hxxps://pearlioncalcium[.]com/fha

General

Target

https://pearlioncalcium.com/fha

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 49 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d00000000020000000000106600000001000020000000064dc0f30fc75b8cac3012198e7aba85f171c9a161b077b5c4ebd64b8f0b4d60000000000e80000000020000200000001b0094dc739470a2cb2a69b349336044f8c85359346a207013a3c47ba72cabd52000000006edacf1da1ea333a3a8c50b5766cb6abf9c1491241532fa23823e5afa7f43bc40000000e842fe1f6640e301162be99b451ea30a2168426caf3ffde5705becb548f24351a3190d4b92de6f9e524c4fa22b5e1066a553bd3901c60fbe1945fca5c1a84d15	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d0000000002000000000010660000000100002000000095f5efc5cfb7b98ee7ae1598865b3026c3a5be192892acd091a7dde28a6dacf5000000000e80000000020000200000006f5709145755a3636f10e905305b1d75fc1db31e13f6acb273b62cc7eb8f3866c0010000e35030e8b88742567ce0752d574d0250ca98018ad8d5e13d3446a0c7c287e0c770575109d224fff133f434e579f22a950a52af8f2ffb76563887f78fc38894ebd129f23f89957aa2a5ba076c27ffbd53e1b48f790a5c95717e2d73dcc03e7f03f5f8c6eef5a8b48c63c5ab76de60cdc33e08d80b5d1435c4f045dcf49481541b3e16e8fd0eff2b52d4916f772bb9a65f15d3852013d5dd1b9be58cc8fc6fb592b831d1846223bdd59cc4364217a9e3ae8f6d8fe0058dfda053875fb32eca6d17e240a2bb9b32cdacd137d0f01c4da767d8ebddeaea3c8b41f599f554bdd085410623423a7a0a8d96ba6146ab3e89b74862ba13a5a69223b24e887a408a9510bf968115f9bc76c42f4a5207624fecb610333c1999b39f5a9f1618d3eb2aba7b571204c46633a075e41b44ff86c57c0f66aa92ff72f858bd40fa481478ca4ec5690487473886a9317b938d94286e034e6045acf193165038e6871dcb3d0c912b2179c046c352efb126331f27fda609b3f579cbb2e004ceb98e97b362e1679e1adf422380423288bc9929440927b13868953e98ebaf69ef405b81d4c4fa7742fcff38a1f4642e24d138b8521ab4a280ac43df528be5572c6dd59f79d0da5716fd1f400000007711fd142ceb3e3adbaf246c6d3050e48a7f448c903d223cd834ceea90a8ad23cc137adccb459f27b0df1259fca6557de6b66d639cde5c1d8660c4de98216b06	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "342812693"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d00000000020000000000106600000001000020000000f1a6493e8d1a4ffe2b1e37c4745d654af2ee600e1f28def5a215e138b2103aa4000000000e8000000002000020000000636e903881d6f8891f1b799c49f1a3be6d357bec218ccf2d4111215dcb3f28b0b000000058dacb82a75f9e8805560d333d9dae399fce96d423e47a95e837e874d00c3631e1203960c7840afa5d99bd10ac0065a9e22f760088cea0ed59662b8432924b556b995eb709b8df6da64a2ab4aab1fd9804186ce1e8b1eae179898ece8b0903fa804074af5de13702b303d05c740400d73c5944b23e0ccfae48b0274295e9ef9cbcadc444785025550a464c1aeceb094d31000c25be2d5bdfc560ce701bfb621da31765b09408fe9192f02f124822b3a3400000009dcf8ec1e93adf137ef5025fa90428e40b74328097ce9de2d2396d53b934e8027200feb91c4448e86c7844700d18aee0db4853688483d71cf08f5be31c792d5a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d02b03b67cd1d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\IntelliForms\AskUser = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d00000000020000000000106600000001000020000000c972c9873f9a0a5be66acc48850c06f6db6f795178a50a0be8f0034c3a429065000000000e800000000200002000000097cef6df687e706be4a4ab9be6bf9d54e4aca4e62a0a14ece149305c3cc157f220000000cf20b39fa5bd9ac2d27844859e1ae184fe48c3023bbae532d20da7bff6770ce84000000028fbb5953e105e9ac886adaa3ea58aef81e5186434441a9491e9df839b11b91b66ba11965d4b3db0ccff8555efee1b47b9f130f67042baa5013f441d621b37dd	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 503726bc7cd1d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a05c11b67cd1d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "342844684"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F62A8CAA-3FF7-11EC-AF2E-FA9A773D8A22} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d000000000200000000001066000000010000200000003846146cfca87d5b156751b9112697d854929d416144280450ca86453c693865000000000e8000000002000020000000a4dc7dd36e0c415d2191c12c2b30f80244e4e4f5001caed3e7b85977fd19b75ac0010000040db392d84df1d9a5f754ad107b68a23ea02e208b5293560208b1005ef8426d4d0fa017fab156cb5e56c045d613be103de1d41d7c53e967dcf225e4c255f40f21c3e53f80a54d6740503cac84b8c65fa6408c631c3c4b007c63618e3c12e009e3ed80da2215828e6770c50feeb14f07dc372a67912ebe577302fa6994538cb679af7a4053f5e12995c5ecf98c41b73ce6fa599fa1e3ace5278d1cecdecbc6a221c0bebbfeb4cfb64c47f9334291b6fbe4939d7a38e4e9d7d0a835b3bdc9dea2661cb819195418312150092db7d927d3bcaf16cac31ac3046d81067f6bdf76c52caec0622dc419e6491b58fb95d4958bbd7c1279a7b115a0e4e9db94aebfded509892e6c9787fa5ee0a449222967c5cef7189076a335b4c8658ab6a5912c28ad144d08b86748ca69c2eb8f6821e311bb0c2fe5f896a4026f1b8e2dd03c835b230132053db828c51fb4461a550bffe7ff954374237820cc32db4f3efef669726d7a06d8b20e5a030f10f1c7291ea72d7872684d5efa0a77249a7b66f64555f536999aed7a9a3ca65bde1f1094096048d3b2bed839eaf951784fa9488658570ce6095c08a85be10893ba50817a510b87123123242b336b1a3a04e237ca22d98c3640000000bc0acd6ed2627ddb87075dc8aea64007de102672a50163871aafab0a17f37d2b9cac034e6f6fc633977ae03eedfa85da44893afccdca0f9035dbc29d3b77cc09	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d000000000200000000001066000000010000200000003a896b75a376793030f7c1f0fc362a823975d262ff8573a9c9d9f9f1e4e4d221000000000e8000000002000020000000b3b7fec20aa395cfab7e9959f76277eda52dd1c68f9c45fcd32c8ba9c8ffcc7a20000000215e60e62846db01f0a1303b6df03eda329f9eafe1e0f4e9266f0127803a1a0b40000000bb141d4d7e093898803cfba20e88d5aeb5928559807eff19d49675dfd7e2786a6fd2a7d0e38f68950a1a753bd1c818f9f90fb3e750fd02b63212acb461bb6198	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "342796098"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d00000000020000000000106600000001000020000000288ebd27962d28f50cf40caa1ff646f84a33919428461f2dd0bb7ba9817aa2b2000000000e8000000002000020000000646e18ca691b726e5b225276350412428343045eea760c51bc1cd16db697adfec00100000822ec1d88dc082b02d0a390ba5eabc08b7990fd2067ce733b7268e875bbfb230a65f5fe58a3105f1c99e00844dc8f92e5dffb556fe32c2bae60a17d880a11b33893ee37215fd66c3571eee475513c9ff5120fa0d116a70cc2d43cf18802d5228b909b2d367824a103b1380ab9f60c48299a4420097c6e1733f83dfb80e257d0456bffba89b9e9ca2c1be5934870be8e3df61931d71849c59587f5283353ee0e26871e879ce6f6744af164303fd676cc49d7c0bb880683849807bc0273200cae71d821e658207ccbf928a3b7c1a6f63d78d6c5c87e4fffdca0df863e33ba360b431c3a2968bf9056f5b0b6d2dd798ddcb8a4161d185c6b0888180d77f89c401886930ef5dd72fd8fb5163ff673377d9c8227389b8ea630c819823fe7fa54decc829b7eadbd8507b072febe9abf86f12ad27f25f301c9ed8f5b968b1c4c2b13a9b4758b268f6e0e0be83bf4d1993e4427f9775b70921a923706a7588d12bc02cd59fced7b9eea62881b39e7568f7bfb6bab5154699eb63a54391fd916986b65d0da7d33cf0ec4894e7e6eaa48ac08dbc422148d2bc1069cc40c8466c597acbad76132789d14d1f2a4d3e4d38a3e0f3e67ff80618deb05c60e3916dee70ec4df1640000000f1e818e9c49318d9f9cd868359addc4773bf770bc6376909011f5e7cf7bfca524f425a9abe37b97b5a2e7977853cbf167f80acc03eefdc4ab81e719c4b4e7d69	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d0000000002000000000010660000000100002000000091147b603243d3e30a2c9c7a10e8a7a150194e28b35399cfcd0b4522b6fc1e85000000000e8000000002000020000000e30b16f677f132fab5f45167dfc3afef3e79765b2233324fb6c6368088ef6930c0010000fe54efc060f8d989ecc5c33721266035276dc54b979bea84067d38fba6ec88826b06c1d9dd3ecce0ad2955422c86ff12bae5b8e2d9616c0d6686f27cc4104901009afe9b72ed61ba43ae2fe203394c5df424a7bec56d0632d376eef19cd7b74994e18f579c356d8d235cf2803cf4a2adea7d9ac00304372eb21498ce331e5beefc11448361aacfcee4e8d5765a393b8b0727adb51222422fd31a05375cb61009b7b0fcd00cd2f073753f5147da9a9e64a4964375e0db5a84fbf58ce6d5c6748a6d2ccae7ae451d3b40c2abf3ceea74f96678799ad17618f0270c2780ae40119a6ee6219809eb8fc76b6a5243c0305eb17511734a1b9d556a694826e98238708e14e8e0abf68c710059472661d31c607dff4d40424548a4aaa2d095550a586f9e3852877c69705c78c6ce343ab3284f853b899634e7f5cbcd661679dbf896d1c09b7af8d0e5a3d4a982c5f6d4f15f9084236d5465f8a4a0640600c91610b364e5a31510caa14f1dcc1769a8ec9a950bb310951a33637c0fc93f35fa0c7ff315b645dc25ed5baf74b261259b171776cab00650edcef418607756417a1da0b2e151a4702c9c174ee9d1a0f5067ee3aba1af4069a341d18cacf8b406226676ca972d400000002fbf50403465dcadf76591bcb74fa39af4ea3a9f2be80eaabd64f2141e697adb2866c3768031bda61cf62ef17d84649b983a86a2fc7ee4a0133a70818bcfb0f9	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

4248 iexplore.exe

Suspicious use of SetWindowsHookEx 57 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid	process
4248	iexplore.exe
4248	iexplore.exe
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 4248 wrote to memory of 3080	4248	iexplore.exe	IEXPLORE.EXE
PID 4248 wrote to memory of 3080	4248	iexplore.exe	IEXPLORE.EXE
PID 4248 wrote to memory of 3080	4248	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://pearlioncalcium.com/fha
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4248

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4248 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3080

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
MD5
ac4a997ef76ee52ce69a9d3c61d5542d

SHA1
bea176dd996aa74557111e1edb1abc84b7f8e6c6

SHA256
fca314954018daa00baeb132f0809554a456d4ae508030482156ee101a819b7a

SHA512
6dfe75e4a8d2fd8111233ede23325e18ada61a715be8ec542baaf5cafd17b5d9765a79631cd579f5758f5f96a41f4f0764bb13db9ce13616b9968145ac7dd216

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
MD5
35957ed8dc1e57d37361a1d581c327ac

SHA1
0d5829391e02c72cb125f47afd6f1bc887f5e005

SHA256
997afca108448417975f1bfd19122acde81373c8f47f863553c049d454e219f0

SHA512
11e7bd702c04901e0411581b7facdf7e43876735708a94138cc38119bb933809bab495066b6db0e509e8be97ca0c7ec4abdbdc1ebff5da335a18d0c8d63dcc31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\K2HFX8RV.cookie
MD5
151c8a7790c7606f54f2db9a6a3ee72d

SHA1
ea76d822ce92f68021dc34ea443d7571b6136ca3

SHA256
07ce6302d1b36087a36bcf1b380ee1573d740baa2e18a3d07955ed2d1fa2aa75

SHA512
17d06f4f0dcde4d5aa3eeee5d42e41ea42f4bdfa67e7fe4954ef8c38ab9ea818bf17c90327f197e1560e45f0325901dff39bea2267520744eee4b9abc21a4875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\S709KLY4.cookie
MD5
70e586e9121743533c2841ab39b25551

SHA1
bbe200d8044cd4530fbb1f2ab9e1dacef146e534

SHA256
d6454a7b50e94412751f55695009c5b667929d4397e1bc53273b7b34270dc121

SHA512
a0a8b4d476606b6370c5974bac6771d721c62f8ecad1469b37ef7cb9a48050a76f19aac59c88653ceca1dfd8d87a3dd31e47ebbfbe2d76a1ba976b914bc4a3fa

Download Submit
memory/3080-140-0x0000000000000000-mapping.dmp

Download
memory/4248-142-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-149-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-123-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-124-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-125-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-127-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-129-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-128-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-131-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-132-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-134-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-135-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-136-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-137-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-138-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-121-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-141-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-115-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-144-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-145-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-147-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-122-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-150-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-151-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-155-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-156-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-157-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-163-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-164-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-165-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-166-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-167-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-168-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-169-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-173-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-175-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-179-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-178-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-120-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-119-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-117-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download
memory/4248-116-0x00007FF910010000-0x00007FF91007B000-memory.dmp

Filesize
428KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads