000000750c429066d1dadc24b80f8688cb35bd58a0e92a4621c544a13652a41eda73d040000000c35a6e0e955c24fd843e9c13ad7b31fb9b32a3b407319360a44f7bf05ed85e42be94a80014d4a7bfbe1ed8868fe92fc1702f3ea658125aef46b1b3300b70de74	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2224	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2224	iexplore.exe
2224	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2560	2224	iexplore.exe	31
PID 2224 wrote to memory of 2560	2224	iexplore.exe	31
PID 2224 wrote to memory of 2560	2224	iexplore.exe	31
PID 2224 wrote to memory of 2560	2224	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Mal2\breast.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14e185ae3144262bfaa79209ec833c23

SHA1
9fb2038a5a07c8d68d83f582bb21d4b898dd7f49

SHA256
cc2f8fff8a17724e8d815049855290962c2d39c344941357ccdd82828a777da6

SHA512
3388ea9a2721c592f5b4dd71628dc819e6ebc8bf7f9088e317fbadd148d2b0ddaa49a89c5615a53eb68f3d9d32a5bd01fd9350b4d2a2bf803d695448b06c25e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b8c37313454a9b8b0425fda1332606e

SHA1
21682e2ce56aead3d4417b7901aa8ac8a6e63729

SHA256
8d92fbb0531573be05a638f676627f25239c85bb097636aa03952090eec7b8eb

SHA512
092c8730facd8f10e293738f5ff618bbe7d4232459a355dcb65ee97246528e8e00cfee5ddf6831800ca8b8ca771aa69049997525ae0de44716ffc35e3ba84529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d6f15e360fb13e73de567c00a8b6ce8

SHA1
392a9fe287c2f6cb069cc7d2da849c3811232a4d

SHA256
c8545344d585f14e6b7b41bc0c9b3e6e7f1b23cb66d41584b5bd3eb84453db09

SHA512
013d4f64b3112b969b0f84b10db51dd7a028ba57c90f49bed6aecd70199942013279fe645ec4f3b2368507a0faac37d043112a35b02268d80dc4619aaf9adaae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3ef5930b7887f4105c4191add2b4b80

SHA1
8066ee68433877f940b0d22d99d8606f2674eaea

SHA256
baa7e73dd12fd9d87b66efd67a6d8fe90187c96b725fcb3554bcd4dcf9e8bdcb

SHA512
46b1d7e0b6a5df0b6702660e13e9af330b1ee7b4f196e0408b7fe8d43772ea2e85d0b771bac607fd123feebc59a64c569749eba8e7f5dc909455f8efb6c00fde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f932ed466b893609d8c7320750f8ab8b

SHA1
90c96cb6ea7f59709629fe136a728a6f8a45a625

SHA256
1faba38bd175bced04066386d22ee9b4bd26b22b6e5404e2b3afdef55ed3dd78

SHA512
756afd5b84f38fa9bceaef4e61c9862e24ce985adb58e517e42a28976cc64858431ade220dc20ac43df0bf28b064bcf3751a2621544505be2cb829ed20151046

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75fa13c2c43886381246faedaf213591

SHA1
c3bba99b16375a00e4e379b9353bc0405e9f5306

SHA256
256b7afef6f8689b7f94ccb66ff41aef8dedb2f793928d34cee7134adeb63530

SHA512
199de3587b5879d3284150a91ddbcafbabcfdccde9622602232a29b57e389a3ad4179fdc3b77fdd6af1c343d9b7f3faa11a6b71f7987f54d8d1d4385b3e4243b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26a25160560486ac36ef59cd6416da67

SHA1
8220d2d54beb50de9dd83ceb0265033f0254137d

SHA256
6958482ad7c3df6572eb339e8a074a20d37f5745ca92b527f5d9724948095538

SHA512
ab73cc7d3b14d55309e47772ae91ec3dc245a376a4237f1c31d5e670fd8716d780915c118526c37124b497f397e8869d78e7fddf0c95800dad7ea2bb08d52eb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2785122ecf18186fd0caf05ace3185f

SHA1
62eef2f0d28bead1f1d933df6f690e45bb269ec0

SHA256
604b91a0c4f31bf3b179d2273540d72dcc7480355db0653570d246f6016f170f

SHA512
597c88e8e7d464a3969b77c5905eeff630931119c691d82c8eb154865c8c0ea358c06cdb87a90f6c2f433ebdd579596a352322b774e410b0ed35c7b09bdb4423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6941f8b04dafaa9b10ccf090923b23a8

SHA1
6179033b54f58065c811f4170036d3644aeddf73

SHA256
293e5d011ca55090315161297a74c789cc8274f1ba71a6d52cb17057141da816

SHA512
50e018bace38dad6418a28822d7b6b0574050f616210efbb4214404e1e569b94ff620e72d2c1ab271d13a1f74f9fdfccadfe11c13bbb2cf51bb285a0001493d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f0f2e3919ce5e9d19caa8ea405d490d

SHA1
55fb139d0cc7c558d0a17cfb6cf6fa00d445b132

SHA256
ee0f9bcb6d4b07d6e2a46bb5e9bf9fcf36898c288f599d9818b9cbebabc1d012

SHA512
786e2e72fe9c6a7e445de4945f94548c1bb0036b0eeb422bed3a9c12755c761602d83fdeac8d870a2f7fd01496d3e5595bfffb9a811d9aadeba7203fe23abc90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3a9025a93f17c5091b1ff99d737c301

SHA1
6e5121e4530a8676e4fa826202a4f30b0830ddf4

SHA256
3fc14990b63ffa07e2f5476aa3fd725ed9bc316851b03ae90b87bcc691b179a8

SHA512
532080b661c8b8df0736e5db41c6d7c683fe0630a75626e42e855d601641e9d10e77a1df8940e2279a23555151e9fa3b6710df14194f453e47289e8fa0961d29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4944dc133a1f23c315a4675e1421cdf

SHA1
8ef4de47c67f873a3bfb451e6ea2865bef9cbbb2

SHA256
8c8a1d89f585c33add3fc1a32b5b977a28b788ff26bd7bb36b91aaedbc37a4b5

SHA512
a42378531eb678e4a1a4fcec95cc462620664607da01af78feef094c0a2716d4be1714903d7734a2a7bceebca734126cfe499229b33e4464fc84b42fd498a7bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a7048023a0e63d90e85a0435d14c4af

SHA1
e6ef169107ed78feb4d225f2071417b40256886b

SHA256
e170b7cf00166e0849283dae1d0ca04a9087d175afe5e0687c14fea390388004

SHA512
66c8ad90c335a5f5f3b0c5447d37d851406293822c0f0e3a7e7bb144b419baf97bc1f16f45b46be5eb3c666f693f48e1b87436cb7e4e4f5fcb9ba593c84dfe8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1d084cbcaeeaf97a0d8cc5c103b2d9d

SHA1
84c069f06cca5bfecae7ebfc10f6a96327f560b8

SHA256
945b9b9c96503cae9c299835fe55317e3f906244e924ec45b8e4d4ac2cbfb1b9

SHA512
6af3fd463a4f17b2ed9f2650a068ce173308c6e255b148a83c01eff01f8447be5fd9270db4e1be069202b5953f8a468ed5cbef2ac5e91dff81e00c7f01b8dbfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d34e1bfa230964f99cb0ba4ad1c06c3b

SHA1
e3e11c9bbb8805a6206a3bf86ff38a8513241c62

SHA256
110aff95be9aaf24426a31f24d821b315360dc120bdd44edf0c68ea9a9d5ea21

SHA512
b6f487b58baee252e1a6bcc41b0721fc084f2f7ab1277232a7c5b0786b2ddc4f6c804bbfe0adbf8b9e018f9b424cac74b6c5bcd12c191ccc0ea04f2bb1903954

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF2CA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF3DC.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit