hxxps://storageapi[.]fleek[.]co/7ba78625-a994-4978-a151-65976a0cc1f1-bucket/c98374a29c91f6c905d90b3288c18d957a030aa/d0d03394eb6234cd09f14ea3d08f8a828224e8848940e/indesx[.]html#gerardweterman@nedal[.]com

General

Target

https://storageapi.fleek.co/7ba78625-a994-4978-a151-65976a0cc1f1-bucket/c98374a29c91f6c905d90b3288c18d957a030aa/d0d03394eb6234cd09f14ea3d08f8a828224e8848940e/indesx.html#gerardweterman@nedal.com

Score

5^/10

docusign phishing

Malware Config

Signatures

Detected potential entity reuse from brand docusign.
phishing docusign

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{379D07B7-9A09-11EC-82D0-FAFB7F96CC3A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cce5a29beacafa47833fc2d72883fdda00000000020000000000106600000001000020000000c36f3ccbd954886d941f032a36c8e82210500b2a5dcc441f3486e5405f643e70000000000e8000000002000020000000fcfe3de82a7a01ad088aa7864dfa59c7d0ce74c27ed9e6cef1a55e46fe34243620000000a67a98303139fc76fa01cd0853b2fac379c0b251c7869c4826c1de64137e4e89400000006396af9b0a143eadc1fd9aacdbd957d22f0b16ceaad7c25dd9c2949629bb92f9bffbc72daeea8d24f30788edf9624e2f4afdff3520243af2dbf08052be2a54b7	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cce5a29beacafa47833fc2d72883fdda000000000200000000001066000000010000200000003c67382970370309519daf56021846153b07b8bc95e4d476bcd2354ff1ce1ba2000000000e80000000020000200000006ed949f5d192feb83e7a78d9310f2fffd76a1a10ab5c173a60483c59f635cf8e20000000e7057b433d78e286f89b5a44f2bec8fff455cfc58fe62888f3a22768a68445a8400000000e81f87703ffd66c26927630af55cb9a0dee0f21e07165bb1beccc80b026653eb267f93dfdfeb0dce556ab56077bd3e64057233dc9ffc98a85db8937caa3a916	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30944790"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40570216162ed801	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "352977476"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cce5a29beacafa47833fc2d72883fdda000000000200000000001066000000010000200000005ec3f66dffcceb5d2138edc0e7ede15e7be9ee8a29c6589db1f6317a9fd0a76b000000000e800000000200002000000031ace441184b27ef7e5437f2ac488c59c2e06779d303eddb83798e990bec1d5220020000e283d18c6581b4f71e52a86f604dc01e3ed6b2a6717966153fecdd8d4f4b99b428291d944b83ac0b88e4272a69835d415afb9ed4b64e2d937914027db4f1349fd603e9d74d33a947672e2420825ff2a4e27b0e11bd0015d7b8e54161b29cc745a5855febdfcff64d9cb00eb728e8cd4bd4fccca718d1a436aa45ae982e01e6be1998b1cef3885d99b7a7e749ce42db7bf525907f67c40ca1b38f12454d258e370e27cb3ca38dc2509f4e0da1db4c237957e9e953d07b9a2fa99a94cd91be26d4e5989115ec77ddf22f8e333570091b1fb964c6a4bcdd0388fd37f299a2d21973116799bc01d7a5613970d44d3a9d3db9ff28c6b10174fc6a22853bb843933aa69338bc5c5ce084baeb92bfd6dd23e5a592ea74d71c299cc9a1f2e4db2627050a0741f1d2087b83f20c6a3ec6772eadd836b736fa7486acf7d2384d0fc071e4ce780ab4661b5579356b9819b1c24041ac4220b1c2b1c136e17407d89c079fbc725aab231b550870238ef3342204b27309aa44c71cac7d57b6ca8f9b7e74eb914cdba9ac6b3e276106c41c51e8435cc334de1b27afe1a855d6b1a6a7d6de2020ece0668ffb21c6b207f1238f8ebabe2fc4f5ef3da776d8075cbb7fb1223575c536fe926431052698391a45480fd71ea35b920861174942f8f438f7b8ff5d815e2a5862e7397db5abda3b6551e66db46768b7d69a1be63d29eb4159a40e46c8d72db5fb72c2d4828b14a9a94c89a48a8ae0f1b4bbf247b06fd4b60673fa2b02121940000000f99d4d91c04196fd033540a05ac53f09036539a090efec2941427e63acb68c6adab56ddf4d640c2c29f48e22629973ae39dc3a217fb5894feb85c1a716dcf339	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cce5a29beacafa47833fc2d72883fdda00000000020000000000106600000001000020000000fb3bbc54f33423ef0fe96a65ed33c93acd6df92e98aa7d2fbbbcb30e01a7a681000000000e800000000200002000000064073e72ff940ddceb1c54f01bcdcb0ed171f6844d11ecf5f929b2ff1a66a9c92000000003990e993998b1588dbd812ae67b701ca345356e5be42105d42560f515919ba340000000583c1360ed6aa62cd6c42af6d930b549ae5b830ac33e24a7bc8f478b7ef1e497bb2db9f3d50ce8f0dfa4fd13522789f36dc3c99d9c8138469466c5240e7c5e95	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40ade54f162ed801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30944790"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "305975255"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "207380935"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "207380935"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30944790"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cce5a29beacafa47833fc2d72883fdda00000000020000000000106600000001000020000000baac1d1c2fbdf79c747d32f32f968b4c322ec1548f734af8bfa9f3f9df384842000000000e8000000002000020000000b24dca733e1315378ec94fa82150d5a3aa8bb218616fd2f55ea784ea606238df20020000605674c2251f26dbe9cbbebe1ab0df54a562d4a304d7f030714317e6715bb26dcf8eb61474d84ccce57a8ee54117c32f98ebc37fe79526449947560ccb3c666af375e4c38d446eaae6f5f50e7adb9dd0af23f5c37b74b437a3e87e9424cb5e7a6c3d845d2b5e0570e2c3cd2da542f56a6d324bef04fabbd304cdf6a105907996ebf50fe7db9096887adc0d21e923478c4af679deec7441181c00806274673e9b2440296b9603ac72d26e4e0fdafe6fb98b86164ae57fd962c6be7587d379fe0b2990807a59cfebea5891fc7411244f2227720ab66dddc3b3edb6a774ea6b7a39f83ecf16a0c1d0d2fbac101a2ec6f6f3e6085e3667ef177e2352da66fe875b64d7aad96a1bb26f1fc5bf26e90ea04fa0fdbde9f7cf4c3308627787b19609c6989e53dce03500a09032cd5556a5507fc988577a2bba0fa354697ee06056c045010bd2c08575e09fb1504b11128a6326a109020ff08d25b310ea343b137e9aa748807804a64adef05b7b038e80810c64ec1ddae6d01731165f3669ee792ea92f7a8811bf3cb780e4143de39fd2313900f07b97c185f056c5ebe749132c2afc33bda8db159d42b642a0f0804082478738e0d7b38fe8b51a27920d88103ac364dac4e48e405cd407b3362e7178e1c8fe384a5be9c8f4fc7c1c21c114da45577ce91cd75bff187cf29a3c1d01d4fed97244135dc71b2968b5b0552b6986497ca41e0a50fbcfee152a70523e43d3a1aaff5987a9a1386c3d10f2db15e31aa02cf1e3c8400000002468b327d98b15bdcbde69571bbc65d45d892aeb9769665ebedf5251dc3aaedf4d8dc0d43c9305ddf03ce6f054d1d8a11faffe677230d7184a0c046f1b6e5d7c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70712017162ed801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

552 iexplore.exe

Suspicious use of SetWindowsHookEx 34 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid	process
552	iexplore.exe
552	iexplore.exe
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 552 wrote to memory of 3036	552	iexplore.exe	IEXPLORE.EXE
PID 552 wrote to memory of 3036	552	iexplore.exe	IEXPLORE.EXE
PID 552 wrote to memory of 3036	552	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://storageapi.fleek.co/7ba78625-a994-4978-a151-65976a0cc1f1-bucket/c98374a29c91f6c905d90b3288c18d957a030aa/d0d03394eb6234cd09f14ea3d08f8a828224e8848940e/indesx.html#gerardweterman@nedal.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:552

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:552 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3036

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
a13e3ecb06f9f507a52883d9717500c5

SHA1
ba81d4887b8880b4b3b8ec21572f21e7f0fd7aeb

SHA256
7ea354f2f234b9810fa6795fe8a1166fdab3c6e958a7f6facc46f6825b376d15

SHA512
60126379b678d1b2a250cbee1af954cff2844e92e0300df93dfed2483882277d794bf457719680368879bf05590d68df538d05138b786381e3be88318e5476cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
a21116b7507ed52041b37ae76825cb83

SHA1
b7083aa4d2e627c2b8d375aa12ca22d85a7c2d1f

SHA256
b7bbfdedbcdf5ad4b6e5280c0f185d5b11fbc8d082ff7d4856ac46e8c5147d29

SHA512
9ee8ed896147334b58cac252f1766fd17ebf820524aafac35a9cbf91c5e7ed251af7040555746b06a2a3b685e1de77ed126091d08ce4d5e73d049c1e55a39c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ipevxnl\imagestore.dat
MD5
0f4d608a685067b000fd939a5b557e8b

SHA1
d7ed3534824bb6ca0085700a3708063e9eaeafa6

SHA256
e2f71b9398553cef106ccdc00f4e2a8b0c72cdca9c3cc45744e1950a5471c505

SHA512
427508fe0e36f78449489e90a50d6c4e02ab9ecd9c7a1df3eb370b7be17b525772229323144983a6b29bda44d017ca69fe05d80f17392d54232a7ec96eef2180

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads