e404a4fef8a30815cdf6805f18c0022df2255d63e03bbce4da13ab9e0687fa13

General

Target

67db60f80efa8820633911b3ada48275.pdf
Size

141KB
MD5

67db60f80efa8820633911b3ada48275
SHA1

46ce8e54e5b8b558f99e6d9ee257f01d51be1f6a
SHA256

e404a4fef8a30815cdf6805f18c0022df2255d63e03bbce4da13ab9e0687fa13
SHA512

aee6fd90c68c3f43053802e7c332f062bfcdcd161484ce37e932188ff4783804d3916ce502fb5fa215d2ff3ad21e9f80577505aa106a21cd642b70fd2f4881bf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "359293166"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000962422cf799f2f46a7e75b376cef3c3c00000000020000000000106600000001000020000000be21eb7dd58adc2f1f00f41a474e8a739033c293773f3e3d49fa7054a91a4699000000000e8000000002000020000000eb71930a16d54739dbcdf4d32b9cda106e57e91524eb52d06ef91bb42e739083900000002b41bb4bf00a27ea7ed551da8224d47bbb9b103a2cca4ef611856ffee1909b40fbda1dd6d50c3022e189106e9e3147077226c8c5e2540359ff8b216ef6f058b30105ee43ef46d0eb881bdfdb7cea6ba317af092c5443ac57757dd61d3d0c96dc62abfb48cd3ca87d2e14b27078733fa3901955db98f09137bc2bcdc554045a60889118c235150367f50fffb84f0a7b20400000009bac1238b8ffd0777d78ef6585f86496d6c9ad047d547b2d1bef36755fac614e8e630dc0506b52487971ea3261978c86fa316b4db046f26d7b1172ab374373d2	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50f033f58667d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19A42771-D37A-11EC-B7F1-DEAEF166B17F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000962422cf799f2f46a7e75b376cef3c3c00000000020000000000106600000001000020000000a68183d59960b1942c4d483f37fa8d007eeeb2062cd9f073355962db23537410000000000e800000000200002000000000ecea642d2c37422122851289f5471453960bef3521facc7acec68c784ba76520000000a1f0e30c743041284ead47dc9e4f1b66325247492f390f93f8c6d849dfae8b3c400000002fb469de6c1aa51883b37a1614e503accde83b9e3e29a811ac3a19e05f56ed1e8b7c8dc13cc38f05dd55ebcda4938d1a02d051ed59fa373d6ae693867c9faa80	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1760 iexplore.exe

pid	process
1760	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

AcroRd32.exeiexplore.exeIEXPLORE.EXE

pid	process
1000	AcroRd32.exe
1000	AcroRd32.exe
1000	AcroRd32.exe
1000	AcroRd32.exe
1760	iexplore.exe
1760	iexplore.exe
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

AcroRd32.exeiexplore.exe

description	pid	process	target process
PID 1000 wrote to memory of 1760	1000	AcroRd32.exe	iexplore.exe
PID 1000 wrote to memory of 1760	1000	AcroRd32.exe	iexplore.exe
PID 1000 wrote to memory of 1760	1000	AcroRd32.exe	iexplore.exe
PID 1000 wrote to memory of 1760	1000	AcroRd32.exe	iexplore.exe
PID 1760 wrote to memory of 1728	1760	iexplore.exe	IEXPLORE.EXE
PID 1760 wrote to memory of 1728	1760	iexplore.exe	IEXPLORE.EXE
PID 1760 wrote to memory of 1728	1760	iexplore.exe	IEXPLORE.EXE
PID 1760 wrote to memory of 1728	1760	iexplore.exe	IEXPLORE.EXE

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\67db60f80efa8820633911b3ada48275.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1000

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/958234472795500567/974218477244137512/Quotation_for_Order.rar
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1728

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
bb13e3e4ddaf202e5e34864c23b9a6e5

SHA1
b89d6c6bb98fae2139db626fa857ddda8c6e7166

SHA256
01e9d03757fb0a90826f52a9c7e92ae71ab37232389191e1f3299b8c0c20ed81

SHA512
764b834b0b73ee90a9251d7e073b3a174024d3f320b845ec8ba6c72504380d5573557cb94e10e527152090caede6e29e1b2988886c336ae89234fc088b516933

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5SGRENSW.txt
Filesize
598B

MD5
ee5707874e5b2ff2e874d5fef7274465

SHA1
38825a6420e2b9ce34814629fcea099821026a48

SHA256
18ee22975772c29b2b699bbb3725ba4ea2c1759b7b06d9299c3f800eaca8ceac

SHA512
cbfd86dd2d7a15403a5ec62d812681cd72f8b060654e81236e8cef475f9f6bcadc78b86181839cb274180873f1abed68382a9d12b42de62793b70d8f20da64d8

Download Submit
memory/1000-54-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads