Task
task1
Task
task2
General
-
Target
Docs_17d433cbe4e404b1092de9c213fec4bc.html
-
Sample
190824-zybdbltsj6
-
SHA256
cd8469ee9f5bd828bc3bd5dba6d8efabd49b03b2f1d0c5ee9ef7bc6363db4f38
Score
N/A
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 18 IoCs
description \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\MenuExt (CreateKeyEx) \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel (CreateKeyEx) \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\Program Files\\Microsoft Office\\Root\\Office16\\EXCEL.EXE/3000" \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute (CreateKeyEx) \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\excel (CreateKeyEx) \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\excel\WarnOnOpen = "0" \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-excel (CreateKeyEx) \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-excel\WarnOnOpen = "0" \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-powerpoint (CreateKeyEx) \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-powerpoint\WarnOnOpen = "0" \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\powerpoint (CreateKeyEx) \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\powerpoint\WarnOnOpen = "0" \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-word (CreateKeyEx) \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-word\WarnOnOpen = "0" \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\word (CreateKeyEx) \REGISTRY\USER\S-1-5-21-1147720014-1764331075-2940032047-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\word\WarnOnOpen = "0" -
Suspicious behavior: AddClipboardFormatListener
-
Suspicious use of SetWindowsHookEx 1 TTPs
-
Suspicious use of WriteProcessMemory 1 TTPs 1 IoCs
description pid Process PID 1752 wrote to memory of 2264 2264 Process not Found