6d4ee1d401a2289b5bbb769d09100cd99231817b175b4a9bfeba233989d668a7

Analysis

max time kernel
153s
max time network
152s
platform
windows7_x64
resource
win7-en-20211014
submitted
25-10-2021 07:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

centre-inffo_Doc#92543.htm
Size

421KB
MD5

d142022d40a23a709134db3612d76a8c
SHA1

b349854744c71606384e3f7ef10c2752a1357697
SHA256

6d4ee1d401a2289b5bbb769d09100cd99231817b175b4a9bfeba233989d668a7
SHA512

420afe03e257da714cdf1f582cf723dfacca60242f6374ca4b0d58c665f84272fb4e032e83bd4818cbf8e73e29f827931e844e503571edda2e0d5477f79ea473

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook
Detected potential entity reuse from brand microsoft.
phishing microsoft

Modifies Internet Explorer settings 1 TTPs 58 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\IntelliForms\AskUser = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage\office.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bf5749d3a275447873d564a46cb1936000000000200000000001066000000010000200000009aff5b0b8e3b3d651fe92a6257639194761b822417b569da560f99b0e05eedee000000000e8000000002000020000000ac8ee11b493c626035672311d8e1434eaf60acf30901587460f76a11188b9a5690000000860cd32770274fa216bf54f0b6be3c7648ac8bb6f31e048fb05ec0dc409ea9b38614ff0a83c939cd6b06d5786be1dafaa92e37e91845c1424848b27c342e651a4db83e0648820af3991efdae45e45163778c89b85e3b36b41140f1c5fc150a29a67446f3503d972f72a068fa85762802b1648db832d3646663dd1f67ec3c240dc031502ccaafea494438b3afbbd0f55f400000000c5edd95cc93179eff5a44af398b674ec39a7148f44db2ad057beac29aee66eefdace62b1f988ce71994be6779e007d8e25d3be90f0de836f3a8b8fd565efc74	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bf5749d3a275447873d564a46cb1936000000000200000000001066000000010000200000009c3eb2bb3585f8ab50b1bed7c9f649c2547916c76041b9c3473a4e8b96952f71000000000e80000000020000200000009d1957aa8ad57791be5ea13c63fcbf38c10bac72f654302780b09e9876c692521001000059e25b24e63ba78e4f5610e159ef6eb7fd0003f570c4e54c108084dc8d2aa640ff24cdba42bd9f10f6093038201f28792ccc70ddb314dbfbb1e7b71548fa2ae25d3e5d7e9d71ba6f04e73da61c1b2d6503bf3375ad4d95ea78b46ffcc28322658d209a29cc68e9fbe24acc0b9bee572cc96d774e9b7621c0f3e93e146c3db2e4c69933a9867de0920eee8953aa43c5324c0e062d7d62383c053bafd1d47132c7cc8646dad015475e11951f1aa4995fdce6bf555c1ef50c3e3855e86d752ff77301dbf6a10e1fd01a61867195b5f9cc70fad3082fbec4328998ef287b2f0465414773517704e2a8aa3a430ae75030926a7c4d557d9ab8ad5b8f56274ebd8f3896f89bff5fceffad89c8fee6fdfa95b83f400000002cc5dbc449b70f436afe52368a0e86740a8852f448123ce812224a641587d77eb2338f7179621f9921a852bc50434d342d988dc6275c19381e3c8b5bf141c053	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bf5749d3a275447873d564a46cb1936000000000200000000001066000000010000200000005959b26075af8d0cfa57e39706022f30f83c83c053b4229d9734954265476cc9000000000e800000000200002000000020c15b2205e4a6b9f358aeb5e77dd7106d5b49586a8df86cc8d966185f82309f10010000e40dd276a14dfb74cf2f92a5119bdc19725c02f7c499c71485b1e969177cfb120232002d90d4ad98316eaaa18e991f17df4dfc6161a83556a4dbd10ea454ce44bc48da55a8b10d5f4ebdb9414450f2ac331b761b594a93be9f265ac59e57354ef20cc5a1bce59a5a1669994e2550925f3635e3d2dcfcee67d68438936728fa4d90f8fa14b52c2b6b4116a7494880741ac3b9a21ac86c927e2d0f8b6de8ce974d825b8ed3496801176caa9bfb71888bcee3130b2fe40c0e82390753a80b3486fb174cb1fe44a706647b7f06639b1d68d70062128c47a3bdc46b52d33d94ce9d2c8fcfbf537f938e8b6cbe952be48b2be39863bc5c1b503af269f516e57298e3d8dcd7d753f6a1761fb1f016cbf56a0983400000008158c34227b9749365fa7b7fcab8683946ac363aef5aa8a8305689688ecaf61a47ad04f10e38ff2a819f155802f16e3b07d25fe44cb2d87dfb5370cd45b3ac87	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage\outlook.office.com\ = "43"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "143"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage\office.com\Total = "43"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "43"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage\outlook.office.com\ = "143"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bf5749d3a275447873d564a46cb19360000000002000000000010660000000100002000000045d59cb25560f13bce601eb197cc5c472bed351e850b00a19f209eb54c40f682000000000e8000000002000020000000e61a63902639d63de662edf43c7c218e115f8fb60a44141affd8220d4e8130b720000000a5c49fcf1818cf2a6139c84d7db57f2abeafb49ce64b8526646c43b8e8aacab64000000086a4a2644d83003c74e648558e507d7cf3eef281c636e76c0d4df2ca593d9de48d7012be47ad3fad448a84ffc89cd4fc3086f028bda4c7ceca8c8087d6bdf246	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage\office.com\Total = "143"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage\office.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c02ad6dd86c9d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "341920852"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\IntelliForms\Storage2	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{04AA4481-357A-11EC-AF6F-5601AAD39F1E} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bf5749d3a275447873d564a46cb193600000000020000000000106600000001000020000000c01f6dfe19c19494ccb54ccda78c1f5e187f6d51f0e6781a1256dc325bb4cef3000000000e8000000002000020000000f30cef60f16496917fee94e3d3417e53f4d48ccaa5a7192f7f577c4a0a641baf100100001cb9cd56594c98c70d8fe859e3ecf1fbd122b18dd0831ebdfddf4e3159ae630c9432d1f14f52f50c8cb5296e4112520013365a696f4f01661aa34ee3d58be02badc5186e3b0e3c79aad761a8636029f794c2dd74c8c4f995367ba87dc149203dfbe9fbe68b425e78882db5364603e915e51bbc84f8f57160ef53806621d8448fad59f80a7ef85b7b6dbc0d4308a558e68cc51161ce15bcf78c666cff68893db792a50727f5fdb2b01cec6d79bec4112a63ab38f3bd32c60aa6cc19def28c22683e74f17916a6addedf3b7d358a501cea852b32516af8759e389b0eda81a5169193d8b9298467e2b826b40fe30f737d980defec1ebbc87a0b8e16914f95cd77bf26ec3c680807e9c04f8eba51703f099a40000000a0d5935516c8e0686a260e13447518513981c063ec3f4fc48228c0bcb709b42ad00267879f1017c6778171c4df75328066a1c090157d98a005905e81e592b056	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bf5749d3a275447873d564a46cb193600000000020000000000106600000001000020000000703781c22ac88c6e4a7894083dcc223b6e51bdd68f05c181192c3f4d69f989fb000000000e80000000020000200000002aa6b278653e7c8cc11a24b225b64570e598f3641a1dddc5333c243bcf4dc54110010000003af51e0670d064b52036d79ba7f662c264e4cb042658798eb360a20077572cf93b03ac46cb801405f9cbc4c5ee743724e90ec24572a79ed736ea6a3373bd51df906bf72d21a75b269e75ae4b5b2f37755829e47e16582243f3521b519c4055a3be8e00e7dd086363c357a3674ebc99af050a22da162fa7d1ae6e299d7a45c7145956f8a4f82d6c8c4361dc6c1fa91207ac2251482a92e5dce7c13cb2f1466ffcdf71d71d99d9056b5be5b431becd61c483ff8f82711d0cd87adc9538cddb0d8121b709141dc7e1285ae0a77d600545034100f9406258019baada9143e8dc2aac51bd73a8f9045148aac486b0b5612d9611e38c56545d498d44b427ebd95f166e66652efb6d1fbe2140f0edca9e11bc4000000037857283692a6de09538d6acbc4e6735634c282222bf51cd5ce9785d043807492f292224491e094837312df7222acb1c498ad2caa78284196b5e38639fcf2e6f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bf5749d3a275447873d564a46cb193600000000020000000000106600000001000020000000a4648d03e61b75e58c87f59fa09639e1559a3bcf1626260d5710f913fa58845b000000000e80000000020000200000005ed992589cd9298795c801bd8634a41578571613f06086a8f2c416a6868795c41001000054676c8807e53f6a7bbb7d48d58ad38b2cacfcb93d31207d4a126273c0808cf6bb8165d000645b0bb2b97decb3e5b4dfcfeaaec3a6d9c9622c86144a0b63adde3be94ca9215742612af5be9ca01e7f327c0a9f0e473c928564a8bb26f585cf7f2424ed63a13d240728cf1850f7fb4689edf4e5c7753f61442f5919b1b2088fc4ce419e51f68b938fe9ccc44145492310febf1d8b6f137532561ae83d62710add15f04a2c6718fc2377c2420cd8500e629215765945f551dc9c90655d798890ab21c9ea32011941ac1dda94fbe7c37af5a0595e32b3bd747e99a7f5da174f02b5db86e27f875b0e968c403f403dfd9655090861a0efa8c015f917b45c3766875ff1fade96a330dcc1c5ec4bcaaf574fa140000000d6274af2e3124c71cd6def5a1539484d60d10d044edaadd1ca6f58184cd086a7cdf7e4d69cc104cf0de8eecdfb3c77e4e77a22413679566952a1221de61ba14e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bf5749d3a275447873d564a46cb193600000000020000000000106600000001000020000000ac777b2c1737110508d9ff7b1b28f9b7fad59ba87d13984a06f7ccc4b6b6aeea000000000e8000000002000020000000a8cca080f0a31dc27c271807d7b345b685e6da7cddebc447eb1bcfa6efafbc2d10010000c67e2b56ff75cbbd34ef3a6ad38f71375fdf60beca541879a662e1a4ad50635d88cbfa0b1eacbd83691ac75981e3c89b25b46950a3c64d3e6e55152db95e99007f9b576efc569d27e6f02a3ed52254e89a1bc841efab88f8724ee18d68f2b64f0805da4fb123fa97b9ed5045cbd4d25fe0b3b11b311873e681216be3563995438f996a31dab36bff2fc3adf806e83de6069a5b8337d29659fc08f4e13b62a2915d2c02f04773085269c7ceeb9f788726ffeea06845b83129b4d3f25b849e0bddc167688807eaa3058d67df703e1a64034618a896763782e2bc2c617d96def07213f7d4ab7933db9f0abbe9cfa68b4d19f99166b1b86c8021a929e2d4d177d7d597642025c69d1ce0ef6f9d0cf734e48a40000000c42520d715f13929a3682a46727b8eb645280cd5ab77aa03b0214c3cc74b37ac9d17ab711bcd0c06507e48d53dcea2723e3c3b9b71622d53f196dabb6da99c76	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\DOMStorage\outlook.office.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Internet Explorer\IntelliForms\Storage2\BEEE819D7EE49F472C26C6B9602E863A833D9824AD = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bf5749d3a275447873d564a46cb193600000000020000000000106600000001000020000000fdb4686361606717c3213178d3664e43b5a3c8d6ed5626c184b6b6bf896fd061000000000e8000000002000020000000040b78ab5cd37e3bd170af3346724c79332e2b90a94a1e5d9c610e801b2b3df280000000e4e5c26c01f22ca970a62ac8db49147e6dd53ac7512248b2c79f4d380df5a516c3038f5d7fb942e40dbd68d8beb5d172cdfe959ca9904bf882d6bf827bcbda5e35b72ce7990bb5cacbdc2645b5fed7f94d64127a49228a5ae5931a1383ee0544362434c05d83fcdaf1b7ccdc3572aa5dac2d6d25c3e77e7457400d0cdca3be7f400000009e51970bec219dc146a3ef779dda1b5336579be745b2e4032fc0792cdd96aeed5c5e7e12c37d9a2e5fe41cb1fffe91d428a7751f2156e4518971920a58176175	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

IEXPLORE.EXEiexplore.exe

pid process

1808 IEXPLORE.EXE
908 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

908 iexplore.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid process

908 iexplore.exe
908 iexplore.exe
1808 IEXPLORE.EXE
1808 IEXPLORE.EXE
1808 IEXPLORE.EXE
1808 IEXPLORE.EXE
852 IEXPLORE.EXE
852 IEXPLORE.EXE

pid	process
1808	IEXPLORE.EXE
908	iexplore.exe

pid	process
908	iexplore.exe

pid	process
908	iexplore.exe
908	iexplore.exe
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE
852	IEXPLORE.EXE
852	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 908 wrote to memory of 1808	908	iexplore.exe	IEXPLORE.EXE
PID 908 wrote to memory of 1808	908	iexplore.exe	IEXPLORE.EXE
PID 908 wrote to memory of 1808	908	iexplore.exe	IEXPLORE.EXE
PID 908 wrote to memory of 1808	908	iexplore.exe	IEXPLORE.EXE
PID 908 wrote to memory of 852	908	iexplore.exe	IEXPLORE.EXE
PID 908 wrote to memory of 852	908	iexplore.exe	IEXPLORE.EXE
PID 908 wrote to memory of 852	908	iexplore.exe	IEXPLORE.EXE
PID 908 wrote to memory of 852	908	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\centre-inffo_Doc#92543.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:908

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:908 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:908 CREDAT:1520696 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:852

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
MD5
284646d85b089a3aa695ce3000469c07

SHA1
6eb05bd724f558c0fff2413a87f63561089fc810

SHA256
7e66f7e55811c92318821913ee7ae04617492568b7ca60f83074d935efbfbb98

SHA512
72efbf5b941e2b2dd2fb6be2badfeca7ddf084eec2dc0ab22ce635099e65ea66a310634c54f4a523a3315daca64342145cc4c9481a3fcd05f541749f66a2a2bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
MD5
9f0b958581a57bf7154d71f0a8e9edb7

SHA1
948aa795cbbbbebfa10b772335a69444b964c63f

SHA256
0c2cf05d949c598f8db9047613fd45f9f1d4c1e9b367bc95e4e9c00ff66c9fa7

SHA512
73b98f6942e6f9afcaf0e4bd05e11650a4aaf5b8aefa3c7946fecdbcfc928eb9ca28403967f920d7b094e150dfebf2da897cb4a6b1581e1ac2f30c3c75dc388c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
28d2592e22f944fe53fb9c4d03dacc84

SHA1
446d4f691e4282cd1d67cf57a0ac44e48f99dfe1

SHA256
8d30edb9856696cd988b44c4af5f74457844e3783f43f59c1b2313b2834224f5

SHA512
ed52c408afe78665bedd69f2c72d6851a3612662d38b09e173a3f922f292ae5bfc829bf7aa6b2ba861c8f890d3a772d3c4738916709a80fb71feb9fb7974f2cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
bdd4ea5a52a4ebedfe07f356b5918361

SHA1
1c890fe16f928b609f61c747d693dc237230a4a3

SHA256
e0311f8aeb313844edd61d5e35efd916e6049b7f738a76f52942d2fad9088e60

SHA512
2c6cc54b494669c5c800c6a25fa619e59611b34aa6235b0d0cb8ab4547417858b1c9f9610b6d8fe80052416f56ac2484db143ddb1ea6638cec7eb77f66aa676c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\r32q9i9\imagestore.dat
MD5
3df572d0ed93c36847f1adbf9fa5fc37

SHA1
ebcc9a233534de6e9c2b7d88170310b2cc7c3a68

SHA256
1739e80694c0ab1f521fc84df675fd49191e97e09dd818579a5ea5167a4e8e3e

SHA512
d8699aa498ea7d9b01d3333d08aa9834347a000074a8d24878ab4390845bdb2405ca268f6ca4c936f50c82cde2fcd549e37ec18b1b398a62de4216e751628936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\r32q9i9\imagestore.dat
MD5
859eee254f874b2460bee636f6c1e2f9

SHA1
3cf89d30e62d9d47a957ad8f2f17a58420d3f21f

SHA256
28ba83229b990986fd5314e5f210b97e506e5d356bf41eb2a77d5ef7daaaf0e5

SHA512
98041eeb9bbfc784732c02d7145193ae090191694ecd6d3b40a48a01d31e45b7f30b3b21796b786ab9aef5e6182106e5a5c8d3cf92dea8208a3605c5e95a8695

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\60I5PO1K.txt
MD5
4057f68b7a8c368de0aad2e0ca5a8cd0

SHA1
33ffdc96905af13e592707b56ab7f670f505132a

SHA256
cc142d31bb67dc2465f4c5a4d3903c624ae45f230196ff37f8fb2a4e83723578

SHA512
d85d1c331086a661834b1bbb714f949c26b227ce528001d75e234f5970986d2efd37a6ed6ea1f49640d7cdb509d58552e34ab0e84d3c7db79979085c22fd7c6a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DNCKRKUY.txt
MD5
ed779a65143729d5f7a605b3c9653498

SHA1
f82600865e86bdaae54bed935ba9d78ee1878c8d

SHA256
4a6862744e057b1352babc84c8d3bd8270e2f94eff019da92127deacec5be8d6

SHA512
65f3ada8ada0cc0a600ae097d7ef4f8ba3eae1bb18636824a333864649eb5a48dfbb80ee58b129c61deca60e45b14f938a4b1862cb4133b43060aa9552a097ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Z5HZ2QGN.txt
MD5
4b1d8a99c30d20639db2d63e9ac1b077

SHA1
dac7278c888553cd7a67412d3199a663c28efb43

SHA256
72f95cd421ed9ea3c7edd9aa38e8636abcabb2ba318acfb099dd1b5b58ee36e2

SHA512
6b37b7392fcbe0178e7f213ea56270bc82c1c8a111aa77b8d64b9babe3007cb03774ec968cfc753f0d5d82f8a1f3beae77a1661f657c56677c076193d9d3b69d

Download Submit
memory/852-62-0x0000000000000000-mapping.dmp

Download
memory/1808-55-0x0000000000000000-mapping.dmp

Download